Putting an Active Directory domain controller in the Azure cloud

Cloud Director

Setting up a New Domain Controller

If you are logged on to the server via RDP, you should be able to ping the existing on-premises DC at the command prompt. In the settings of the network adapter, you will also see that the IP configuration was assigned via DHCP. In the status information, you will find the IP information for the virtual network, including the DNS server.

A computer receives a dynamically assigned address in Azure. A DC, on the other hand, requires a static IP address. To set up a static address in Azure PowerShell, use the Set-AzureStaticVNetIP cmdlet [5]. Before you assign the address, use the Test-AzureStaticV-NetIP cmdlet to see if the desired IP address is still available.

A newly created server in Azure has a drive "C" and a drive "D" out the box. The operating system is located on the C: drive and this is not a good place for the AD database. Neither is D: drive, which is temporary and not persistent. You thus need a new drive, which you specify in the DCPROMO process, for the folders for the AD database, logfiles, and SYSVOL. You can create the drive on the fly in Azure by selecting the Add command and then choosing the Empty data medium option from the dashboard. Moreover, be sure to select NONE for the cache settings. Caching may be useful in many cases, but not for AD databases. Now the preparatory work for promoting to a DC is complete. In addition to an empty disk, you can also assign a previously uploaded VHD file as a drive for the server to store an individual administrative toolset on the computers.

Depending on your configuration and the role you intend for your cloud resources, you might also want to set up a backup system. See the box titled "External Backup" for more on Azure's native backup service.

External Backup

Azure Backup offers an interesting backup option for administrators. This service lets you include both virtual servers from Azure, and servers from the local data center in your backup. The Recovery Services Vaults in Azure keep the whole thing safe. Data transmission is via HTTPS, and each vault is encrypted with AES 256. You will receive the key during the configuration, and if you lose it, you're out of luck! Azure does not keep a copy of the key, nor does Microsoft. When you install the Azure backup agent, you receive the key and the login information in a file that you use to install the agent at the DC. The backup is supported for file services, as well as for Hyper-V, SharePoint, Exchange, and SQL Server.

Talking prices is difficult; it depends on what data you store. There are no costs for the data transmission and the duration of storage, which makes the whole thing quite attractive. Additionally, there are ways to replicate the backup data for geo-redundancy. Local redundancy in the Azure data center is standard.

If you intend to back up large amounts of data, the Azure Import/Export Service is a good choice for the initial full backup. This option is useful if you intend to transfer large amounts of data to Azure. For details of how this procedure works, what types of hard drives are eligible as a transport medium, the need for BitLocker encryption, and other similar information, see the Microsoft description [6]. The backup client uses bandwidth throttling so that the backup will not prevent other data crossing the network at the same time.

Learning More About Azure

Microsoft offers a free 30-day Azure subscription for your experiments, and many MSDN and Visual Studio subscriptions also include a month's credit for Azure [7]. As an MSDN customer, you will see this My Account option in the MSDN portal section. A new Azure subscription is linked with your MSDN account, and you can get started immediately. Also, I recommend the Microsoft Virtual Academy [8], which provides a wealth of training on the topics of Infrastructure as a Service (IaaS) and Azure, or you could take a look at Channel 9 [9], where Microsoft regularly publishes keynotes from international conferences.


IaaS services provide much more than just virtual hardware replacement. The mere fact that data and infrastructure components are no longer stored exclusively at the local data center, but redundantly and far outside of the local campus, is something that calms the admin's nerves. This is particularly true of DCs and security vaults, and it holds a special charm for these valuable technologies. However, Azure can do much more than what I presented in this article. The Azure document library provides a wealth of information on a variety of topics. Make sure, though, that you check when the article was published. Azure is evolving rapidly, and you'll find that some articles are already out of date.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=