In my first post on Windows Azure, I showed you how I setup site-to-site connectivity between my on-premises network and my Windows Azure network. In this post, I’ll show you how I got my Domain Controllers in my Windows Azure virtual network so that I can synchronize them with my on-premises Domain Controller.
I used the guide how to Install a Replica Active Directory Domain Controller in Windows Azure Virtual Networks but I think it missed a couple of steps, so let me share what else I had to do to make this work. The big thing that impacted me was that the instructions didn’t show me how to create the virtual machine in the virtual network I created in my first post. This is important. Creating a VM in your Windows Azure account does not give it access to your virtual network, which means your Windows Azure VMs cannot communicate with your on-premises VMs. They must be created in the virtual network.
I really like the instructions on how to Install a Replica Active Directory Domain Controller in Windows Azure Virtual Networks but again, I think it just missed a few items. Before Step 4 (Step 4: Install an additional domain controller in the CloudSite), please read my notes below on How to Install a VM in your Windows Azure Virtual Network.
To install a VM in your Virtual Network, you cannot use QUICK CREATE, you must choose FROM GALLERY so you can define all of the configuration details. Don’t worry, it’s only four screens and the first three are simple; the fourth screen has just a few details that you have to get right.
Start to create your Virtual Machine like you always do, but do not use QUICK CREATE, you must create your VM by choosing FROM GALLERY. There are a few more configuration screens to properly configure your VM this way, but it’s the only way to place your VM into your Virtual Network. Most of the configuration settings are straight forward, I’m just going to focus on a few of the options you must get right on Page 4. These settings are the ones that will make or break you with it comes to your Site-to-Site virtual connection.
The REGION/AFFINITY GROUP/VIRTUAL NETWORK option is where we actually place the VM in the Virtual Network we created. This is the one shot you have at getting this one right because you cannot move an existing VM into a Virtual Network. This can only be defined when the VM is created. If you miss this step, just delete your VM and create another one since you cannot easily “move” existing VMs into a Virtual Network. You can take an existing VM and put in your MY IMAGES gallery, then deploy it into the Virtual Network, but if your setting up a new VM, it’s probably a lot easier to delete the mistaken VM and create a new one.
The documentation is very good for all of your choices, but the above options are the ones we need to get right to make this work.
I have just a few more thoughts and then I will let you go back to the Install a Replica Active Directory Domain Controller in Windows Azure Virtual Networks guide to complete the setup.
Once I completed the Install a Replica Active Directory Domain Controller in Windows Azure Virtual Networks guide and added my additional Domain Controllers, all of the new DCs showed up in Active Directory Users and Computers. Here is a screen shot:
That’s all it took to get this working!
Until next time,