Step-By-Step: Creating a Windows Server 2012 R2 Active Directory Forest Via Azure

Anyone who has attended one of our #CANITPRO Camps provided across Canada has been appreciative of the fact that actual hardware is provided to run all labs. Attendees are also appreciative of the amount of hours that Pierre, Mitch, and I put forth in setting up said hardware in every city. This practice however, is slowly coming to an end and we are currently exploring options to utilize "the cloud" to enable attendees to conduct camps on their own hardware. As you know, Microsoft has been showcasing Azure's new features as of late and has really "turned up the dial" in pushing organizations to utilize cloud services. Some IT Administrators have pushed back as their lack of knowledge around the subject has some holding on tight to their on premise servers.

Taking our first steps together into the cloud via this "Step-By-Step" created by DPE colleague Keith Mayer will provide insight and confidence should any IT Professional be interested in deploying Azure within their organization.

Prerequisites

1. Sign-up for a FREE 90-day trial of Microsoft Azure so that the steps included can be completed.
    
   NOTE: When signing up for the process, credit card information will be requested to confirm that you are a legitimate free trial subscriber. Credit card information is only used to confirm identity and will NOT be charged for any Microsoft Azure services unless the trial subscription is explicitly convert into a paid subscription at a later date. 
    
   Should you currently have a paid subscription or MSDN subscription for Microsoft Azure, please ensure that you have activated the Microsoft Azure Virtual Machines and Virtual Networks Preview Feature. When signing up for a new free trial account, this feature will automatically be activated.
    
2. Login to the Microsoft Azure Management Portal.
    
   Login to the web-based Microsoft Azure Management Portal with the same logon credentials you used to sign-up for the FREE 90-day Trial above. Once you’ve logged in, you should see the main Microsoft Azure Management portal dashboard.
    
    
    
   On the Microsoft Azure Management Portal, you’ll find the options for managing Virtual Machines, Virtual Networks and Storage in the cloud. These are the items we’ll be primarily working with in this article series.
    
3. Define a new Microsoft Azure Affinity Group.
    
   Affinity Groups in Microsoft Azure are used to group your cloud-based services together, such as Virtual Machines, Virtual Networks and Storage, in order to achieve optimal performance. When you use an affinity group, Microsoft Azure will keep all services that belong to your affinity group running within the same data center as close as possible to each other to reduce latency and increase performance. 

1. Create a new Affinity Group by selecting Settings from the side navigation bar in the Microsoft Azure Management Portal.

2. On the Settings page, select Affinity Groups from the navigation bar.

3. Click the +CREATE button on the bottom navigation bar.
    
    

   On the Create Affinity Group form, enter the following details: 
     

4. Name: Enter a unique name for your new Affinity Group, such as XXXlab01 (where XXX is replaced with your initials)

5. Region: Select the closest Microsoft Azure data center region to your locale. This is the data center region in which your services will be provisioned. Be sure to select one of the Microsoft Azure data center regions in which the Virtual Machines preview offer is currently enabled:
    
     - East US
     - West US
     - West Europe
     - North Europe
     - Southeast Asia
     - East Asia
    

• Create a new Microsoft Azure Storage Account.
   
  Virtual Machines that are provisioned in Microsoft Azure are stored in the world-wide cloud-based Microsoft Azure Storage service. In terms of high availability, the Storage service provides built-in storage replication capability – where every VM is replicated to three separate locations within the Microsoft Azure data center region you select. In addition, Microsoft Azure Storage provides a geo-replication feature for also replicating your VMs to a remote data center region.
   
  Create a new Storage account by clicking the +NEW button on the bottom toolbar in the Microsoft Azure Management Portal and then select Data Services | Storage | Quick Create.  
   
   
   
  Complete the following fields for creating your Storage account: 

1. URL: Enter a unique name for your new storage account, such as XXXlabstor01 (where XXX is replaced with your initials) 

2. Region/Affinity Group: Select the Affinity Group you created in Step 3 above.

3. Enable Geo-Replication: By default, this option is selected. Leave the default option in place.

4. Click the CREATE STORAGE ACCOUNT button to create your new Microsoft Azure Storage account.

    

• Download, Install and Configure the Microsoft Azure PowerShell Management Tools
   
  In addition to managing Microsoft Azure via the web-based Management Portal, Microsoft also provides a Microsoft Azure PowerShell module for scripted management of Microsoft Azure services. Both the Management Portal and PowerShell will be used in this series, requiring installation and configuration off the Microsoft Azure PowerShell cmdlets to get prepared. 
   

