- Microsoft Azure (Virtual Machines/Compute)
- Remote Desktop
- Active Directory Domain Services
- PowerShell
- Windows Server 2022
- Windows 10 (21H2)
- Setup resources in Azure - Virtual Machines: Client-1 (Windows 10), DC-1 (Windows Server 2022)
- Ensure connectivity between Client-1 and DC-1
- Login to DC-1, install Active Directory Domain Services, and create two accounts (Admin and Normal User)
- Join Client-1 to the domain
- Configure Remote Desktop for Non-Administrative Users on Client-1
- Create a number of users and log into Client-1 with the newly created user's credentials
Create DC-1 (Windows Server VM) in Azure and allow it to create a Resource Group, Virtual Network, and Subnet. Create Client-1 (Windows 10) and select the Resource Group that was created with DC-1 to ensure they share the same permissions, policies, and network.
Navigate to DC-1's Network page and select "IP Configurations." Set DC-1's private IP address to be static.
Login to DC-1, open Windows Defender Firewall with Advanced Security, and enable ICMPv4 Echo Request. Once this is complete, login to Client-1 and ping DC-1 to verify connectivity between the two VMs.
Return to DC-1 and install Active Directory Domain Services.
Promote the server as a Domain Controller, set up a new forest (assign a domain name - Ex: gjamesIT.com) then restart DC-1 and login to DC-1 with the newly configured domain credentials (Ex: gjamesIT.com\DC-User).
Open Active Directory Users and Computers and create any Organizational Units needed as well as an Admin user.
Add the newly created Admin account to the Domain Admins group. Log out / close the connection to DC-1 and log back in under the Admin account.
Return to the Azure portal and navigate to Client-1's Networking section. Select Client-1's NIC and change its DNS settings to DC-1's private IP address.
Restart Client-1 in the Azure portal, return to Remote Desktop and login to Client-1 as the original local admin and join it to the domain. Client-1 will restart.
Verify that Client-1 successfully joined the domain by logging in with the Admin account created in DC-1. Check Client-1's DNS configuration by opening Command Prompt and entering "ipconfig /all".
Configure Remote Desktop for non-administrative users in System Settings on Client-1. In this example, we will allow all Domain Users access to Client-1.
Domain users can now be added into Active Directory. In this example, a PowerShell Script is used to generate random usernames and add them to the _EMPLOYEES group that was created Active Directory Users and Computers on DC-1.
To verify that Active Directory was configured correctly, login to Client-1 with one of the newly generated Domain User accounts.