Configure Azure Active Directory Domain Service with Domain Controller
The Azure Active Directory is a cloud-based directory and identity service which provides single sign-on and multi-factor authentication for users. In this article, it’s been tried to cover up the process for configuring Azure Active Directory domain service with custom domain name and domain controller.
The Azure Active Directory (Azure AD) is a cloud-based directory and enterprise identity service which provides single sign-on and multi-factor authentication to help protect users from many unwanted circumstances.
For an organization, Azure AD helps employees to access multiple services over the cloud using SSO(Single sign-on). The following steps describes the procedure to configure Azure Active Directory Domain service.
First Login to Microsoft Azure Portal.
(Microsoft account and Azure subscription is required to login to this portal )
Create a custom domain name for Active Directory Service and Administrative User Account
Creation of Custom Domain Name:
After login to the portal, click on Azure Active Directory from the left side menu and then select Custom domain names.
Next select the Add custom domain option. Type down your organization's new domain name into the Custom domain name box (for example, xyz.com) and then select Add domain.
Initially, the created custom domain remains unverified. We need to verify the domain to make it usable. In order to do so copy the DNS information from domain page(e.g, xyz.com) and paste it over to your DNS register panel. After that click Verify button.
Once the provided records get updated successfully, one may find added domain’s status as verified at “Default Directory - Custom domain names” page.
The newly added custom domain is not set as primary domain. In order to do so, click on the domain name and select Make primary option and select Yes. After that sign out from the portal (portal.microsoft.com) and login again to make it effective.
Creation of Administrative User Account:
Next, let’s create an administrative user account for your domain who will manage all domain related services.
Select Users > New User and provide required information. Before clicking the Create button, select Show Password checkbox, copy the given temporary password and store it for future reference.
Click on Create. You may find the created user at Users - All Users page.
Setup Active Directory Domain Services
First create a Resource Group
Click on Create a resource option and search for Resource Group.
Click on the Create button. Next provide required information (e.g, Resource Group name and Region) and Click on Review + Create button. Again, select Create. For ease of use, pin the created resource group to Dashboard.
Create a Virtual Network
Select Create a resource > search for Virtual Network.
Click on Create.
Provide the required information - type in Name, Address space(e.g, 10.0.0.0/16); select Subscription, Resource group, Location; type in Subnet Name, Subnet Address range(e.g, 10.0.0.0/24). Click on Create.
We will use this defaultSubnet for the Virtual machines(will be created later). We need to create another subnet for the domain services. In order to do so, select subnets from the created Virtual network page and select +Subnet.
In the Add subnet page, type Name and Address range(e.g, 10.0.0.0/24).
Create Azure AD Domain Services
Select Create a resource > search for Azure AD Domain Services.
Click on Create.
At Enable Azure AD Domain Services page-
For Basics - type in DNS Domain name, select Subscription, Resource group and location(same as resource group). Click OK.
For Network - Click on Select virtual network > select your virtual network from “Choose virtual network” page.
In Subnet section, select Use existing > click on Select subnet > select a subnet of your choice from “Choose subnet” page(in our case, its infiflex_in_DomainServiceSubnet). Click OK.
For Administrative Group - select Manage group membership > select +Add members > select a member of your choice from Add members page > click on Select. Next, click on the Close button(X sign).
For Synchronization - select All and click on OK.
From summary page verify everything and click OK.
This Azure AD Domain Services deployment takes some time(approx 30 min) for completion.
In resource group you will find Azure AD Domain Services(in our case, infiflex.in). Click on that.
You will find the status as Deploying.
Once the deployment is completed, the status will be updated as Running.
Click on Configure to update the DNS settings.
Validate user account
Login to myapps.microsoft.com with user account have been created as domain administrator.
Update user password and Sign in.
Once you successfully logged in to the account with updated password, it will take approximately 20-30 minutes to get synchronized.
Setup Domain Controller(Virtual Machine) to manage policies
Click on Virtual machines and select Create virtual machine.
>Select Subscription and Resource Group in PROJECT DETAILS section
> Type in a virtual machine name, choose a Region(same as the Resource Group and Virtual Network), select Windows Server 2016 Datacenter as Image, select a VM size as per your choice in INSTANCE DETAILS section
> Create an ADMINISTRATIVE ACCOUNT by providing a Username and Password as per your choice.
> Allow RDP(3389) as INBOUND PORT RULES.
>Choose Standard HDD from DISK OPTIONS.
Select Next:Networking>. From NETWORK INTERFACE-
> Select Virtual Network.
> Select Subnet(choose the defaultSubnet).
> Select LOAD BALANCING as No.
Select Next:Management>. Select off as option from MONITORING, IDENTITY and AUTO-SHUTDOWN section.
Select Next:Advanced> > Select Next:Tags> > Select Next:Review+create> > Select Create.
Make public IP address of created VM as static
Click on the Public IP address(<VM-name>-ip)from Resource Group.
Click on Configuration and select Static. Click on Save.
Select your Virtual machine from Resource group and select Restart.
Connect to your Virtual machine using the downloaded RDP file.
Goto Server Manager and select Local Server. Click on WORKGROUP from PROPERTIES section. Next, select Change… from System Properties window.
In Computer Name/Domain Changes window, select Domain from Member of section. Type your domain name with which this VM needs to be joined. Click OK.
In Windows Security Pop-up window login with the domain administrative user account(username@domain-name). Once login is successful, you will get a welcome message. System restart is required to complete this process.
Again connect to your VM. Goto Server Manager > select Add Roles and Features.
On the Before You Begin page of the Add Roles and Features Wizard, click Next.
On the Installation Type page, leave the Role-based or feature-based installation option checked and click Next.
On the Server Selection page, select the current virtual machine from the server pool, and click Next.
On the Server Roles page, click Next. We skip this page since we are not installing any roles on the server.
On the Features page, select AD DS and AD LDS Tools and Group Policy Management. Click Next > Install.
Once the installation is complete, Domain Group Policies can be managed from Group Policy Management under Tools menu.