Step-by-Step: Adding a Windows Server 2012 Replica Domain Controller to Active Directory in the Cloud with Windows Azure

In this article, we’ll be continuing on in our “Early Experts” Cloud Quest lab scenario to add a Windows Server 2012 Replica Domain Controller ( DC ) to our cloud-based lab on the Windows Azure cloud platform.

NOTE: This Step-by-Step guide builds on the cloud-based lab configuration started in Step-by-Step: Building a Windows Server 2012 Active Directory Forest in the Cloud with Windows Azure.  Please be certain to complete this prior Step-by-Step guide before attempting the steps included in this article.

Windows Server Active Directory Lab Scenario

In this step-by-step guide, I’ll be working through the approach of adding a new Windows Server 2012 Replica Domain Controller to the Windows Server Active Directory Forest built in the prior Step-by-Step guide referenced above.  When complete, the cloud-based lab environment will resemble the below diagram with two Active Directory DCs.

 image
Lab Scenario: Active Directory DCs on Windows Azure

This lab scenario will serve also serve as the basis for future Step-by-Step guides, where we will be adding Member Servers to this same Virtual Network in the Windows Azure cloud.

Prerequisites

The following is required to complete this step-by-step guide:

Complete each Knowledge Quest at your own pace based on your schedule.  You’ll receive your very own “Early Experts” Certificate of Completion, suitable for printing, framing or sharing online with your social network!

WS2012EE-Apprentice-Sample
Windows Server 2012 “Early Experts” Certificate of Completion

Let’s Get Started!

In this Step-by-Step guide, you will learn how to:

  • Deploy a new Windows Server 2012 VM in Windows Azure
  • Configure a Windows Server Active Directory Replica Doman Controller in a Windows Azure VM
  • Configure an Availability Set in Windows Azure
  • Export / Import Lab Virtual Machines

Estimated Time to Complete: 60 minutes

Exercise 1: Deploy a New Windows Server 2012 VM in Windows Azure

In this exercise, you will provision a new Windows Azure VM to run a Windows Server 2012 on the Windows Azure Virtual Network provisioned in the prior guide: Step-by-Step: Building a Windows Server 2012 Active Directory Forest in the Cloud with Windows Azure.

  1. Sign in at the Windows Azure Management Portal with the logon credentials used when you signed up for your Free 90-Day Windows Azure Trial.
     
  2. Select Virtual Machines located on the side navigation panel on the Windows Azure Management Portal page.
     
  3. Click the +NEW button located on the bottom navigation bar and select Compute | Virtual Machines | From Gallery.
     
  4. In the Virtual Machine Operating System Selection list, select Windows Server 2012, December 2012 and click the Next button.
     
  5. On the Virtual Machine Configuration page, complete the fields as follows:
     
    - Virtual Machine Name: XXXlabad02
     
    - New Password and Confirm Password fields: Choose and confirm a new local Administrator password.
     
    - Size: Small (1 core, 1.75GB Memory)
     
    Click the Next button to continue.
     
    Note: It is suggested to use secure passwords for Administrator users and service accounts, as Windows Azure virtual machines could be accessible from the Internet knowing just their DNS.  You can also read this document on the Microsoft Security website that will help you select a secure password: https://www.microsoft.com/security/online-privacy/passwords-create.aspx.
     
  6. On the Virtual Machine Mode page, complete the fields as follows:
     
    - Connect to an Existing Virtual Machine: Selected
     
    - Virtual Machine name to Connect: XXXlabad01 
     
    - Storage Account: Select the Storage Account defined in the Getting Started steps from the Prerequisites section above.
       
    - Region/Affinity Group/Virtual Network: Select XXXlabnet01 – the Virtual Network defined in the prior Step-by-Step guide referenced above.
     
    - Virtual Network Subnets: Select Subnet-1 (10.0.0.0/23)
     
    Click the Next button to continue.
     
  7. On the Virtual Machine Options page, click the Checkmark button to begin provisioning the new virtual machine.
     
    As the new virtual machine is being provisioned, you will see the Status column on the Virtual Machines page of the Windows Azure Management Portal cycle through several values including Stopped, Stopped (Provisioning), and Running (Provisioning) .  When provisioning for this new Virtual Machine is completed, the Status column will display a value of Running and you may continue with the next exercise in this guide.
     
