How to Quickly Deploy an Active Directory Test Environment in Azure
If you follow my posts on Petri, you’ll know that this isn’t the first time I’ve covered automating deployment of Active Directory (AD) in Azure. In 2014 and 2015, I looked at using PowerShell to deploy AD domain controllers (DCs) in Azure. Provision Domain Controllers in Azure using PowerShell on Petri was my first attempt at a PowerShell script. A year later, I improved the script somewhat in Automate Domain Controller Deployment in Microsoft Azure.
At the beginning of last year, I wrote about using Azure Resource Manager (ARM) templates to achieve the same goal in a three-part series:
Deploy Active Directory and Certificate Services in Azure Using Infrastructure-as-Code — Part 1
Deploy Active Directory and Certificate Services in Azure Using Infrastructure-as-Code — Part 2
Infrastructure-as-Code Part 3: Deploy Active Directory and Certificate Services in Azure
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
The result of that was a series of templates and PowerShell Desired Configuration Management (DSC) code that deployed a DC and a member server running AD Certificate Services. If you want to learn the ins and outs of ARM templates and Infrastructure-as-Code, it’s well worth taking a look at those articles. But the resulting deployment in Azure was over complicated because the project was based on an existing template that deploys two DCs behind a load balancer.
Test Lab Guide GitHub Repository
What I really wanted was a simple template that deploys a single DC and server joined to the domain. I could write and maintain my own ARM template to achieve that goal, but I have delved into that subject enough already and I just want a readymade solution that someone else will maintain. And ‘maintain’ is important because Azure changes quickly. Then by chance, I discovered that Microsoft has a template that does exactly what I want in the Test Lab Guide repository on GitHub.
Microsoft provides templates so that users can quickly deploy Test Lab Guide (TLG) environments. TLGs are designed to help you quickly learn about Microsoft products. You can find a list of the labs on Microsoft’s website here. There are two basic TLG templates for Azure. The 3 VM base configuration, which is a bit misleading but more on that in a moment; and a Simulated intranet for Microsoft 365 Test Lab Guides base configuration. In this article, I’ll use the 3 VM base configuration.
3 VM Base Configuration
The 3 VM base configuration template (tlg-base-config_3-vm) deploys a DC and a member server (APP1). Optionally, the template can be used to deploy a third virtual machine (VM) running Windows 10. But if you want to deploy a client VM, you must upload a generalized Windows 10 VHD to an Azure storage account. The template doesn’t automate the client VM deployment from the Azure Gallery because Windows 10 is only available to Visual Studio and MSDN subscribers. Read the template notes page carefully if you decide to deploy a Windows 10 client.
To deploy the template in Azure, follow the steps below.
- Open the template page.
- Click Deploy to Azure under README.md
- You will be redirected to Azure. Sign in to Azure if you haven’t already done so.
- On the Custom deployment screen, select the Azure subscription that you’d like to use.
- Let’s deploy the VMs to a new resource group. Click Create new under the Resource group dropdown menu.
- In the pop out dialog, type a name for the new resource group and click OK. I’ll call mine TestGuide.
- Change the location using the dropdown menu if necessary.
- Under SETTINGS, enter a fully qualified domain name for Active Directory. The default name is ‘corp.contoso.com’. I’m going to use contoso.com instead.
- Choose either Windows Server 2016 or Windows Server 2012 R2 from the Server OS menu.
- Enter an administrator username and password of your choice in the Admin Username and Admin Password
- We are not going to deploy a Windows 10 client VM, so set Deploy Client Vm to No.
- In the Vm Size field, set a VM size to deploy. The default is Standard_DS2_v2 but I’m going to use Standard_B2s instead to keep costs down. You can find a complete list of the available VM sizes on Microsoft’s website here.
- In the Dns Label Prefix field, type a DNS label. In principle, it can be anything. For this deployment, I’m going to use testguide as the label prefix.
- Finally, check I agree to the terms and conditions stated above under TERMS AND CONDITIONS, and then click Purchase to start the deployment.
The deployment will now start. A notification will appear in the top right corner of the Azure management portal to indicate that the deployment is in progress. Once deployment has completed, you should see another notification in the management portal. In my experience, that doesn’t always happen, and you might need to refresh the site in the browser to get the notification.
But once everything is done, you can click Virtual machines on the left of the management portal and you should see DC1 and APP1. You can connect to them using the administrator username and password that you entered above.