1. Download and Install the Microsoft Azure PowerShell cmdlets. Note that a restart may be required after installing this module.
2. Right-click on Windows PowerShell in your Start Menu or Start Screen and choose Run As Administrator.
3. Set the PowerShell Execution Policy for scripts by running the following command at the PowerShell command prompt:
    
        PS C:\> Set-ExecutionPolicy RemoteSigned
    
4. Import the Microsoft Azure PowerShell module and supporting cmdlets by running the following command at the PowerShell command prompt:
    
        PS C:\> Import-Module Azure
    
5. Download and save your Microsoft Azure Publish Settings file by running the following command at the PowerShell command prompt:
    
        PS C:\> Get-AzurePublishSettingsFile
    
6. Import the saved Microsoft Azure Publish Settings file by running the following command at the PowerShell command prompt:
    
        PS C:\> Import-AzurePublishSettingsFile
   "full_path_to_saved_file.publishsettings"

 

Step 1: Register a DNS Server in Microsoft Azure

Register the internal IP address that our domain controller VM will be using for Active Directory-integrated Dynamic DNS services by performing the following steps:

1. Sign in at the Microsoft Azure Management Portal with the logon credentials assigned when signing up for your Free 90-Day Microsoft Azure Trial.
    
2. Select Networks located on the side navigation panel on the Microsoft Azure Management Portal page.
    
3. Click the +NEW button located on the bottom navigation bar and select Networks | Virtual Network | Register DNS Server.
    
4. Complete the DNS Server fields as follows:
    
   - NAME: XXXlabdns01
    
   - DNS Server IP Address: 10.0.0.4
    
5. Click the REGISTER DNS SERVER button.

 

Step 2: Define a Virtual Network in Microsoft Azure

Define a common virtual network in Microsoft Azure for running Active Directory, Database and SharePoint virtual machines by performing the following steps:

1. Sign in at the Microsoft Azure Management Portal with the logon credentials assigned when signing up for your Free 90-Day Microsoft Azure Trial.
    
2. Select Networks located on the side navigation panel on the Microsoft Azure Management Portal page.
    
3. Click the +NEW button located on the bottom navigation bar and select Networks | Virtual Network | Quick Create.
    
4. Complete the Virtual Network fields as follows:
    
   - NAME: XXXlabnet01
    
   - Address Space: 10.---.---.---
    
   - Maximum VM Count: 4096 [CIDR: /20]
    
   - Affinity Group: Select the Affinity Group defined in the Prerequisites section above.
    
   - Connect to Existing DNS: Select XXXlabdns01 – the DNS Server registered in Exercise 1 above.
    
5. Click the CREATE A VIRTUAL NETWORK button.

 

Step 3: Deploy a New Windows Server 2012 VM in Microsoft Azure

In this exercise, you will provision a new Microsoft Azure VM to run a Windows Server 2012 on the Microsoft Azure Virtual Network provisioned in Exercise 2.

1. Sign in at the Microsoft Azure Management Portal with the logon credentials assigned when signing up for your Free 90-Day Microsoft Azure Trial.
    
2. Select Virtual Machines located on the side navigation panel on the Microsoft Azure Management Portal page.
    
3. Click the +NEW button located on the bottom navigation bar and select Compute | Virtual Machines | From Gallery.
    
4. In the Virtual Machine Operating System Selection list, select Windows Server 2012, December 2012 and click the button.
    
5. On the Virtual Machine Configuration page, complete the fields as follows:
    
   - Virtual Machine Name: XXXlabad01
    
   - New Password and Confirm Password fields: Choose and confirm a new local Administrator password.
    
   - Size: Small (1 core, 1.75GB Memory)
    
   Click the button to continue.
    
