How to: How to setup testing Active Directory environment on Windows Azure

  • Article

If you have been working on Active Directory for some time, the first point you think about to setup up AD domain controller might be preserving a static IP address for your domain controller, and emphasize to your users that domain controller should not use dynamic IP address as best practice.

This is what I did when trying to setup my first domain controller on Windows Azure:

  • I created one VM from gallery. It worked fine.
  • I logged into VM and found the IP address is assigned by DHCP. It is not good, right? I manually changed the IP address to static. With a few minutes freezing, the connection came back.
  • I promoted the VM to domain controller. It worked perfectly.
  • VM is restarted to complete the configuration. Oops, I am not able to connect to the VM!!
  • Force shut it down from the portal and restart. It comes back, but the IP address changes to DHCP, again!

Besides of this problem, I noticed another one is that when I create multiple VMs, their assigned IP addresses are distributed in different subnets randomly, and they are not able to talk with each other! This is not what I want. I just need a quick, simple test environment. I must have missed something, so always study first, then go.

After researching, I indeed missed the key information: Windows Azure virtual machine does NOT support static IP address!

Here is the article you must read if you want to setup your Active Directory on Windows Azure, either for isolated testing environment, or inter-connected with your on-premise infrastructure.

 

Guidelines for Deploying Windows Server Active Directory on Windows Azure Virtual Machines

https://msdn.microsoft.com/en-us/library/windowsazure/jj156090.aspx

 

To be simple, the correct steps are:

1. Create one Virtual Network. Assign the "internal" IP scope for your virtual machines.

2. Create your virtual machine and deploy it into your "virtual network". Then it will receive one IP address falling into the scope you assigned.

3. Go ahead to promote your VM to domain controller, with the dynamic IP address "because the dynamic IP addresses of Windows Azure virtual machines that are attached to a Windows Azure Virtual Network persist for the lifetime of the virtual machine, the Windows Server Active Directory requirements for IP addressing are met (as are those for DNS if co-located with the DC)" and "when you use a dynamic address on Windows Azure, you are in effect using a static IP address because it is routable for the period of the lease, and the period of the lease is equal to the lifetime of the cloud service. The IP address will persist even through the Windows Azure service healing process".

4. Create more member servers and deploy to the same virtual network. Change the NIC configuration to set DNS server to your domain controller.

5. Now you can go ahead to join the member server to domain. All rest things are same as tradition operations.

One of the best things to build your test environment on Windows Azure is that it is automatically enabling you with Internet name resolution, and it is very important to build some real internet facing capabilities, like Email service. I will talk about tips about how to enable your test email service the ability to IN/OUT on Internet.

 

Enjoy it.