Windows Azure: Syncing Domain Controllers between on-Premises and Windows Azure

  • Article

rwagg-white small

Rob Waggoner

 WinAzure_rgb

 

In my first post on Windows Azure, I showed you how I setup site-to-site connectivity between my on-premises network and my Windows Azure network.  In this post, I’ll show you how I got my Domain Controllers in my Windows Azure virtual network so that I can synchronize them with my on-premises Domain Controller.

I used the guide how to Install a Replica Active Directory Domain Controller in Windows Azure Virtual Networks but I think it missed a couple of steps, so let me share what else I had to do to make this work.  The big thing that impacted me was that the instructions didn’t show me how to create the virtual machine in the virtual network I created in my first post.  This is important.  Creating a VM in your Windows Azure account does not give it access to your virtual network, which means your Windows Azure VMs cannot communicate with your on-premises VMs.  They must be created in the virtual network.

I really like the instructions on how to Install a Replica Active Directory Domain Controller in Windows Azure Virtual Networks but again, I think it just missed a few items.  Before Step 4 (Step 4: Install an additional domain controller in the CloudSite), please read my notes below on How to Install a VM in your Windows Azure Virtual Network.

How to Install a VM in your Windows Azure Virtual Network.

To install a VM in your Virtual Network, you cannot use QUICK CREATE, you must choose FROM GALLERY so you can define all of the configuration details.  Don’t worry, it’s only four screens and the first three are simple; the fourth screen has just a few details that you have to get right.

image The most significant advice I can provide is to not use the QUICK CREATE to create your VMs.  QUICK CREATE will not let you put the VMs in your Virtual Network.

Start to create your Virtual Machine like you always do, but do not use QUICK CREATE, you must create your VM by choosing FROM GALLERY.   There are a few more configuration screens to properly configure your VM this way, but it’s the only way to place your VM into your Virtual Network.  Most of the configuration settings are straight forward, I’m just going to focus on a few of the options you must get right on Page 4.  These settings are the ones that will make or break you with it comes to your Site-to-Site virtual connection.

image This is the configuration page you must get correct. Below I’m going to talk about a few of the options you need to be aware of.

Cloud Services

image I put my DCs in one Cloud Service and my File Servers in another.  This way I can load balance the machines in each of the containers.  There is plenty of documentation to help you understand these details.

REGION/AFFINITY GROUP/VIRTUAL NETWORK

image This is where I “place” the VM in the Virtual Network I created in my prior blog.  arwaggs2s is the name of the virtual network that connects to my on-premises network.

The REGION/AFFINITY GROUP/VIRTUAL NETWORK option is where we actually place the VM in the Virtual Network we created.  This is the one shot you have at getting this one right because you cannot move an existing VM into a Virtual Network.  This can only be defined when the VM is created.  If you miss this step, just delete your VM and create another one since you cannot easily “move” existing VMs into a Virtual Network.  You can take an existing VM and put in your MY IMAGES gallery, then deploy it into the Virtual Network, but if your setting up a new VM, it’s probably a lot easier to delete the mistaken VM and create a new one.

VIRTUAL NETWORK SUBNETS

image These are the three subnets we created when we setup the Virtual Network.  I put all my VMs in the FrontEnt subnet.

The documentation is very good for all of your choices, but the above options are the ones we need to get right to make this work.

Final Thoughts

I have just a few more thoughts and then I will let you go back to the Install a Replica Active Directory Domain Controller in Windows Azure Virtual Networks guide to complete the setup.

  1. I used the same IP scheme as in the guide. 
  2. The setup guide refers to Windows Server 2008 R2, but I used 2012 R2 and had success. 
  3. Be sure to add extra drives to your cloud based DC and point the AD storage to the extra drive.  You do not want to store anything of value on the C: or D: drive. 
  4. You will see in your VM that you have a D: drive labeled Temporary Storage.  Temporary means that you cannot count on anything you store there to survive. 
  5. This page has some good insight into how to Manage Disks and Images.  It also provides insight into the Temporary Storage volume in your VM.
  6. Like the instructions suggest, I put AD on the F: and will use G: for backups.

Once I completed the Install a Replica Active Directory Domain Controller in Windows Azure Virtual Networks guide and added my additional Domain Controllers, all of the new DCs showed up in Active Directory Users and Computers.  Here is a screen shot:

image

That’s all it took to get this working!

 

Until next time,

 

Rob

Technorati Tags: Setup Windows Azure Virtual Network,Domain Controllers in Windows Azure Virtual Network