Setup a Windows Server 2012 R2 Domain Controller in Windows Azure: Provision a VM with a Persistent IP Address, Install AD DS

In the second part of this series on how to install a domain controller in a Windows Azure virtual machine (VM), I’ll show you how to provision a VM with a persistent IP address and how to correctly install the AD DS role and promote the server to a domain controller. If you need to catch up, check out part one, in which we took a look at how IP addressing works in Windows Azure and how to create a virtual network for your domain computers.

Configure New VM Using PowerShell

At the time of writing this article, the only way to ensure that a VM receives a persistent IP address every time it is started from a virtual network is to create the VM using PowerShell. Before you can use PowerShell to remotely manage Windows Azure, you will need to set up remote management on a computer on your local network. For more details on how to set up remote management, see my Ask the Admin article here.

Let’s start by setting the current Azure subscription in PowerShell. Open a PowerShell prompt with elevated privileges:

• In the PowerShell console, type Get-AzureSubscription, and make a note of the SubscriptionName in the output. In my case, Pay-As-You-Go.
• Type Get-AzureStorageAccount, and make a note of Label in the output. My storage account is labelled portalvhdsxgwgzn2ml54p5.
• Now set the Azure subscription in PowerShell as follows using the SubscriptionName and Label parameters from the commands above: Set-AzureSubscription “Pay-As-You-Go” -CurrentStorageAccount portalvhdsxgwgzn2ml54p5
• Get the image name for the latest version of Windows Server 2012 R2 on Azure. The following command lists the available images for Windows Server 2012 R2, with the most recent at the top of the output: Get-AzureVMImage | where { $_.ImageFamily -eq “Windows Server 2012 R2 Datacenter” } | Sort-Object -Descending -Property PublishedDate

• Make a note of the Image name parameter for the latest Windows Server image. At the time of writing, it was: a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-R2-201311.01-en.us-127GB.vhd
• Now run the following string of commands to provision the new VM. We define two strings, $myDNS and $MyDC, which are then used in the New-AzureVM command. VMs specified using the –VMs parameter in the New-AzureVM command will be issued a persistent IP address.

​ $myDNS = New-AzureDNS -Name 'myDNS' -IPAddress '127.0.0.1'

$MyDC = New-AzureVMConfig -Name "CONTOSODC1" -InstanceSize Small -ImageName a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-R2-201311.01-en.us-127GB.vhd | Add-AzureProvisioningConfig -AdminUsername contosodc1admin -Password ******** –Windows | Set-AzureSubnet -SubnetNames Subnet-1

New-AzureVM -ServiceName CONTOSODC1SERV1 -VMs $MyDC -AffinityGroup Contoso –VnetName CONTOSONET1 –DnsSettings $myDNS

If you now look in the Azure management portal window under virtual machines, you will see an entry for the new VM. It can take up to five minutes for the provisioning process to complete.

Attach Additional Disk to the VM for the AD

Windows Azure provides two different types of disks for VMs: Operating System and Data disks. The default disk attached to the VM is an Operating System disk, which uses read/write caching, but to ensure the durability of write operations for our AD forest, the AD database and logs must be placed on a data-disk that uses write-through caching.

• In the Azure management portal, make that Virtual Machines is selected on the left and then click the CONTOSODC1 VM under virtual machines in the main window.
• In the grey task bar at the bottom of the management console, click Attach and select Attach empty disk from the menu.
• In the Attach an empty disk to the virtual machine dialog, enter a size for the disk in GB and make sure that HOST CACHE PREFERENCE is set to None.
• To complete the process, click the green tick icon in the bottom right of the dialog.

Wait for the disk to provision. When it’s ready, it should appear under disks on the dashboard for the VM, with the TYPE set to Data disk. Now click Start in the bar at the bottom of the management portal and click Yes to confirm the operation in the pop-up dialog.

Once the VM’s status has changed to Running on the dashboard, click Connect in the task bar, click OK to confirm the operating in the pop-up dialog, and then open the RDP file downloaded by the browser. Enter the username and password specified when you provisioned the VM to make a remote connection.

• Server Manager should automatically open when you log on to the VM for the first time.
• In Server Manager, click File and Storage Services in the left pane.
• In File and Storage Services, click Disks.
• In the main window under Disks, right-click the disk you attached to the VM and select Initialize from the menu. Click Yes in the pop-up dialog to confirm the operation.
• Right-click the disk again and select New Volume… from the menu.
• Click Next on the Before you Begin screen in the New Volume Wizard.
• Click Next again on the Select the server and disk screen.
• On the Specify the size of the volume screen, leave the default maximum capacity for Volume size and click Next.
• On the Assign to a drive letter or folder screen, leave the automatically assigned drive letter selected and click Next. In my case, E: was assigned.
• On the Select file system settings screen, change type AD db and logs in the Volume label box and click Next.

• Click Create on the Confirm selections screen.
• Click Close when the process has completed.

Install AD DS, Promote Server to a Domain Controller

From this point onwards, the process for installing AD and promoting the server to a domain controller is the same as it would be on a physical server. The only difference is that you must set the AD database and logs paths to the data disk created in the previous step.

Follow the instructions in my article “How Do I Install Active Directory on Windows Server 2012 Using Server Manager?” When you get to performing the post-deployment tasks and checking the directory paths, make sure that the AD database, log files and SYSVOL folders are located on your VMs data disk and not the default operating system disk. My data disk is labelled E:, so the paths were set as shown in the figure below:

You can then continue to promote the server to a domain controller as in the instructions of the article.