Username or Email Address
In October 2016, Microsoft released in GA Azure Active Directory Domain Services: https://blogs.technet.microsoft.com/enterprisemobility/2016/10/12/azuread-domain-services-is-now-ga-lift-and-shift-to-the-cloud-just-got-way-easier/
This new service gives you the possibility to have a domain controller on Azure, managed by Microsoft team. You’ll be able to join computers to the domain.
Regarding the price of this service, it depends on the number of objects. You can find more information here: https://azure.microsoft.com/en-us/pricing/details/active-directory-ds/
Of course, this service has some limitations, but you can do the following:
Be careful, if you want to install components like SCCM, Exchange, etc, it’ll not be possible because you can’t extend the schema, etc.
We will see how to activate this functionality. Be careful, when I’m writing this post, it’s only available on ASM (old portal). We will see how to use it with VMs that have been deployed on ARM.
Go in your Azure AD, to the Configure tab and search domain service. Activate it and choose a DNS name (verified or not), then choose a Classic VNet where servers will be connected:
The deployment is starting and can take until 30 minutes:
When the deployment is finished, you will see the first IP address of your Active Directory server. The second will appear later (for high availability):
Modify your virtual networks specifying as DNS, the IP address of your AD:
Deploy a VM on this network.
As you can see, we have a message that explains that at this moment, our users can’t connect to the domain because we need to activate the password synchronization. Here, you’ve 2 choices:
I’m using the Cloud Only part so I’ll explain this last. You must be sure that your users can reset their password autonomous. This is in the configurations of Azure AD, Users enabled for password reset:
This step must be done before users try to connect to a computer.
Go to your profile and update your password: https://account.activedirectory.windowsazure.com/r#/profile
It will update your password in Azure AD DS. 20 minutes later, you can use your user to join a computer to the domain.
Now that my VM is running on Azure, I’ll join him to my domain.
This is a classic step, it’s why I’ll not describe it:
Now that my server is joined to the domain, I’ll install RSAT, to administer my domain by creating OU, GPO, etc…
With consoles launched:
This new functionality is very interesting for a small company that don’t want to manage their Active Directory but that they need it. Only small negative point for me, you must change the password before login to a computer with your domain account.
Sample rating item
Microsoft, Services by Florent Appointaire
[…] list and your script, running regularly on schedule, detects new entry there, creates user in AAD based on template, provisions Exchange Online mailbox, adds this user to relevant groups and […]
You must be logged in to post a comment.