Automate Active Directory Domain Deployment Template/Script for Azure
To setup Active Directory domain services in Azure, use our automated deployment solution that fully sets up Active Directory IaaS running on VMs in Azure. Allows you to run onprem AD in Azure.
Active Directory Domain running on Azure VMs Solution Template Features
- Choose to have between 2 to 50 DC VMs
- Choose the name for the Domain, DCs, network objects & domain admin credentials
- Choose the VM size for all DCs
- Choose to deploy on Windows Server 2016 or 2019 for the OS Version
- DNS is fully configured and updates the Azure vNet DNS server addresses
- Provide group policies to your servers in Azure and on prem
- Provide AD authentication services to your applications in Azure and any new VM deployments
- Provide DNS name resolution to your servers and applications in Azure
- Provide hybrid Active Directory for both Azure and onprem environments.
Deploy Active Directory Domain IaaS in Azure
Setup Active Directory in Azure Video Tutorial
Table of Contents
Setup Active Directory Domain Steps
The following fields are required to get the setup started via the Azure portal:
Step 1 – Active Directory domain admin credentials
The first step is to provide the domain admin user and password. This needs to be a complex password. Choose any region you like, then click onto ‘New Domain Deployment Details‘
Step 2 – New AD Domain Deployment Details
- Choose which OS version you would like to setup (2019 or 2016).
2. Choose the name of the domain you would like to setup.
3. Choose how domain controllers you would like.
4. The name of the vNet that you would like to create. An existing vNet can’t be used, a new vNet has to be created, as DNS changes will be made to the vNet to point to the new domain controllers. You can choose the IP address range you would like. Once deployment has completed you can then peer this vNet with existing vNets, allowing you connect to any existing networks you have setup.
5. Leave the DC Subnet as default.
Step 3 - Domain Controller VM Details
Next choose the DC VM host name prefix. Deciding on what prefix you use will then add a number at the end for each new VM that is created, for example for the default prefix of ADDC and if you have deployed 4 DCs they will be called:
- ADDC-0
- ADDC-1
- ADDC-2
- ADDC-3
Then select what VM size you would like for your domain controllers.
Step 4 – Review Active Directory Deployment + Create
The last step will run a validation to make sure the details you have entered in the previous steps were correct.
If happy, press create and wait for the deployment to finish.
To see the status of the deployment, within the Resource Group you’ve deployed to, scroll to ‘Deployments‘ and you can see the status. In my deployment you can see it took 34mins to fully setup.
Active Directory Networking Azure
The deployment creates a new vNet. If you have existing vNets you can peer this new vNet with your existing vNets, allowing you to connect the new domain controllers to your network. Within the new vNet click on peering and peer with your existing vNets:
Microsoft documentation on peering networks – https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portal
RDP (Remote Desktop Protocols) to Domain Controllers
The deployment of the domain controllers doesn’t create a public IP. If you have an internal vNet and peering the new AD vNet with your existing vNet’s you can RDP over the private IP.
However if you want to RDP externally to a public IP, simply create a public IP and associate it to one of the newly created domain controllers. The following microsoft documentation explains how to create a public IP and associate it with a VM.
Create Azure public IP address: https://docs.microsoft.com/en-us/azure/virtual-network/create-public-ip-portal?tabs=option-create-public-ip-standard-zones
Associate public IP to VM: https://docs.microsoft.com/en-us/azure/virtual-network/associate-public-ip-address-vm#azure-portal
Active Directory (AD) Firewall Ports
In order for your domain controllers to communicate with other domain controllers in your Active Directory, you will need to make sure the following firewall ports are open between domain controllers in your cloud environment or on premises domain if you have a hybrid setup:
- RPC endpoint mapper: port 135 TCP, UDP
- NetBIOS name service: port 137 TCP, UDP
- NetBIOS datagram service: port 138 UDP
- NetBIOS session service: port 139 TCP
- SMB over IP (Microsoft-DS): port 445 TCP, UDP
- LDAP: port 389 TCP, UDP
- LDAP over SSL: port 636 TCP
- Global catalog LDAP: port 3268 TCP
- Global catalog LDAP over SSL: port 3269 TCP
- Kerberos: port 88 TCP, UDP
- DNS: port 53 TCP, UDP
If you are using an Azure Network Security Group, To setup Azure firewall rules refer to – Azure Network Security Groups.
Active Directory Domain Support
If you experience any issues with this deployment solution, please contact us and we will be happy to assist.
