In the article we looked at comparison of Active Directory offering between On-Premises and cloud. This article will walk through deployment of Azure AD DS.
- Logon to AzurePortal and select “Azure AD Domain Services”
- Choose “Create Azure AD Domain Services”
- Choose and existing Resource Group or Create a New one if required,
- Enter a DNS domain name keeping in mind the following condition(s):
- If the default built-in domain name of directory with a suffix of “. onmicorosoft.com” is used then cannot create a digital certificate to secure the connection with this default domain.
- Non-routable domain suffixes are not to be used such as “*.local”
- Domain prefix cannot be longer than 15 characters.
- DNS domain name for managed domain shouldn’t already exist in the virtual network or in on-premises network if Azure managed domain has a VPN connection to on-premises network.
The default Forest type is set to “User”. This type of forest synchronizes all objects from Azure AD, including the user accounts created in on-premises AD DS environment. A Resource forest synchronizes users and groups created directly in Azure AD only.
- The next step of the wizard automatically creates a VNet and an associated subnet
The above highlighted text for synchronization is important. In the context of moving user accounts from on-premises AD DS to Azure AD DS the synchronization path was shown here
- Once deployment is complete the topology can be viewed by going to adds-vnet > Diagram
The following topology diagram will be generated and the highlighted sections indicate Virtual Network, SubNet and Network Security Group (NSG).
- The Overview tab of the provisioned managed domain will indicate Required Configuration step to update DNS settings
Prior to Configuration the DNS Servers settings for adds-vnet will be:
The above steps will complete deployment of Azure AD DS in the next article we will join Azure VM’s create here to his managed domain and in the process learn about Azure Virtual network peering.