In our previous post, we have create a point to site vpn. We have established a connection between our premises to Window Azure. Moving forward, we are going to create a VM to hold a read-only domain controller at Windows Azure.
To do so, create a virtual machine by using Quick Create / use gallery in Windows Azure.
Follow the wizard to select the operating system, enter vm name, cpu size, local administrator account, network and endpoint.
Once the VM has provisioned, add a data disk to store the active directory database.
To avoid active directory database corrupted, you need to set disk caching as “None” or Read Online mode before dcpromo.By default, C disk is set to read/write caching. -DO NOT STORE THE DATABASE INTO C Drive-
Then Connect into the virtual machine by using RDP, open computer management | disk management, initialize the new disk and format it.
Verify that you can ping your primary domain controller (at your premises) and able to join to domain before configure the next step. On Virtual network, there is a connection between your premise and Windows Azure.
Next step is add a role “Active Directory Domain Services” by using Server Manager. –DO NOT USE DCPROMO CMD-
Once the components has installed, proceed to configure it by click on “Promote this server to a domain controller” (click on the flag next to Manage – on Server Manager console”
This will open “Active Directory Domain Services Configuration Wizard”.
a. Select “add a domain controller to an existing domain”
b. Select “Read only domain controller (RODC)
c. Verify the following account for delegated administrator, account to replicate RODC and account to be denied.
d. When reach to Path, make sure change to the disk that you has set caching to “None”
e. Continue the pre-requisite check and install the roles.
To verify, open Active Directory User and Computer snap-in. You can see a new RODC has added into Domain Controller OU.