Share via

Deploy Domain controller in Azure VM

Deni Garo 41 Reputation points
2022-10-06T09:26:21.317+00:00

Hi all,

We have on-prem env and we would like to extend it to azure and replace on-prem in the future. First action is to deploy 2 DC VM. We are not interested of running azure domain services. I would like to ask you guys what is the best practice. I read somewhere that we cannot deploy DC database/logs and that kind of things on C: etc. Where to find that info or if someone know how to:

  • Deploy Domain controller as VM (Best Practice - installation/storage/network)
  • Configure network (These 2 machines will be extension so they will join in current domain)
  • Configure access - I know that we have point-to site and site-to-site but is that necessary in this first phase? We would like to avoid RDP accessing the machines?

I really hope that someone can help us with this?

Many thanks in advance.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,586 questions
0 comments

6 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rafael da Rocha 5,091 Reputation points
    2022-10-06T09:38:39.697+00:00

    Deployment: Here's the official documentation:
    virtualized-domain-controller-deployment-and-configuration

    Network/Access: You'll absolutely need to setup your Azure VNet, and choose a connectivity mode to reach your on-prem AD even before deploying the VMs. Site-to-Site is a simple solution.
    If you don't want to use RDP, maybe Windows Admin Center can be of use.

    0 comments
  2. Deni Garo 41 Reputation points
    2022-10-06T10:36:01.81+00:00

    Hi, that document is not showing nothing regarding deploying dc's in azure especially not azure vm dc best practice, what storage to use (premium or standard), installation and network design

    0 comments
  3. JimmySalian-2011 42,071 Reputation points
    2022-10-06T10:46:41.587+00:00

    Hi @Deni Garo ,

    To add to what Rafael has suggested, I will start with determining your VM size requirements based on the expected volume of authentication requests. Use the specifications of the machines hosting AD DS on premises as a starting point, and match them with the Azure VM sizes. Once deployed, monitor utilization and scale up or down based on the actual load on the VMs.

    Check this initial planning guide - capacity-planning-for-active-directory-domain-services

    Create a separate virtual data disk for storing the database, logs, and sysvol folder for Active Directory. Don't store these items on the same disk as the operating system. By default, data disks that are attached to a VM use write-through caching. However, this form of caching can conflict with the requirements of AD DS.

    Configure the VM network interface (NIC) for each AD DS server with a static private IP address for full domain name service (DNS) support.

    If the new deployed Domain Controllers (DC) VMs will have also the role of DNS servers, it's recommended to configure them as custom DNS server at the Azure Virtual Network level

    The only scalability consideration is to configure the VMs running AD DS with the correct size for your network load requirements, monitor the load on the VMs, and scale up or down as necessary.

    Hope this helps.

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

  4. Bjoern Peters 8,856 Reputation points
    2022-10-07T08:39:07.39+00:00

    Hi @Deni Garo

    Here you can read a step-by-step tutorial on how to set up a DC in Azure.
    https://activedirectorypro.com/deploy-domain-controller-azure/

    Regarding your questions on "sizing,"... we don't know anything about your environment and workload.

    If you have a small business environment with, e.g., 20 employees, then a B1s without an additional data disk might be sufficient.
    If you have a mid-size business environment... if you have a huge environment...

    and it also relies on your budget!

    of course, we can recommend you build a really fast Azure VM with 3 additional data disks (Premium P40) and 16vCPU/128GB; that might be all according to best practices, but maybe that is absolutely oversized and/or way out of your budget (and needs).

    The good thing is, doing this in a cloud... you can adjust everything really easily and quickly.
    So start small, and maybe it fits your workload; everything is fine, otherwise, adjust...

    It all depends on your workload and how you configure your environment... you can find more information on the disks here:
    https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types

    If nobody complains about performance, you can start with a "Standard SSD"...

    0 comments
  5. Deni Garo 41 Reputation points
    2022-10-07T11:37:54.223+00:00

    Hi all,

    Many thanks for your inputs. We have 350 users - 2 DC's and 15 VM's. We are currently running DC's on prem with 2vcpu and 6 GB ram / each.

    When it comes to budget, of course that we would like to save cash but we are not limited to it. We would like to configure so that it works.

    What do you recommend when it comes to availability sets - shall we configure it or?

    We will deploy 2 DC's in azure which are going to replace on-prem dc's in the future. Of course, we will migrate all servers in azure in the future.

    Shall we run on premium storage and with managed disk for the DB or can we create premium storage for VM and standard storage for the DB disk?

    I really appreciate your help and advice guys. 5 stars