Install a new Active Directory forest on an Azure virtual network
This topic shows how to create a new Windows Server Active Directory environment on an Azure virtual network on a virtual machine (VM) on an Azure virtual network. In this case, the Azure virtual network is not connected to an on-premises network.
You might also be interested in these related topics:
Table of Contents
How does this differ from on-premises?
There is not much difference between installing a domain controller on Azure versus on-premises. The main differences are listed in the following table.
|To configure... ||On-premises ||Azure virtual network |
|IP address for the domain controller ||Assign static IP address on the network adapter properties ||Obtain IP address via DHCP and run the Set-AzureStaticVNetIP cmdlet to make it static |
|DNS client resolver ||Set Preferred and Alternate DNS server address on the network adapter properties of domain members ||Set DNS server address on the the virtual network properties |
|Active Directory database storage ||Optionally change the default storage location from C: ||You need to change default storage location from C: |
Step 1: Create an Azure virtual network
- Sign in to the Azure Management Portal.
Create a virtual network. Click Networks > Create a virtual network. Use the values in the following table to complete the wizard.
|On this wizard page… ||Specify these values |
|Virtual Network Details || |
Name: Enter a name for your virtual network
Region: Choose the closest region
Affinity Group: Create a new affinity group
Affinity Group Name: Enter a name for your affinity group
|DNS and VPN || |
Leave DNS server blank
Don't select either VPN option
|Virtual network address spaces || |
Subnet name: Enter a name for your subnet
Starting IP: 10.0.0.0
CIDR: /24 (256)
Step 2: Create a VM to run the domain controller and DNS server roles
- Click New > Compute > Virtual Machine > From Gallery.
Use the values in the following table to complete the wizard.
|On this wizard page… ||Specify these values |
|Operating system ||Select Windows Server 2012 R2 Datacenter |
|Virtual machine configuration || |
Release date: Today's date
Machine name: Specify a unique value
Size: Select any size
User name: Enter a name. This user account will be a member of the built-in Administrators group.
Password: Must be at least 8 characters, and include 3 of the following types of characters:
- an uppercase letter
- a lowercase letter
- a number
- a special character
|Cloud service || |
Cloud service: Create a new cloud service
Cloud service name: Accept default value
Region/AffinityGroup/VirtualNetwork: Select the virtual network you created
Virtual network subnet: Select the subnet you created.
Storage account: Use an automatically generated storage account
Availability set: None
Endpoints: Accept default values
|VM Agent ||Select Install the VM Agent |
The dynamic IP address that the VM is assigned by default is valid for the duration of the cloud service. But it will change if the VM is shut down. You can assign a static IP address by running the Set-AzureStaticVNetIP Azure PowerShell cmdlet so the IP address will persist if you ever do need to shut down the VM.
Attach an additional disk to the VM to store the Active Directory database, logs, and SYSVOL.
- Click the VM > Attach > Attach empty disk.
- Specify a size (for example, 10 GB) and accept all other default values.
Log on to the VM and format the additional disk.
- Click Connect to log on to the VM, click Open to create an RDP session, and click Connect again.
- Change the credentials to the new user name and password you specified.
- In Server Manager, click Tools > Computer Management.
- Click Disk Management and click Ok to initialize the new disk.
- Right-click the disk name and click New Simple Volume. Complete wizard to format the new drive.
Step 3: Install Windows Server Active Directory
Install AD DS by using the same routine that you use on-premises (that is, you can use the UI, an answer file, or Windows PowerShell). You need to provide Administrator credentials to install a new forest. To specify the location for the Active Directory database, logs, and SYSVOL, change the default storage location from the operating system drive to the additional data disk that you attached to the VM.
After the DC installation finishes, connect to the VM again and log on to the DC. Remember to specify domain credentials.
Step 4: Set the DNS server for the Azure virtual network
- Click Virtual Networks, double-click the virtual network you created and click Configure.
- Under DNS servers, type the name and the DIP of the DC and click Save.
- Select the VM and click Restart to trigger the VM to configure DNS resolver settings with the IP address of the new DNS server.
Step 5: Create VMs for domain members and join the domain
Create additional VMS to provision domain member computers. You can use the UI or Azure PowerShell. If you use the UI, just follow the same steps that you used to create the first VM. Then join the VMs to the domain just as you would on-premises. If you use Azure PowerShell, you can provision VMs and have them domain-joined when they first start, as in the following example. '
Set-AzureSubscription -SubscriptionName "Free Trial" -currentstorageaccountname 'constorageaccount'
Select-AzureSubscription -SubscriptionName "Free Trial"
#Deploy a new VM and join it to the domain
#Specify my DC's DNS IP (10.0.0.4)
$myDNS = New-AzureDNS -Name 'DC-1' -IPAddress '10.0.0.4'
# OS Image to Use
$image = 'a699494373c04fc0bc8f2bb1389d6106__Win2K8R2SP1-Datacenter-201310.01-en.us-127GB.vhd'
$service = 'ConApp1'
$AG = 'YourAffinityGroup'
$vnet = 'YourVirtualNetwork'
$pwd = 'P@ssw0rd'
$size = 'Small'
$vmname = 'ConApp1'
$MyVM3 = New-AzureVMConfig -name $vmname -InstanceSize $size -ImageName $image |
Add-AzureProvisioningConfig -AdminUserName 'PierreSettles' -WindowsDomain -Password $pwd -Domain 'Contoso' -DomainPassword 'P@ssw0rd' -DomainUserName 'PierreSettles' -JoinDomain 'contoso.com'|
Set-AzureSubnet -SubnetNames 'FrontEnd'
New-AzureVM -ServiceName $service -AffinityGroup $AG -VMs $MyVM3 -DnsSettings $myDNS -VNetName $vnet
If you rerun the script, you need to supply a unique value for $service. You can run Test-AzureName -Service service name, which returns if the name is already taken.