  8. After the new virtual machine has finished provisioning, click on the name ( XXXlabad02 ) of the new Virtual Machine displayed on the Virtual Machines page of the Windows Azure Management Portal to open the Virtual Machine Details Page for XXXlabad01.

Exercise 2: Configure a Windows Server 2012 Replica Domain Controller

In this exercise, you will install and configure a new Windows Server 2012 Replica Domain Controller on the VM deployed in Exercise 1.

  1. On the Virtual Machine Details Page for XXXlabad02, make note of the Internal IP Address displayed on this page.  This IP address should be listed as 10.0.0.5
     
    If a different internal IP address is displayed, the virtual machine configuration was not completed correctly.  In this case, click the DELETE button located on the bottom toolbar of the virtual machine details page for XXXlabad02, and go back to Exercise 1 to confirm that all steps were completed correctly.
     
  2. On the virtual machine details page for XXXlabad02, click the Attach button located on the bottom navigation toolbar and select Attach Empty Disk.  Complete the following fields on the Attach an empty disk to the virtual machine form:
     
    - Name: XXXlabad02-data01
     
    - Size: 10 GB
     
    - Host Cache Preference: None
     
    Click the Checkmark button to create and attach the a new virtual hard disk to virtual machine XXXlabad02.
     
  3. On the virtual machine details page for XXXlabad02, click the Connect button located on the bottom navigation toolbar and click the Open button to launch a Remote Desktop Connection to the console of this virtual machine. 
     
    Logon at the console of your virtual machine with the local Administrator credentials defined in Exercise 1 above.
     
    Wait for the Server Manager tool to launch before continuing with the next step.
     
  4. In the Server Manager window, format the disk attached in Step 2 above by launching the Computer Management tool from the Tools menu located on the top navigation bar.
     
    1. In the Computer Management window, click on Disk Management in the left navigation pane.
       
    2. When prompted with the Initialize Disk dialog box, click the OK button to continue.
       
    3. Right-click on the unallocated disk space on Disk 2 and select New Simple Volume… from the pop-up menu.
       
    4. In the New Simple Volume Wizard, click the Next button on each page to accept all default values. 
       
    5. Click the Finish button on the last page of the wizard to create a new F: volume.
       
    6. When the new volume has finished the formatting process, close the Computer Management window.
       
  5. In the Server Manager window, install Active Directory Domain Services by launching the Add Roles and Features wizard from the Manage menu located on the top navigation bar.
     
    1. In the Add Roles and Feature Wizard dialog box, click the Next button three times to advance to the list of Roles to install.
       
    2. In the list of roles, check the checkbox for the Active Directory Domain Services role.  When prompted to add additional features, click the Add Features button.
       
    3. Click the Next button until you advance to the Confirm installation selections page of the wizard.  Click the Install button to begin the installation process.
       
    4. When the installation of Active Directory Domain Services has completed, do not click the Close button.  Instead, click the link titled Promote this server to a domain controller.  
       
      This will launch the Active Directory Domain Services Configuration Wizard.
       
    5. In the Active Directory Domain Services Configuration Wizard dialog box, select the deployment operation for Add a domain controller to an existing domain.
       
    6. In the Domain: field, enter contoso.comas the name of the Active Directory domain.
       
    7. In the Supply the credentials to perform this operation: field, click the Change… button and supply CONTOSO\Administrator user credentials originally provisioned in the prior Step-by-Step guide referenced earlier in this article. Click the OK button to save these credentials.
       
      Click the Next button.
       
    8. On the Domain Controller Options page of the wizard, enter and confirm a recovery password in the Directory Services Restore Mode (DSRM) password fields.  Click the Next button.
       
    9. On the DNS Options page of the wizard, ignore the warning message and click the Next button to continue.
       
    10. On the Additional Options page of the wizard, accept the default values and click the Next button.
       
    11. On the Paths page of the wizard, change the Database folder, Log files folder and SYSVOL folder paths to begin with F: instead of C:.  
       
      Click the Next button.
       
    12. On the Review Options page, click the View Script button.  A PowerShell script snippet will be displayed in a Notepad window.  This snippet includes the cmdlets needed to Install a new Active Directory Replica Domain Controller via PowerShell with the options selected in the wizard.  Save this snippet to your Documents folder for future reference as a file named PSSnippet-Install-ADDC.ps1 and close the Notepad window.
       
