It’s been a long time since I wrote something here but times wait for no one and today I’m going to write about Azure Active Directory – Directory Services which is currently on preview.
What is it?
Azure Active Directory Domain Services finally giving you the option to use LDAP and Kerberos and therefore join Azure virtual machines to a domain which will be your tenant ID (domain.onmicrosoft.com or your custom domain name) without the need to deploy domain controllers which means that you actually get Domain Controllers as a service!!!
Users can login into these virtual machines using their organizational account (users under your Tenant ID – email@example.com)
How can I join to the preview?
It’s pretty easy, all you need is a subscription and you good.
The first step will be to login to the old portal (yeah I know..) at manage.windowsazure.com and create a virtual network. I created the network as follow:
Than you should create your Azure Active Directory (In my case I already created a domain with a tenant ID of: OneDropEnv.onmicrosoft.com so this will be the actual domain name once I will join the virtual machine to the domain)
After I created the Azure Active Directory I must create a group called “AAD DC Administrators” and add any user you wish from the AAD itself (for example I’ll add IdoKatz@onedropenv.onmicrosoft.com to the group) this will give the user domain admin permissions (well not really, only to join machine to the domain)
The next step will be to activate the Directory Services preview – in order to that go to the configure tab inside your azure Active Directory and scroll down until you’ll see “Domain Services” with a green preview right next to him and choose yes on the “Enable domain services for this directory” , once you did it there will be two additional parameters that you must configure, the first one will be “DNS Domain Name of Domain Services” in this particular one I will choose my Tenant ID (which is onedropenv.onmicrosoft.com) in the second one I must add him to one of my subnets I created before on my virtual network and in this case Ill choose SVC and hit the “Save Button”
Now you need wait something about 30 Minutes to the service to be provisioned and in the end you’ll get one IP address of domain controller and another one after 30 more minutes:
so that’s cool right? But what now? Good question! Now you must take this IP address and put him under the DNS configuration of the Virtual Network. Why? Because once you create a virtual machine it will automatically configure these address in the DNS setting of the Virtual machine.
Now all you have to do is to create a virtual machine and just join the machine to the domain (which again is my Tenant ID: onedropenv.onmicrosoft.com) with the account I created before (idokatz@onedropenv,onmicrosoft.com) and added him to the “AAD DC Administrators” Group I created in my Azure Active Directory:
That’s it!! Simple as that! I don’t know about you but with the AAD directory Services I really don’t need to deploy two VM’s (Availability Sets) and install DC on them in order to replicate between them. NOW THIS IS PROGRESS!!
Thanks for reading!!