Deploying Active Directory Replica DC to Azure

A lot of us have been setting up Hybrid Cloud (Azure) environments and one of the first things that needs to be done is setup a Replica Domain Controller.

This post will show the steps that I followed to get this done.

Before we get started it is important to note that the following steps have already been completed:

Created a Virtual Network (10.13.0.0/24)
Connected the Virtual Network to a S2S (Site to Site) VPN to my On-Premise Network (10.10.0.0/16)
Created a Local Network which defined the On-Premise Network and my External IP from that location
Configured an on premise Windows 2012 R2 RRAS Server to act as the other end of the VPN On-Premise
- Ran the downloaded 2012 RRAS Configuration Script from the Virtual Network / Gateway Dashboard Page
Validated routing from my On-Premise Network to my Azure Virtual Network
Azure PowerShell Module downloaded and installed

Where we will get started today is the build out of the new Azure Replica Domain Controller

Step # 1 – We need to a new Azure VM for this (We will use the smallest one to save costs)

From the Azure Management Portal, Add a Custom Virtual Machine, Select Windows 2012 R2 DataCenter
On the Virtual Machine Configuration Page Configure with the following options:
Virtual Machine Name: TC-AZ-DC01
TIER: BASIC
SIZE: A0 (shared core, 768 MB Memory)
NEW USER Name: Administrator_<XXX>
On the Create A Virtual Machine Page Configure with the following options:
Cloud Service: Create a new cloud service
Cloud Service DNS Name: TC-AZ-DC01
Subscription: Pay-As-You-Go <This will Vary>
REGION/AFFINITY GROUP/VIRTUAL NETWORK: TC-AZ-PROD
VIRTUAL NETWORK SUBNETS: Subnet-1 (10.13.0.0/19)
Availability Set: (None)
On Create A Virtual Machine Page, click the check mark to continue
Now be Patient as it will take a few minutes for provisioning to complete.
Once Provisioning is complete open an Administrative
Windows Azure PowerShell and type the <Note we are already connected to our Azure Instanace>

This is a quick way to check the VM and make sure it is fully provisioned for us:

Get-AzureVM
|
where-object
-like
Name
‘TC-AZ-DC01’
|
fl
Now because this is going to be a Replica Domain Controller we should configure this with a Static IP.

Note: With the current release of Azure it is now possible to configure a Static IP (DHCP Reservation) and have it retained
even if the VM is shut down and de-provisioned.

Test-AzureStaticVNetIP
-VNetName
TC-AZ-PROD
-IPAddress
10.13.0.4
In think we will use 10.13.0.7 as a Static IP for this Azure Replica DC

$AzureStaticIPVM
=
Get-AzureVM
-ServiceName
TC-AZ-DC01
-Name
TC-AZ-DC01

Set-AzureStaticVNetIP
-VM
$AzureStaticIPVM
-IPAddress
10.13.0.7
|
Update-AzureVM

Get-AzureStaticVNetIP
-VM
$AzureStaticIPVM
Let’s go check out our VM and see if it indeed has a new Static IP Configured. From the Azure Management Portal,
Select Virtual Networks, Click on TC-AZ-PROD, Click on DashBoard
Logon as an administrator to TC-AZ-DC01 and validate the IP Address before continuing
Validate that we can ping our other On-Premise Domain Controllers

Note: Our On-Premise Network is 10.10.0.0/16
To run the Active Directory Installation Wizard (Dcpromo) open Server Manager and Add Active Directory Domain Services

Note: Just Click next all the way through the role installation
Open Server Manager, Click on AD DS, Click on More
In All Server Tasks Details click Promote this server to a Domain Controller
On the Deployment Configuration screen, Select Add a domain controller to
an existing domain, type the Domain Name into domain: and ensure
you use an account with Domain Admin privileges.
On the Domain Controller Options configure with the following options:

Domain Name (DNS) Server: Selected
Global Catalog (GC): Selected
Read on domain controller (RODC): Not Selected
Site Name: An Internal AD Site… We will change later
DSRM Password: <Standard Password>
On the rest of the Install Screen’s simply click Next and then start the
Domain Controller Promotion process.
A sample of this deployment script is listed below:

#

# Windows PowerShell script for AD DS Deployment

#

Import-Module
ADDSDeployment

Install-ADDSDomainController `

-NoGlobalCatalog:$false `

-CreateDnsDelegation:$false `

-Credential (Get-Credential) `

-CriticalReplicationOnly:$false `

-DatabasePath
“C:\Windows\NTDS” `

-DomainName
“<YOURDOMAIN>.com” `

-InstallDns:$true `

-LogPath
“C:\Windows\NTDS” `

-NoRebootOnCompletion:$false `

-SiteName
“TCCALCorp” `

-SysvolPath
“C:\Windows\SYSVOL” `

-Force:$true
Depending on the size of your Active Directory Partitions it may take some time to
Complete.
To validate the installation open c:\windows\debug\dcpromo.log it may take some time for
the initial replication to occur. Ensure that this logfile shows that the process has been
complete.

After being patient for a while it finally completed about 20 minutes later…

We knew it was completed when the dcpromo.log file showed us DSRoleSetOperationDone
Validate that replication is working by logging into TC-AZ-DC01 and running the following from an
Administrative Command Prompt:

repadmin /kcc
repadmin /syncall /e

repadmin /syncall /e /P

Ensure there are no errors before continuing…
Now let’s fix our Active Directory Sites… We need to create an Azure Cloud site and assign the 10.13.0.0/24
subnet to it.

Create a New Site Called TC-AzureCloud

Create a new Subnet 10.13.0.0/24 and assign to TC-AzureCloud site
Validate Replication by running the following command from an Administrative
Command Prompt:

repadmin /kcc
repadmin /e
repadmin /e /P

Verify that there are no errors and now we should have a fully functional
Replication Domain Controller in Windows Azure.
Our final step will be updating our DNS Servers in the Virtual Network
to have 10.13.0.7 as the primary DNS Server for the Azure VM’s
Now logon to TC-AZ-DC01 and ensure the DNS Server settings have
been updated by running ipconfig /all