    13. On the Review Options page, click the Next button.
       
    14. On the Prerequisites Check page, ignore the warnings displayed and click the Install button.  The warnings displayed are due to the dynamic IP addressing used within Windows Azure Virtual Networks and do not apply to this cloud environment.
       
      The Active Directory Domain Services configuration process will be begin for the new AD Domain Controller.
       
      When the Active Directory configuration process is complete, the server will automatically restart.

Exercise 3: Configure an Availability Set in Windows Azure

In this exercise, you will configure an Availability Set in Windows Azure and assign it to both domain controller virtual machines.  By using a common Availability Set name for both VMs, Windows Azure will automatically place these VMs on separate underlying infrastructure components to eliminate single points-of-failure and increase application service availability, in this case for the Active Directory and DNS services running on each domain controller.

  1. Sign in at the Windows Azure Management Portal with the logon credentials used when you signed up for your Free 90-Day Windows Azure Trial.
     
  2. Click Virtual Machines in the left navigation pane on the Windows Azure Management Portal page.
     
  3. Configure a New Availability Set for VM XXXlabad01.
     
    1. On the Virtual Machines page, click on the name of virtual machine XXXlabad01 to navigate to the Virtual Machine Details page.
       
    2. On the Virtual Machine Details page for XXXlabad01, click on Configure on the top navigation bar to navigate to the virtual machine Configure page.
       
    3. On the Configure page, select Create availability set from the drop-down list located in the Availability Set field.  Enter XXXlabad in the text box that appears to the right of this drop-down list.
       
    4. On the Configure page, click the Save button located on the bottom toolbar to save this configuration change.
       
    5. When prompted, click the Yes button to accept this configuration change.  Note that the virtual machine may be restarted when assigning it to an Availability Set.
       
    6. Wait for this configuration update to complete before continuing to the next step.
       
  4. Configure the Same Availability Set for VM XXXlabad02.
     
    1. On the Virtual Machines page, click on the name of virtual machine XXXlabad02 to navigate to the Virtual Machine Details page.
       
    2. On the Virtual Machine Details page for XXXlabad02, click on Configure on the top navigation bar to navigate to the virtual machine Configure page.
       
    3. On the Configure page, select XXXlabad from the drop-down list located in the Availability Set field. 
       
    4. On the Configure page, click the Save button located on the bottom toolbar to save this configuration change.
       
    5. When prompted, click the Yes button to accept this configuration change.  Note that the virtual machines may be restarted when assigning a VM to an Availability Set.
       
    6. Wait for this configuration update to complete before continuing to the next exercise.

Exercise 4: Export / Import Lab Virtual Machines

Our Windows Server 2012 cloud-based lab is now functional, but if you’re like me, you may not be using this lab VM 24x7 around-the-clock.  As long as a virtual machine is provisioned, it will continue to accumulate compute hours against your Free 90-Day Windows Azure Trial account regardless of virtual machine state – even in a shutdown state!

To save our compute hours for productive study time, we can leverage the Windows Azure PowerShell module to automate export and import tasks to de-provision our virtual machines when not in use and re-provision our virtual machines when needed again.

In this exercise, we’ll step through using Windows PowerShell to automate:

  • De-provisioning lab virtual machines when not in use
  • Re-provisioning lab virtual machines when needed again.

Once you’ve configured the PowerShell snippets below, you’ll be able to spin up your cloud-based lab environment when needed in just a few minutes!

Note: Prior to beginning this exercise, please ensure that you’ve downloaded, installed and configured the Windows Azure PowerShell module as outlined in the Getting Started article listed in the Prerequisite section of this step-by-step guide.  For a step-by-step walkthrough of configuring PowerShell support for Azure, see Setting Up Management by Brian Lewis, one of my peer IT Pro Technical Evangelists.

  1. De-provision the lab. Use the Stop-AzureVM and Export-AzureVM cmdlets in the PowerShell snippet below to shutdown and export lab VMs when they are not being used.   
     
    NOTE: Prior to running this snippet, be sure to edit the first line to reflect the names of each of your VMs and confirm that the $ExportPath folder location exists.

