Azure, Microsoft

Infrastructure as Code – Deploy Active Directory in Azure

Summary

AD DS can run on an Azure virtual machine (VM) in the same way it runs in many on-premises instances. This article walks you through deploying a new AD DS Forest, on two new domain controllers, in an Azure availability set using the Azure portal and Azure CLI. Many customers find this guidance helpful when creating a lab or preparing to deploy domain controllers in Azure.

Plan

Prerequisite

Infrastructure as Code – Deploy Bastion in Azure

Deploy

Connect to AZDC01 via Bastion to run following PowerShell code:

# Initialize and create new Simple Volume for Msft Virtual Disk on AZDC01
Get-Disk | Where-Object PartitionStyle –Eq 'RAW' | Initialize-Disk –PartitionStyle MBR -PassThru | New-Partition -UseMaximumSize -DriveLetter F | Format-Volume

# Set DNS on AZDC01
$Interface = (Get-NetIPAddress -IPAddress 10.10.10.11).InterfaceIndex
Set-DnsClientServerAddress -InterfaceIndex $Interface -ServerAddresses ("10.10.10.11","8.8.8.8")

# Install AD DS and AD DNS on AZDC1
Install-WindowsFeature -Name AD-Domain-Services –IncludeManagementTools

# Promote AZDC01 to a Domain Controller
Install-ADDSForest `
-CreateDnsDelegation:$false `
-DatabasePath “F:\Windows\NTDS” `
-DomainMode “WinThreshold” `
-DomainName “derrickpark.com” `
-DomainNetbiosName “DERRICKPARK” `
-ForestMode “WinThreshold” `
-InstallDns:$true `
-LogPath “F:\Windows\NTDS” `
-NoRebootOnCompletion:$false `
-SysvolPath “F:\Windows\SYSVOL” `
-Force:$true

# Create a new Active Directory Site
New-ADReplicationSite -Name “Azure” -Description “Azure”

# Assign Azure VNet Subnets to the Azure site 
New-ADReplicationSubnet -Name “10.10.10.0/24” -Site “Azure”

# Move AZDC01 to Azure site
Move-ADDirectoryServer -Identity AZDC01 -Site Azure

# Configure DNS Reverse Lookup #
Add-DnsServerPrimaryZone -DynamicUpdate Secure -NetworkId ‘10.10.10.0/24’ -ReplicationScope Domain

Connect to AZDC02 via Bastion to run following PowerShell code:

# Initialize and create new Simple Volume for Msft Virtual Disk on AZDC02
Get-Disk | Where-Object PartitionStyle –Eq 'RAW' | Initialize-Disk –PartitionStyle MBR -PassThru | New-Partition -UseMaximumSize -DriveLetter F | Format-Volume

# Set DNS on AZDC02
$Interface = (Get-NetIPAddress -IPAddress 10.10.10.12).InterfaceIndex
Set-DnsClientServerAddress -InterfaceIndex $Interface -ServerAddresses ("10.10.10.11","8.8.8.8")

# Install AD DS and AD DNS on AZDC2
Add-WindowsFeature AD-Domain-Services, DNS

# Promote AZDC02 to a Domain Controller
Import-Module ADDSDeployment
Install-ADDSDomainController `
-NoGlobalCatalog:$false `
-CreateDnsDelegation:$false `
-Credential (Get-Credential) `
-CriticalReplicationOnly:$false `
-DatabasePath “F:\Windows\NTDS” `
-DomainName “derrickpark.com” `
-InstallDns:$true `
-LogPath “F:\Windows\NTDS” `
-NoRebootOnCompletion:$false `
-ReplicationSourceDC “AZDC01.derrickpark.com” `
-SiteName “Azure” `
-SysvolPath “F:\Windows\SYSVOL” `
-Force:$true

# Install AD Management Tool
Add-WindowsFeature RSAT-ADDS-Tools

Run

Sources:

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/virtual-dc/adds-on-azure-vm

https://social.technet.microsoft.com/wiki/contents/articles/52765.windows-server-2019-step-by-step-setup-active-directory-environment-using-powershell.aspx

https://mikefrobbins.com/2018/11/29/use-powershell-to-create-a-new-active-directory-forest-on-windows-2019-server-core-installation-no-gui/

PowerShell – Deploying Active Directory

Leave a Reply

Your email address will not be published. Required fields are marked *

Close Bitnami banner
Bitnami