Step-By-Step: Managing Azure Active Directory Domain Service via Virtual Server

  • Article

With Azure Active Directory services now enabled via prior posts, this post will demonstrate how to add a virtual server that is setup on Azure on the managed domain and use Active Directory administration tools to manage the AAD-DS managed domain.

NOTE: The same manageability as in house domain controller is not required as it is a managed domain services.

 

The following are administrative tasks you can perform on a managed domain:

  • Gain administrative access to computers joined to the managed domain
  • Join machines to the managed domain
  • Configure the built-in GPO for the 'AADDC Computers' and 'AADDC Users' containers in the managed domain
  • Create and administer custom Organizational Units (OUs) on the managed domain
  • Administer DNS on the managed domain.  

The following are administrative privileges you do not have on a managed domain:
 

  • You are not granted Domain Administrator or Enterprise Administrator privileges for the managed domain
  • You cannot add domain controllers to the managed domain
  • You cannot connect to domain controllers for the managed domain using Remote Desktop
  • You cannot extend the schema of the managed domain

Step 1: Creating the VM

First we need to setup new VM under the same virtual network as the managed domain.

1)    In order to join VM to the same virtual network, we have to use Azure classic portal to build the VM
2)    Log in to the azure classic portal > New > Compute > Virtual Machine > From Gallery ( The reason is using this option can define the advanced options)
 

md1
 

3)    Then select the template from the list. I am going to use windows server 2016 TP 5 and click on arrow to proceed
 

md2
 

4)    In next window provide the info for the new VM (such as name, resources and local admin account) and click proceed arrow
 

md3

5)    In Next window select the Virtual network as same as the one you setup the AAD-DS managed domain. If you do not select correct virtual network you will not be able to connect this vm to the managed domain. Once done, click on button to proceed
 

md4
 

6)    In next window can add the extensions you like and click to button to setup the VM
 

md5
 

Step 2: Connect VM to the Managed Domain

1)    Click on connect to log in to the VM once New VM is up and running
 

md6
 

2)    Next step is to join it to the domain now that the VM is created
 

md7
 

3)    In domain, type the managed domain name and type the credentials. The use account used for authentication should be member of AAD DC Administrators group
 

md8

md9

md10
 

4)    Reboot it to complete the process once connected to the domain
 

Step 3: Managing domain using AD administration tools

In this step I am going to install AD admin tools using that we can manage the Azure managed domain.
NOTE: This also can do using desktop operating system as well. Ex- windows 10. To do it, need to install RSAT for windows 10.

1)    Log in to the server as member of AAD DC Administrators group
 
2)    Server Manager > Add Roles and Features
 

md11
 

3)    Click next in the wizard
 

md12
 

4)    In next window keep the default and click next
 

md13
 

5)    In next window keep the default and click next to proceed
 

md14
 

6)    On the roles page, keep default values and click next
 

md15
 

7)    In features select Remote server administration tools > Role administration tools > AD DS and AD LDS Tools and then click next to proceed
 

md16
 

8)    In next window click on install to proceed with the installation
 

md17
 

9)    Once install done go to Server Manager > Tools > Active Directory Users and Computers to see the AD console which Admins familiar with
 

md18

md19

md20

Hope this is helpful.  If you have any questions feel free to add your comment below.