    $myVMs = @("XXXlabad02","XXXlabad01")

    $myCloudSvc = "XXXlabad01"

    Foreach ( $myVM in $myVMs ) {

    Stop-AzureVM -ServiceName $myCloudSvc -Name $myVM

    $ExportPath = "C:\ExportVMs\ExportAzureVM-$myVM.xml"

    Export-AzureVM -ServiceName $myCloudSvc -name $myVM -Path $ExportPath

    }
     
    After you've verified that all Export files were created in the folder location specified by $ExportPath, you can then de-provision your VMs with the following PowerShell snippet:
     
    $myVMs = @("XXXlabad02","XXXlabad01")

    $myCloudSvc = "XXXlabad01"

    Foreach ( $myVM in $myVMs ) {

    Remove-AzureVM -ServiceName $myCloudSvc -name $myVM

    }
     

  2. Re-provision the lab. Use the Import-AzureVM and Start-AzureVM cmdlets in the PowerShell snippet below to import and start lab VMs when needed again.     
     
    $myVNet = "XXXlabnet01"

    $myVM1 = "XXXlabad01"

    $myVM2 = "XXXlabad02"

    $myCloudSvc = "XXXlabad01"

    $myStorageAccount = "XXXlabstor01"

    Get-AzureSubscription | Set-AzureSubscription -CurrentStorageAccount $myStorageAccount

    # Import $myVM1

    $ExportPath = "C:\ExportVMs\ExportAzureVM-$myVM1.xml"

    Import-AzureVM -Path $ExportPath | New-AzureVM -ServiceName $myCloudSvc -VNetName $myVNet

    Start-AzureVM -ServiceName $myCloudSvc -name $myVM1

    # Import $myVM2

    $ExportPath = "C:\ExportVMs\ExportAzureVM-$myVM2.xml"

    Import-AzureVM -Path $ExportPath | New-AzureVM -ServiceName $myCloudSvc

    Start-AzureVM -ServiceName $myCloudSvc -name $myVM2 

Completed! What’s Next?

The installation and configuration of a new Windows Server 2012 Active Directory Forest running on Windows Azure is now complete.  To continue your learning about Windows Server 2012, explore these other great resources:

  • Join the Windows Server 2012 “Early Experts” Challenge study group to learn more about Windows Server 2012! and prepare for MCSA Certification!
     
  • Learn more about Windows Azure Virtual Machines and Virtual Networks with this FREE Online Training!
     
  • Complete the other Hands-On Labs in the "Early Experts" Cloud Quest to request your certificate of completion ... Become our next "Early Expert"!

How are you using Windows Azure Virtual Machines and Virtual Networks?

Do you have an interesting or unique scenario that you are evaluating on the Windows Azure cloud platform?  Feel free to leave your comments, feedback and ideas below to share across our IT Pro community!

Comments

  • Anonymous
    January 01, 2003
    Hi Arif, You can run Import-Module Azure to import the Azure PowerShell module after installing it.  If you're using the PowerShell 3.0 ISE, it will auto-import new installed modules as needed. Hope this helps! Keith

  • Anonymous
    January 01, 2003
    Thanks Janaka! I've made this correction in the article above.

  • Anonymous
    January 01, 2003
    Hi there, When connecting a new VM to an existing VM, the new VM will automatically inherit the Region/Virtual Network/Affinity Group setting from the existing VM to which it is being connected.  If you're not seeing XXXlabnet01 populated in this field, check the configuration of the XXXlabad01 VM ... it sounds like the 01 VM is not connected to XXXlabnet01. Hope this helps! Keith Hope

  • Anonymous
    January 01, 2003
    It should be corrected as below in the first snippet. Export-AzureVM -ServiceName $myCloudSvc -name $myVM -Path $ExportPath  

  • Anonymous
    January 01, 2003
    When I do: - Virtual Machine name to Connect:. I don't get the option to select Affinity group, it is grayed out.  Please help.

  • Anonymous
    January 01, 2003
    I love these Step-by-Step posts. I don't have my act together on Linkedin just yet so may I please bother you here if you don't mind? I need to know how to configure ISE to use with Azure PowerShell?  The ISE currently launches the standard powershell on my machine. I'd want the ISE to launch Azure powershell (I did the basic search and not getting much help).