To setup Active Directory domain services in Azure, use our automated deployment solution that fully sets up Active Directory IaaS running on VMs in Azure. Allows you to run onprem AD in Azure.
Active Directory Domain running on Azure VMs Solution Template Features
Choose to have between 2 to 50 DC VMs
Choose the name for the Domain, DCs, network objects & domain admin credentials
Choose the VM size for all DCs
Choose to deploy on Windows Server 2016 or 2019 for the OS Version
DNS is fully configured and updates the Azure vNet DNS server addresses
Provide group policies to your servers in Azure and on prem
Provide AD authentication services to your applications in Azure and any new VM deployments
Provide DNS name resolution to your servers and applications in Azure
Provide hybrid Active Directory for both Azure and onprem environments.
Deploy Active Directory Domain IaaS in Azure
Setup Active Directory in Azure Video Tutorial
Table of Contents
Setup Active Directory Domain Steps
The following fields are required to get the setup started via the Azure portal:
Step 1 – Active Directory domain admin credentials
The first step is to provide the domain admin user and password. This needs to be a complex password. Choose any region you like, then click onto ‘New Domain Deployment Details‘
Step 2 – New AD Domain Deployment Details
Choose which OS version you would like to setup (2019 or 2016).
2. Choose the name of the domain you would like to setup.
3. Choose how domain controllers you would like.
4. The name of the vNet that you would like to create. An existing vNet can’t be used, a new vNet has to be created, as DNS changes will be made to the vNet to point to the new domain controllers. You can choose the IP address range you would like. Once deployment has completed you can then peer this vNet with existing vNets, allowing you connect to any existing networks you have setup.
5. Leave the DC Subnet as default.
Step 3 - Domain Controller VM Details
Next choose the DC VM host name prefix. Deciding on what prefix you use will then add a number at the end for each new VM that is created, for example for the default prefix of ADDC and if you have deployed 4 DCs they will be called:
ADDC-0
ADDC-1
ADDC-2
ADDC-3
Then select what VM size you would like for your domain controllers.
Step 4 – Review Active Directory Deployment + Create
The last step will run a validation to make sure the details you have entered in the previous steps were correct.
If happy, press create and wait for the deployment to finish.
To see the status of the deployment, within the Resource Group you’ve deployed to, scroll to ‘Deployments‘ and you can see the status. In my deployment you can see it took 34mins to fully setup.
Active Directory Networking Azure
The deployment creates a new vNet. If you have existing vNets you can peer this new vNet with your existing vNets, allowing you to connect the new domain controllers to your network. Within the new vNet click on peering and peer with your existing vNets:
RDP (Remote Desktop Protocols) to Domain Controllers
The deployment of the domain controllers doesn’t create a public IP. If you have an internal vNet and peering the new AD vNet with your existing vNet’s you can RDP over the private IP.
However if you want to RDP externally to a public IP, simply create a public IP and associate it to one of the newly created domain controllers. The following microsoft documentation explains how to create a public IP and associate it with a VM.
In order for your domain controllers to communicate with other domain controllers in your Active Directory, you will need to make sure the following firewall ports are open between domain controllers in your cloud environment or on premises domain if you have a hybrid setup:
RPC endpoint mapper: port 135 TCP, UDP
NetBIOS name service: port 137 TCP, UDP
NetBIOS datagram service: port 138 UDP
NetBIOS session service: port 139 TCP
SMB over IP (Microsoft-DS): port 445 TCP, UDP
LDAP: port 389 TCP, UDP
LDAP over SSL: port 636 TCP
Global catalog LDAP: port 3268 TCP
Global catalog LDAP over SSL: port 3269 TCP
Kerberos: port 88 TCP, UDP
DNS: port 53 TCP, UDP
If you are using an Azure Network Security Group, To setup Azure firewall rules refer to – Azure Network Security Groups.
Cloud Solution Architect. Helping customers transform their business to the cloud. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud.