Search This Blog

Saturday, March 1, 2014

Creating a Virtualized Read Only Active Directory in Windows Azure

 

In our previous post, we have create a point to site vpn. We have established a connection between our premises to Window Azure. Moving forward, we are going to create a VM to hold a read-only domain controller at Windows Azure.

image

To do so,  create a virtual machine by using Quick Create / use gallery in Windows Azure.

image

Follow the wizard to select the operating system, enter vm name, cpu size, local administrator account, network and endpoint.

image

image

image

image

Once the VM has provisioned, add a data disk to store the active directory database.

To avoid active directory database corrupted, you need to set disk caching as “None” or Read Online mode before dcpromo.By default, C disk is set to read/write caching. -DO NOT STORE THE DATABASE INTO C Drive-

image

image

Then Connect into the virtual machine by using RDP, open computer management | disk management, initialize the new disk and format it.

image

Verify that you can ping your primary domain controller (at your premises) and able to join to domain before configure the next step. On Virtual network, there is a connection between your premise and Windows Azure.

SNAGHTML11050fc6

Next step is add a role “Active Directory Domain Services” by using Server Manager. –DO NOT USE DCPROMO CMD-

image

Once the components has installed, proceed to configure it by click on “Promote this server to a domain controller” (click on the flag next to Manage – on Server Manager console”

image

This will open “Active Directory Domain Services Configuration Wizard”.

a. Select “add a domain controller to an existing domain”

image

b. Select “Read only domain controller (RODC)

image

c. Verify the following account for delegated administrator, account to replicate RODC and account to be denied.

image

image

d. When reach to Path, make sure change to the disk that you has set caching to “None”

image

e. Continue the pre-requisite check and install the roles.

image

Verification

To verify, open Active Directory User and Computer snap-in. You can see a new RODC has added into Domain Controller OU.

image

Related post: