Setup a Windows Server 2012 R2 Domain Controller in Windows Azure: IP Addressing and Creating a Virtual Network
While it’s easy to get a virtual machine (VM) up and running on Windows Azure, you need to take some extra steps before configuring a VM if it’s going to host an Active Directory domain controller or any application that requires a static IP address. In the first of a two-part series on how to install a domain controller in a Windows Azure virtual machine, I’ll look at how IP addressing works in Windows Azure and how to create a virtual network for your domain computers. In part two, I’ll show you how to provision a VM with a persistent IP address and how to correctly install the AD DS role and promote the server to a domain controller
IP Address Assignment in Windows Azure
When you configure a new VM in Windows Azure, it receives an IP address automatically and keeps it until the end of the current session, i.e. until the VM is shutdown, restarted or deallocated. Configuring a network adapter with a static IP address is not supported in Azure VMs, but it is possible to ensure that a VM receives the same IP address every time it is started.
Server applications, such as Active Directory domain controllers (DCs), rely on having a static IP address, so the default method for assigning IP addresses in Azure is a problem if you want to install Active Directory in a VM. The solution to the problem is to create a virtual network in Azure and provision VMs that would require a static IP address in a physical environment to acquire a persistent IP address in Azure.
When you create a virtual network, you need to specify which IP address will be used for AD integrated DNS. In the example that follows, that will be the first and only DC in the forest. The IP address for the integrated AD DNS server must be specified to ensure that VMs are assigned a DNS server address from DHCP, otherwise they won’t be able to locate each other because Azure virtual networks don’t support name resolution.
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
No DHCP reservations are required or can be made. When Windows Azure assigns a persistent IP address to a VM from a virtual network’s address space, the IP address is guaranteed for the lifetime of the VM. The VM can be restarted infinitely, and the IP address will persist until the VM is physically deleted or deallocated (shut down from the Azure management portal). Therefore, it’s important to understand that if you use the shutdown command in the Azure management portal, the VM will be deallocated and its IP address will not persist. If you want to shut down the VM, you must issue a shutdown command in the OS itself.
If you shut down the OS using the operating system, and the VM was provisioned with a persistent IP address, it will eventually show a Stopped status in the Azure management portal. VMs without a persistent IP will change their status to Stopped (Deallocated). Don’t forget Azure VMs that are not deallocated use compute resources and can incur charges.
Register a DNS Server (in DHCP)
Prior to creating a virtual network, we need to specify which IP address will serve as a DNS server. In this case, it will be our first domain controller. I’m choosing to use a private address range of 192.168.0.0/24, but you can use any valid IPv4 private address range.
Login to the Windows Azure management portal. If you don’t ready have an Azure account, you can sign up for a free evaluation.
- In the left pane of the Windows Azure management portal, click Networks.
- In the main pane of the management console under networks, click DNS Servers.
- Click Register a DNS Server.
- In the pop-up NEW dialog, give the new DNS server a name and IP address. In this example, I’ll call my DNS server CONTOSODNS1 and with 192.168.0.4 as the IP address. Once you are done, click Register a DNS Server in the bottom right-hand corner.
In Azure, the first three IP addresses are not available in private address ranges, so I know that the first usable IP address will be 192.168.0.4.
The new DNS server should now appear in the management portal. At the bottom you’ll see a message to say that the DNS server is being provisioned.
- Click on the green provisioning icon in the bottom right of the management console to see the current status of the new DNS server. Provisioning should complete after a minute or so.
- Click OK to dismiss the message.
Create a Virtual Network
Now we need to create a virtual network in the management portal. I’m going to create a virtual network using the 192.168.0.0/24 address space, but you could equally choose to use the default 10.0.0.0/8 address space.
- In the Azure management portal, make sure that Networks is still selected in the left pane, and then click Virtual Networks under networks in the main window.
- Click Create a Virtual Network.
- In the pop-up dialog, give the new network a name and select an affinity group.
In this example, I will call the new network CONTOSONET1 and select the preexisting Contoso affinity group. If you don’t already have an affinity group in Azure, you can select Create a new affinity group from the drop-down menu. If you create a new affinity group at this stage, you will additionally need to select a region and give the new affinity group a name.
- To continue, click the arrow in the bottom right of the Create a Virtual Network window.
- Under DNS Servers and VPN Connectivity, select CONTOSODNS1 as the DNS server.
The Point-to-Site Connectivity and Site-to-Site Connectivity options do not need to be configured.
- Click the arrow in the bottom right to continue.
- On the Virtual Network Address Spaces screen, click add address space.172.16.0.0/12 will be added to the existing 10.0.0.0/8 address space. Click the 172.16.0.0 starting IP address and select 192.168.0.0 from the drop-down menu. Under CIDR (Address Count), leave the default select of /24 (256).
- Now delete the default 10.0.0.0/8 address space by clicking the cross to the far right of the 10.0.0.0/8 address space configuration.
- Under Subnets, change the name of the subnet to Subnet-1 and the CIDR (Address Count) to /24 (256).
- When you’re done, click the tick symbol in the bottom right corner of the window.
You should now see the new network appear in the main portal window, and see the status change to Created after around 30 seconds.
In the second part of this series, I’ll show you how to provision a new VM with a persistent IP address, and how to correctly install the AD DS role and promote the server to a domain controller.