Share via

Windows Server 2019 : Configure Active Directory Domain Services and Set it as DNS within Azure Virtual Network

  • Article

Virtual Network Configuration

Azure Virtual Network is a logical representation of your network within the cloud. Using the Virtual Network we can assign specific IPs to the VM and also configure DNS settings. Virtual Network holds together VMs created within it enabling cross VM connections. It also isolates the VM group from other networks. So the first is to create a Virtual Network. Let’s head to the Azure Portal where we can manage our account.

Create an Azure Virtual Network

In the left pane, select the Virtual Networks tab. Since there are currently no active Virtual Networks, let’s create a new one. You can either click on ‘Create Virtual Network’ or on the Add button.

Once you click on ‘Add’, below dialog opens up.  

Specify the below values

Name

Enter Azure-SharePoint2019VirtualNetwork.

Address space

Enter 10.1.0.0/16.

Subscription

Select your subscription.

Resource group

Select Create new, enter AzureSP2019, then select OK.

Location

Select South East Asia

Subnet - Name

Enter Azure-SharePoint2019VirtualSubnet

Subnet - Address range

Enter 10.1.0.0/24.

Click on the Create button to perform the entry validation, if successful it will start the Virtual Network Deployment.

If we head over to the Virtual Networks section by clicking on “Go to resource”, we can see the newly created Virtual Network.

 

Active Directory Configuration

Once the Virtual network is created, let’s create the Virtual Machines and configure them one by one. First, we will create a Windows Server VM and promote it to the Active Directory Domain Controller Role.

Create AD VM

From the Virtual Machines Tab in the left pane, Click on ‘Create Virtual Machine’ or click on the ‘Add’ button.

Add the values for the below fields using which the VM would be provisioned

We will be using Windows Server 2019 Data Center as the OS with a Dual Core Processor and 4 GB memory.

Specify the user name and password for the account which will act as the Administrator for the created VM. I have added the user name as ‘AzureADAdmin’. Ensure that you note down the credentials. This will be frequently used when we have to add other VMs to the domain. ‘AzureADAdmin’ will essentially act as the Domain Administrator for the entire farm. We can add other users to this role by adding them to the group ‘Domain Administrators’ in the VM: VM01-AzureAD.

Ensure that we have selected the recently created Virtual Network, so that the VM will be provisioned within the Virtual Network. Once the values are validated, Click on Create to start the VM Provisioning.

Thus the VM has been provisioned and deployed to the resource group.

  

Now, if you click on Go to resource it will take you to the Virtual Machines page where we can see the recently created VM.

Ensure that the RDP port is opened, we can do that by checking the inbound port rules in the networking tab.

In case the RDP port is not opened, we won´t be able to connect to the VM.So as to add the RDP port rule, click on Add inbound button.

Specify the Destination Port range as 3389 which indicates the RDP port and retain the remaining values as shown above. Thus we have added the inbound rule. We don’t have to add the inbound rule, if we have already configured this at the VM creation time.

Assign Static IP to the AD VM

 

Now before doing the remote connection to the VM, we will assign a static IP to it. Click on Network Interface:vm01-Azuread361

Select IP Configurations tab.

By default, a dynamic IP is assigned to the VM. Click on the current IP.

Toggle Dynamic to Static .

 

Assign a new Static IP of 10.1.0.20 to the VM and click on Save.

Now we can see that the new Static IP is assigned to the VM.

Provision Active Directory Domain Services

Now let’s connect to the VM by clicking on the ‘Connect’ button available at the bottom tab. We have to log in to the VM and Configure the AD services.

 

When connecting to the remote desktop, user authentication will be checked. Make sure to use the ‘AzureAdAdmin’ account credential which was specified during the time of VM creation.

When logging into the VM, which will act as the Active Directory Domain Controller, we can see that, at present, only 1 Role is assigned to the server. As we proceed we will add 2 more roles to the server.

  • Active Directory Domain Service and
  • Active Directory Domain Controller.

Let’s configure the first role – Active Directory Domain Service.

As the server starts up, Server Manager will be invoked and will be running by default. Click on ‘Add roles and features’ option in the Server Manager.

This will pop up the ‘Add Roles and Features Wizard’. Click on ‘Next’.

Select Roles-based or feature-based installation radio button and click on ‘Next’.

By default ‘Select a server from the server pool’ will be selected and the current VM will be highlighted. Click on ‘Next’.

Now we have to add the server role. Select the ‘Active Directory Domain Services’ check box. It will open up a pop up that contains the features that are required for Active Directory Domain Services. Click on ‘Add Features’ button.Thus the Active Directory Domain Services role will be checked. Click on ‘Next’.

Thus we have come to the penultimate page that lists out the roles that will be added to the server. After confirmation, click on ‘Install’.

Installation of Active Directory Domain Services has started in the VM: VM01-AzureAD.After some time the installation will reach completion. Click on Close button.

Thus we have completed the creation of Active Directory Domain Services.

Promote VM to Domain Controller

Now let’s head back to the server manager. In the right top corner a Yellow Warning Notification has come up. Click on it. It states that Configuration is required for Active Directory Domain Services at VM01-AzureAD. Click on ‘Promote this server to domain controller’. This will initiate the process of promoting the server to the domain controller role.

When we provisioned the server, there was only 1 Role within the server. After the installation of Active Directory Services it has become 2. Now let’s add one more role: Active Directory Domain Controller. This will be added as we configure Active Directory Domain Services.

The Active Directory Domain Services configuration wizard has popped up. Select ‘Add a new forest’ radio button and add the root domain name. This will act as the domain name for the entire VMs within the virtual network. Chose a fully qualified domain name. Click on Next.

In this page add the Directory services restore mode password and keep it safe by noting it down. Directory Services Restore Mode (DSRM) is a safe mode boot option for Windows Server domain controllers. DSRM allows an administrator to repair or recover an Active Directory database. Click on Next.

Proceed to the next page by clicking on Next.

Specify the NetBIOS domain name. When a new domain is created during the Active Directory installation procedure, the system provides a default NetBIOS domain name that matches the leftmost label in the DNS. In our case, the system has created a NetBIOS Domain Name from AzureAD.Contoso.Com as “AZUREAD”. Make a note of this as it can be used instead of the fully qualified domain name of AzureAD.Contoso.com. Moreover in some situations like configuring Service Applications, when specifying managed accounts we will have to use ‘NetBIOSDomainName\ManagedUserName’ as the user name format.

Add the location for the database and log files or retain the default value. Click on Next. This page gives the option to review the configuration for one final time before the installation.

The prerequisites are checked before the installation starts. Once the prerequisite check is passed we can click on install.

Thus the installation is completed and the server has been successfully configured as domain controller.

Add DNS entry in Virtual Network

The system will be automatically restarted to enforce the updates. Now let’s add a DNS entry in the virtual networks page. Click on the Virtual Network we had created earlier and head over to DNS Servers section

In the configuration page, we have the option to add the corresponding IP of the VM where we have configured the Active Directory Domain Service. Click on Save.

Summary

Thus we have set up the Active Directory Domain Services in the Windows Server and assigned it as the DNS server within the virtual network.