This comprehensive project involves deploying an on-premises Active Directory (AD) infrastructure within Microsoft Azure. This setup demonstrates extending traditional AD services to the cloud, ensuring scalable and secure identity management solutions using Azure Virtual Machines.
- Microsoft Azure: Virtual Machines (VMs), Virtual Networks
- Remote Desktop
- Active Directory Domain Services
- PowerShell
- Operating Systems Used:
- Windows Server 2022 (Domain Controller)
- Windows 10 (Client Machine)
- Prepare Azure Environment:
- Set up Azure Virtual Machines for the domain controller and member servers within the same virtual network.
- Install and Configure Active Directory:
- Install Active Directory Domain Services on the designated domain controller VM and promote it.
- Configure Networking and Firewall Settings:
- Adjust DNS and firewall settings to support AD operations.
- Validation and Testing:
- Test connectivity and authentication across domain-joined machines.
- Create Resource Groups and Virtual Network:
- Create a new resource group and virtual network in Azure. Set up two VMs (DC-1 for Domain Controller and Client-1 for client operations) within this network.
- Here is all of our resources within our resource group:
- Install and Promote Active Directory Domain Services:
- Install AD DS on DC-1, set up a new forest (e.g.,
mydomain.com), and promote it to a domain controller. - After deploying, we can promote it to a domain controller:
- Install AD DS on DC-1, set up a new forest (e.g.,
- Network Configuration and Connectivity:
- Ensure both VMs are in the same Vnet. From Client-1, verify connectivity by pinging DC-1.
- Successful ping results from Client-1 to DC-1 after enabling ICMP through firewall:
- Organizational Units and User Setup:
- Create organizational units (OUs) in AD for employees and admins. Create user accounts, including an administrative account (
john_admin). - Employee and admin OUs are created, with new user john_admin in the Domain Admins group:.
- Create organizational units (OUs) in AD for employees and admins. Create user accounts, including an administrative account (
- Join Client VM to Domain and Test Remote Desktop:
- Adjust Client-1’s DNS settings to point to DC-1. Join Client-1 to
mydomain.comand verify its appearance in ADUC under the Computers container. - Client-1 was added to the domain, and does indeed appear in ADUC:
- Adjust Client-1’s DNS settings to point to DC-1. Join Client-1 to
- Remote Desktop Configuration:
- Configure remote desktop settings on Client-1 to allow access for domain users.
- The system properties window showing Domain Users can access the CLient-1 desktop:
- User Login Tests:
- Create additional users using a PowerShell script and test logging into Client-1 with these accounts.
- Users being created, and successfull login with random user "kof.vehi":
Deploying an Active Directory on Azure provides a robust platform for managing organizational identities and enhances security through centralized administration. This demonstrates integration of traditional IT systems with advanced cloud infrastructure and creating a dynamic environment suitable for modern business needs.
- LinkedIn: Chazz Conino