How to setup AD on Azure VM for other VMs

clip_image001

In this post, I will walk you through setting up AD on Azure VM for other VM to access RDP via AD.

Let’s begin by creating two VMs, one is for AD server and other is app1.

 

1. Create virtual machine for AD on the ARM and add AD in the VM as illustrated below :
clip_image002

<<– created VM for AD server

 

After creating new VM for AD, access to the server via RDP then click ‘Add roles and features’ to install AD server
clip_image004

clip_image006

clip_image008

Click the checkbox for ‘Active Directory Domain Services’ and click Add Features in the dialog displayed.

clip_image010

clip_image012

clip_image014

The installation for AD will begin.

clip_image016

clip_image018

After the installation completes, you will see exclamation icon indicating further actions as shown below. 
If you click on the icon, the dropdown box will display the further action messages. Click the ‘Promote this server to a domain controller’

clip_image020

If that, you can see below new popup window to configure AD.

clip_image022

We should select the ‘Add a new forest’ button to new create AD then type your domain name which I had typed ‘contoso.com’ for my test.

clip_image024

Click on the ‘next’ button after typing the domain name.
When the Directory Service Recovery Mode pane is shown, type the password of the DSRM.

clip_image026

Type your password for a DSRM.

clip_image028

Type the NetBIOS domain name.

clip_image030

For this tutorial the default AD DS database directories will be used as illustrated below

clip_image032

All the configuration is shown for review in the review window

clip_image034

AD DS configuration wizard will verify all required prerequisites.

clip_image036

The following dialog displays if all the required prerequisites check are met.

clip_image038

AD DS configuration wizard will start installation.

clip_image040

The VM will be rebooted after the installation is completed and can be accessed via RDP. This is as illustrated below :

clip_image041

The screenshot below shows after the reboot and AD is ready for use.

clip_image043

Now, let’s create new user to test. Press right mouse button on the AD DS like below then press ‘Active Directory Users and Computers’

clip_image045

After press the option, you can see new popup window and right mouse button on the Users directory then move ‘New’ -> ‘User’

clip_image047

In the new window is type user information.

clip_image048

The confirmation dialog will be shown to confirm the user creation as displayed below.

clip_image050

After created the new user, this user will be only added to the ‘Domain Users’ group by default.
If the user is not added to the ‘Domain Admins’ group, you will have an error as shown below when adding a VM domain user privileges.
If you don’t want to add the user into the Domain Admins group, you can do it but you need to other process for the user to access RDP via domain service. This is skipped at this moment.

clip_image051

The tutorial has covered creating new VM for AD and installed the AD DS features.
Next task is to create new VM for access to VM via AD. Before creating new VM, let’s move to define DNS for the virtual network
which included the both of the VMs. The virtual network has two subnets which one is the ‘adnet’ for the AD DS and other is the ‘appnet’ for the app1 server.
The AD server will be DNS for the virtual network so I moved azure portal -> virtual network -> DNS then changed to the custom DNS like below.

clip_image053

After configuring DNS for the virtual network, create new VM for testing and I will skip to create VM steps.
My test VM name is ‘app1’ and let’s start to see how to access to the VM via AD now.

Here is app1’s information before joining to domain service,
the workgroup is default(WORKGOUP) and full computer name is just app1.

clip_image055

Let’s move to join AD DS. Open your file explorer(1) -> This PC(1) -> click right button of mouse on it(1) -> Properties(1)
then press the ‘Change settings’(2) in the computer name, domain, and workgroup settings tap.
Click the ‘Change’ button(3) then you can see the popup window(4). Type the domain name in the text box then click ‘OK’(4)

clip_image057

The Windows Security dialog will be shown requesting for AD Administrator username and password.
Provide the username and password to complete the request. If the created new user is administrator, you can use the user.

clip_image059

The following dialog will be shown if the VM is joined to the Domain successfully.

clip_image061

Click the ‘OK’ button and the VM will be rebooted to apply the new changes.

clip_image063

clip_image065

After rebooting the VM, provide the username with the domain suffix to login.

clip_image066

Then open file explorer to verify then move ‘This PC’ -> properties then you can see the changed information which joined your domain like below.

clip_image068

This is how AD DS can be configured and a VM can be added to the newly created domain.

Leave a Reply