   Note: It is suggested to use secure passwords for Administrator users and service accounts, as Microsoft Azure virtual machines could be accessible from the Internet knowing just their DNS. You can also read this document on the Microsoft Security website that will help you select a secure password: https://www.microsoft.com/security/online-privacy/passwords-create.aspx.
    
6. On the Virtual Machine Mode page, complete the fields as follows:
    
   - Standalone Virtual Machine: Selected
    
   - DNS Name: XXXlabad01.cloudapp.net
    
   - Storage Account: Select the Storage Account defined in the Prerequisites section above.
    
   - Region/Affinity Group/Virtual Network: Select XXXlabnet01 – the Virtual Network defined in Exercise 2 above.
    
   - Virtual Network Subnets: Select Subnet-1 (10.0.0.0/23)
    
   Click the button to continue.
    
7. On the Virtual Machine Options page, click the button to begin provisioning the new virtual machine.
    
   As the new virtual machine is being provisioned, you will see the Status column on the Virtual Machines page of the Microsoft Azure Management Portal cycle through several values including Stopped, Stopped (Provisioning), and Running (Provisioning) . When provisioning for this new Virtual Machine is completed, the Status column will display a value of Running and you may continue with the next exercise in this guide.
    
8. After the new virtual machine has finished provisioning, click on the name ( XXXlabad01 ) of the new Virtual Machine displayed on the Virtual Machines page of the Microsoft Azure Management Portal to open the Virtual Machine Details Page for XXXlabad01.

 

Step 4: Configure a Windows Server Active Directory Forest in a Microsoft Azure VM

In this exercise, you will install and configure a new Windows Server 2012 Active Directory Forest on the VM deployed in Exercise 3.

1. On the Virtual Machine Details Page for XXXlabad01, make note of the Internal IP Address displayed on this page. This IP address should be listed as 10.0.0.4. 
    
   If a different internal IP address is displayed, the virtual network and/or virtual machine configuration was not completed correctly. In this case, click the DELETE button located on the bottom toolbar of the virtual machine details page for XXXlabad01, and go back to Exercise 2 and Exercise 3 to confirm that all steps were completed correctly.
    
2. On the virtual machine details page for XXXlabad01, click the Attach button located on the bottom navigation toolbar and select Attach Empty Disk. Complete the following fields on the Attach an empty disk to the virtual machine form:
    
   - Name: XXXlabad01-data01
    
   - Size: 10 GB
    
   - Host Cache Preference: None
    
   Click the button to create and attach the a new virtual hard disk to virtual machine XXXlabad01.
    
3. On the virtual machine details page for XXXlabad01, click the Connect button located on the bottom navigation toolbar and click the Open button to launch a Remote Desktop Connection to the console of this virtual machine. Logon at the console of your virtual machine with the local Administrator credentials defined in Exercise 3 above.
    
   Wait for the Server Manager tool to launch before continuing with the next step.
    
4. In the Server Manager window, format the disk attached in Step 2 above by launching the Computer Management tool from the Tools menu located on the top navigation bar.
    

1. In the Computer Management window, click on Disk Management in the left navigation pane.
    
2. When prompted with the Initialize Disk dialog box, click the OK button to continue.
    
3. Right-click on the unallocated disk space on Disk 2 and select New Simple Volume… from the pop-up menu.
    
4. In the New Simple Volume Wizard, click the Next button on each page to accept all default values. 
    
5. Click the Finish button on the last page of the wizard to create a new F: volume.
    
6. When the new volume has finished the formatting process, close the Computer Management window.
    

• In the Server Manager window, install Active Directory Domain Services by launching the Add Roles and Features wizard from the Manage menu located on the top navigation bar.
   

1. In the Add Roles and Feature Wizard dialog box, click the Next button three times to advance to the list of Roles to install.
    
2. In the list of roles, check the checkbox for the Active Directory Domain Services role. When prompted to add additional features, click the Add Features button.
    
3. Click the Next button until you advance to the Confirm installation selections page of the wizard. Click the Install button to begin the installation process.
    
4. When the installation of Active Directory Domain Services has completed, do not click the Close button. Instead, click the link titled Promote this server to a domain controller.  
    
