So, you are moving to the cloud. In fact, you are so ready to move to the cloud that you want to abandon your on premise servers and adopt a purely cloud based approach.
If you want to create a bunch of Windows VMs to support your development or infrastructure, you are going to want them to be able to talk to each other. This is where Windows Active Directory comes in. We typically setup a Windows server as a Domain Controller to provide Domain Services. Enable computer lookups, setup user accounts, and so forth.
But with Azure, we don't need to setup a VM, we just need to start a service. Azure Active Directory is the same Windows Active Directory, but setup as a service. Since I don't have any on premise equipment, this should be good.
Unfortunately, setting up Azure Active Directory to support your Azure VMs is not as straight forward as you would think. In this article, I'll show you how to setup a purely Azure Active Directory
To add an Active Directory that provides Domain Services, follow these basic steps:
• Create an Azure Active Directory service • Add Domain to AAD • Create a classic Virtual Network • Turn on Domain Services to the Classic Virtual Network • Create a new Virtual Network in the new portal • Create a peering arrangement between networks. • Create VM and Select Domain
Create an Azure Active Directory service
Creating Azure Active Directory is a bit misleading. You can absolutely create it using the new Portal at http://portal.azure.com, but you cannot active the Domain Services that you are really looking for.
For those you'll need to go to the classic portal at http://manage.windowsazure.com. Note that we are looking at the Tritium Consulting entry, and not the Tritium TFS Demo … that's a failed attempt that is not so easily deleted that you might believe.
So to enable directory services, you'll want to go to the classic portal and either select your domain if you have already created a directory, or create one there. It's just a few basic questions. This does not however turn on the domain services.
Add Domain to AAD
After you've added your domain to the onmicrosoft.com domain, don't forget to add the actual domain name, by selecting the directory and going to the Domain tab, add your new domain there.
Important Note: To save a lot of head scratching, if you add a domain that is longer than 15 characters, Windows Domain Services does not like to use it for name resolution. To solve this, I added a sub-domain called tfsdemo that we will use.
Add the 'AAD DC Administrators Group'. It must match exactly or the VM will not pick up the users from Azure.
Add a Global Admin user.
Create a classic virtual network
Currently Domain Services are only available on the classic virtual network, so you'll need to add one from the classic portal.
Afterwards, select the network, click configure and add a couple of domain name controllers.
Turn on Domain Services
Go back to the Active Directory and select the directory, choose the configure tab.
Now when you turn on the Domain Services, you'll see the domains, virtual networks, and IP addresses for the domain controllers.
Create a new Virtual Network
Go back to the new Portal and create a new Virtual Network. This network is the one where your VM's will reside.
Create a network peering
Select the new Virtual Network and create a peering to the old virtual network. You'll select the classic virtual network and enable the forwarding of all traffic.
Create VM and join Domain.
So now, after you join the domain, you'll be able to change the domain that you've selected.
Use the account you setup as the Global Admin for the domain.