Azure AD Domain Services Quick Install

Introduction

Azure Active Directory Domain Services lets you join Azure virtual machines to a domain without the need to deploy domain controllers, more detail can be found here.

This article show quick way to install and configure Azure AD Domain Services, other options might be required for a production deployment and not highlighted in this article.

At the time of writing this article most of the configuration will be done in Azure Portal (Classic), Microsoft is planning to move everything to the new Azure portal.

Assumptions

The following assumptions are made in this article:

• Functional Azure AD – A quick guide can found here
• Access to Azure Subscription

Preparation Tasks

The following preparation tasks will be required before starting the installation process below:

• Document the Azure Virtual Network address range (default address range is 10.0.0.0/16)

Installation

This section will be divided into the following sections:

• Create Azure  Resources
  1. Azure Virtual Network
  2. Create “AAD DC Administrators Group“
  3. Azure AD Domain Service
  4. Configure Azure Virtual Network DNS Servers

To create all the required Azure resources, please follow the steps below:

1. Azure Virtual Network

1. Go to https://manage.windowsazure.com
2. Click “+ NEW”
3. 
4. Click “Network Services“, “Virtual Network” and then click “Custom Create“
5. 
6. In Name, enter required network name
7. Choose correct Location
8. 
9. On Page 2, leave DNS servers empty for now
10. On Page 3, enter the required Address space range and Subnets for the network
11. 
12. Click check mark to create network

2. Create ‘AAD DC Administrators’ Group

To allow users to manage Azure AD Domain Services, you’ll first need to create a group in Azure AD called ‘AAD DC Administrators’ and add all the users that should have admin rights.

For more detailed tasks, please have a look here.

3. Azure AD Domain Services

1. Go to https://manage.windowsazure.com/
2. On the left Menu find, “ACTIVE DIRECTORY“
3. Click on the required Azure AD in the list provided
4. 
5. Click “CONFIGURE” tab
6. Scroll down and find “domain services” section
7. Change “ENABLE DOMAIN SERVICES FOR THIS DIRECTORY” to “YES“
8. Change “DNS DOMAIN NAME OF DOMAIN SERVICES” to required suffix
9. Choose the network that was create in steps above for “CONNECT DOMAIN SERVICES TO THIS VIRTUAL NETWORK“
10. Click “Save“
11. The creation might take a bit of time to complete, once completed DNS server IP addresses will be provided for use in the created Virtual Network. (Please follow steps below to finish Virtual Network configuration)

3. Configure Azure Virtual Network DNS Servers

1. Go to https://manage.windowsazure.com/
2. On the left Menu find, “ACTIVE DIRECTORY“
3. Click on the required Azure AD in the list provided
4. 
5. Click “CONFIGURE” tab
6. Scroll down and find “domain services” section
7. Document the IP Addresses in “IP ADDRESS” section for next steps
8. 
9. On Left hand menu, Choose “NETWORKS“
10. Open the network that was created and have been enabled for Azure Domain Services
11. Click “CONFIGURE“
12. In the “dns servers” section, enter the two dns servers documented in previous step
13. Click “SAVE“

 

Before using Azure AD domain services, please follow this guide to enable password synchronization.

Conclusion

By the end of this guide Azure AD domain services will be functional with the ability to domain join Azure Virtual machines.

Advertisement