   This will launch the Active Directory Domain Services Configuration Wizard.
    
5. In the Active Directory Domain Services Configuration Wizard dialog box, select the deployment operation for Add a new forest.
    
6. In the Root domain name: field, enter contoso.comas the name of the root domain in the new Active Directory forest. Click the Next button.
    
7. On the Domain Controller Options page of the wizard, enter and confirm a recovery password in the Directory Services Restore Mode (DSRM) password fields. Click the Next button.
    
8. On the DNS Options page of the wizard, ignore the warning message and click the Next button to continue.
    
9. On the Additional Options page of the wizard, accept the default value for NetBIOS domain name and click the Next button.
    
10. On the Paths page of the wizard, change the Database folder, Log files folder and SYSVOL folder paths to begin with F: instead of C:. Click the Next button.
     
11. On the Review Options page, click the View Script button. A PowerShell script snippet will be displayed in a Notepad window. This snippet includes the cmdlets needed to Install a new Active Directory forest via PowerShell with the options selected in the wizard. Save this snippet to your Documents folder for future reference as a file named PSSnippet-Install-ADDSForest.ps1 and close the Notepad window.
     
12. On the Review Options page, click the Next button.
     
13. On the Prerequisites Check page, ignore the warnings displayed and click the Install button. The warnings displayed are due to the dynamic IP addressing used within Microsoft Azure Virtual Networks and do not apply to this cloud environment.
     
    The Active Directory Domain Services configuration process will be begin for the new AD Forest.
     
    When the Active Directory configuration process is complete, the server will automatically restart.

 

Step 5: Export / Import Lab Virtual Machines

At this point the Windows Server 2012 Active Directory Forest VM is now functional amidst the cloud-based lab. Be aware that as long as a virtual machine is provisioned, it will continue to accumulate compute hours against your Free 90-Day Microsoft Azure Trial account even in a shutdown or any other of virtual machine state.

To save our compute hours for productive study time, one can leverage the Microsoft Azure PowerShell module to automate export and import tasks to de-provision the virtual machine when not in use and re-provision our virtual machine when it is needed again. 

This step will utilize Windows PowerShell to automate:

• De-provisioning lab virtual machines when not in use
• Re-provisioning lab virtual machines when needed again. 

Once configured, the PowerShell snippets below will spin up your cloud-based lab environment when needed.

Note: Prior to beginning this exercise, please ensure that the Microsoft Azure PowerShell module has been downloaded, installed and configured as outlined in the Prerequisite section of this step-by-step guide. 

1. De-provision the lab. Use the Stop-AzureVM and Export-AzureVM cmdlets in the PowerShell snippet below to shutdown and export lab VMs when they are not being used.  
    
   # Specify the Name of the VM to Export

   $myVM = "XXXlabad01"

   # Stop the VM prior to exporting it

   Stop-AzureVM -ServiceName $myVM -Name $myVM

   # Set the Export folder path for the VM configuration file. Make sure this folder exists!

   $ExportPath = "C:\ExportVMs\ExportAzureVM-$myVM.xml"

   # Export the VM to a file

   Export-AzureVM -ServiceName $myVM -name $myVM -Path $ExportPath

   # After you've confirmed that the Export file exists, delete the VM

   Remove-AzureVM -ServiceName $myVM -name $myVM
    

2. Re-provision the lab. Use the Import-AzureVM and Start-AzureVM cmdlets in the PowerShell snippet below to import and start lab VMs when needed again.
    
   # Specify the Name of the VM to Import

   $myVM = “XXXlabad01"

   # Specify the Name of the Virtual Network on which to Import the VM

   $myVNet = "XXXlabnet01"

   # Specify the Import Path of the VM’s exported configuration file.

   $ImportPath = "C:\ExportVMs\ExportAzureVM-$myVM.xml"

   # Import the VM to Microsoft Azure

   Import-AzureVM -Path $ImportPath | New-AzureVM -ServiceName $myVM -VNetName $myVNet

   # Start the VM

   Start-AzureVM -ServiceName $myVM -name $myVM

Learn more support features Microsoft Azure has to offer by participating in the free Microsoft offered Virtual Academy.