This week, a client of mine had to set up a SQL based application in Microsoft Azure, The application required a domain-based authentication and because the client didn’t have a local AD and he has been fully migrated to the cloud I had to use Azure AD Domain Services to get him going.
What is Azure AD Domain Services
Azure AD Domain Services is a managed Active Directory Domain Infrastructure the same as a local AD but managed and configured by Microsoft Azure without the need to install, configure and patch it.
Once created, any Virtual Machine that is placed in the network the Domain exist will be able to join to the domain.
When Virtual Machines are placed in the same network, they automatically point to the Domain Controllers via DNS and you can join the VM to the domain using normal join.
Azure AD Domain Services is priced per hour and per directory objects, a Monthly cost can be seen below (AUD)
In my case, the cost would be $139 AUD per month for fully redundant Azure AD Domain Services.
The process involved 5 steps which I will cover and can be seen below:
- Activate the Service
- Setup Network and Subnet (it is recommended to create new network and subnet)
- Add users to Domain Admins Group
- Update DNS Servers of VMs in the network to point to the Managed Domain
- Change password of the user how will join the machine to the Domain and join VM to the Domain
#1 Activate Service
From the Azure Portal, I will search for Azure AD domain Services
After selecting the Service I will go ahead and will click on Create Azure AD Domain Services and will start the wizard
From the wizard section I have the option to use existing resource group and create a new one, In my case, I will use existing one but will create a new network.
#2 Setup Network and Subnet
In the network setup section, I will create a new network and subnet, It is not recommended to use existing network and subnet with existing VM.
It is better to create a new network and later move existing VMs to it.
Below are my Network and Subnet
#3 Add Users To Domain Admins Group
Next, I will add users to my AAD DC Administrators group which is the Domain Admins group.
Users in this group will be able to join VMs to the Domain and also manage it.
Once the wizard is completed, setup will take around 40 minutes to complete.
#4 Update DNS
Once the service configuration is done, from the Azure AD Domain Services page, I will click on configure DNS which will set the DNS settings in the new Network to point to the Domain Controllers in the managed domain and allow Administrators to join servers to it.
Once configured I will need to restart my SQL VM
#5 Reset password
Before I can join my server to the Managed Domain, I have to change my password and sync it to the new Domain.
Note: Every user and Administrator that would need to access VMs on the Domain will need to change his or her password before.
After 30 minutes, I can log in to the VM and join the server to the name domain.
Azure Active Directory Domain Services managed domain is a great service that offers Active Directory in the cloud with worldwide redundancy across multiple datacentres at a low cost.
If I had to deploy Domain Controllers in Azure I would minimum 2 servers and spend a few hours configuring them and setup backup etc.
In my case the entire process took less than an hour and now my client can deploy servers that require normal AD without worrying about DC management.
It has been awhile since I had written 600+ word article like this but I have to say that this service is one of my favourites Azure Services.