Azure DC for multiple locations

Question

Azure DC for multiple locations

Joel Eggleton 0

I have a client that has multiple locations. The only servers they have are in Azure. This means that the only DNS server for 14 locations is located across IPSEC VPNs to Azure. This is getting to be problematic. Since we have no servers in any of the locations, does anyone have recommendations for how to optimize this configuration? Google searching is not coming up with anything useful.

0 comments

1 answer

Your answer

Answer 1

Marcin Policht 89,240 MVP Volunteer Moderator

Is the only reason for having AD is to provide DNS services?

If so, implement private DNS zones instead.

If not, you can still actually use private DNS zones in AD environment. For details, refer to https://mwesterink.wordpress.com/2023/03/09/running-active-directory-domain-services-using-an-azure-private-dns-zone-and-an-azure-dns-private-resolver-does-it-work/

Otherwise, deploy additional domain controllers in other regions. Regarding the sizing, that would depend on how busy your environment is, but considering your description, this shouldn't be a significant factor. You should actually do this anyway to provide sufficient resiliency.

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Joel Eggleton 0 Reputation points

2024-03-27T03:30:01.98+00:00

We are using GPO and authentication through AD as well. Ideally, I would have a server at each location but the environment does not suit that. I was thinking more about a DNS proxy of some kind to DNS cached locally.
Marcin Policht 89,240 Reputation points MVP Volunteer Moderator

2024-03-27T03:39:26.7933333+00:00

Use the private DNS zones then - as described in https://mwesterink.wordpress.com/2023/03/09/running-active-directory-domain-services-using-an-azure-private-dns-zone-and-an-azure-dns-private-resolver-does-it-work/

Alternatively, if you have Windows servers in other locations (presumably you do), then you can install DNS server on these and add secondary zones to them.

hth

Marcin
Joel Eggleton 0 Reputation points

2024-03-27T16:06:51.4366667+00:00

This all requires the need for servers onsite. Our sites are less than 20 clients each and do not have the space to accommodate servers. Not to mention the significant cost involved. Are there any other recommendations that do not require a server to be placed at each location?
Marcin Policht 89,240 Reputation points MVP Volunteer Moderator

2024-03-27T17:45:14.64+00:00

No - the Azure Private DNS zones do not require additional servers. That's an Azure platform managed DNS service.

hth
Marcin
Joel Eggleton 0 Reputation points

2024-03-27T18:50:51.9433333+00:00

Apologies for my ignorance. I had not heard of Azure Private DNS Zones prior to this conversation. I will need to look into this further. Sounds like this might be the best way to go, as long as all my users are still authenticating against the domain.
Marcin Policht 89,240 Reputation points MVP Volunteer Moderator

2024-03-27T19:07:48.7633333+00:00

Np at all. That's what this forum is for. You might want to follow https://mwesterink.wordpress.com/2023/03/09/running-active-directory-domain-services-using-an-azure-private-dns-zone-and-an-azure-dns-private-resolver-does-it-work/

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Share via

Azure DC for multiple locations

1 answer

Your answer