How to Setup a New Active Directory 2016 or 2019 Forest/Domain in Azure/AWS/GCP IaaS

How to Setup a New Active Directory 2016 or 2019 Forest/Domain in Azure/AWS/GCP IaaS

The best way to setup Active Directory is to use our marketplace image in any of the cloud marketplaces (Azure, AWS, Google GCP). Use our image to deploy a new Active Directory 2016 or 2019 Forest/Domain in Azure, AWS or Google.  Easily setup a new Active Directory forest or add domain controllers to your existing domain.

 

Setup Active Directory in AWS

Deploy 2016 domain controllerSetup Active Directory in AWS

Setup Active Directory in Google

Deploy 2016 domain controllergoogle-cloud-marketplace

Connect to Newly Create Virtual Machine

 

Once you’ve deployed the Active Directory 2016 or 2019 domain controller to your cloud environment, you now need to RDP to the virtual machine to start the installation steps. Refer to the either of the following guides on how to RDP depending on which cloud marketplace you are using:

 

 

Set static IP Address

 

Once logged in, It is recommended to set your domain controller virtual machine with a static IP address. 

 

Once Active directory is setup on this server, it is also going to act as DNS server. Therefore you will need to change the DNS settings on the network interface and set the server IP address (or local host IP 127.0.0.1) as the primary DNS server.

 

To get your IP information, open up a command prompt or powershell window and run the following command “Ipconfig /all

 

ipconfig

 

Here you will find your IP Adress, Subnet mask and default gateway. Add this information to your NIC properties. (in my screenshow above, in this demo im using a different VM so my output is slightly different to what i will be using on my DC NIC properties below)

 

  1. Right-click the network icon in the bottom right of the Task Bar and select Open Network and Sharing Center from the menu.
  2. In the Network and Sharing Center, click Change adapter settings.
  3. On the Network Connections screen, right-click the network adapter for which you want to change the IP address and select
  4. Select Internet Protocal Version 4 (TCP/IPV4) and click Properties
  5. Fill in your private IPV4 ip address, subnet mask, default gateway.
  6. Fill in the preferred DNS server as (127.0.0.1) which is known as your local host IP.
  7. The alternate DNS server address will be the IP address of another domain controller you have in your forest. If you don’t have any setup yet, you can leave this blank and update later if you are going to setup other domain controllers.

NIC-IP-Properties

 

Active Directory Installation Steps

 

Open up Server Manager and click on the yellow notification and select promote this server to a domain controller

promote-domain-controller

 

This will start the active directory configuration wizard. In my demo I am going to setup new forest. But if you adding this to an existing domain you can choose the relevant option.  Select the option to add new forest and type FQDN for the domain. Then click next.

 

ADD-to-new-forest

 

On the next page you can select the domain and forest functional levels. I am going to set it up with latest (2016). This is the same for 2019.  Then type a password for DSRM. Then click next

 

domain-functional-levels

 

For the DNS options, this going to be the first DNS server in new forest. So no need any modifications. Click next to proceed.

 

DNS-Delegation

 

For the NETBIOS name keep the default and click next 

 

NetBISO-Domain-name

 

Next page is to define the NTDS, SYSVOL and LOG file folders. You can keep default or define different path for these. In this demo I will be keeping the default paths. Once changes are done, click next to continue

 

sysvol-path

 

On the next page it will give you the option to review the configuration changes. If everything looks ok you can click next to proceed or otherwise can go back and change the settings.

 

Review-AD-Options

 

On the next window it will do a prerequisite check. If it passes, it will enable the option to install. Click on install to begin the installation process.

 

AD-Prerequisites-check

 

Then it will start the installation process of promoting this server to a Windows domain controller

 

Active-directory-domain-services-configuration-wizard

 

After the AD installation, The server will restart automatically. Once it comes back online, log in to the server as domain administrator.

 

domain-administrator-login

 

Once logged in, open powershell (as administrator) and type dsac.exe and press enter. It will open up the active directory administrative center. Here you can start managing the domain resources.

 

dsac-powershell

AD-Administrative-center

 

Also you can use Get-ADDomain | fl Name,DomainMode and Get-ADForest | fl Name,ForestMode from powershell to confirm the domain and forest functional levels

 

get-addomain-powershell

 

 

Active Directory Firewall Ports

 

In order for your domain controllers to communicate with other domain controllers in your Active Directory, you will need to make sure the following firewall ports are open between domain controllers in your cloud environment or on premises domain if you have a hybrid setup:

 

  • RPC endpoint mapper: port 135 TCP, UDP
  • NetBIOS name service: port 137 TCP, UDP
  • NetBIOS datagram service: port 138 UDP
  • NetBIOS session service: port 139 TCP
  • SMB over IP (Microsoft-DS): port 445 TCP, UDP
  • LDAP: port 389 TCP, UDP
  • LDAP over SSL: port 636 TCP
  • Global catalog LDAP: port 3268 TCP
  • Global catalog LDAP over SSL: port 3269 TCP
  • Kerberos: port 88 TCP, UDP
  • DNS: port 53 TCP, UDP

 

To setup AWS firewall rules refer to – AWS Security Groups

To setup Azure firewall rules refer to – Azure Network Security Groups

To setup Google GCP firewall rules refer to – Creating GCP Firewalls

 

Support

 

If you have any questions about the setup of Active Directory in Azure, AWS or Google GCP using our domain controller image leave your comments below and we will reply within 24 hours.

 

Want some help (hire us)?

Andrew Fitzgerald

Cloud Solution Architect. Helping customers transform their business to the cloud. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud

No Comments

Post a Comment

Comment
Name
Email
Website