Cloud Zone is brought to you in partnership with:

Brian Lewis works as an IT Pro Evangelist for Microsoft Corporation in the Midwest, where he focuses on the IT Pro audience in Illinois, Indiana, and Wisconsin. He is very passionate about technology and has over 18 years of enterprise IT experience. Brian enjoys working with all computer and networking technologies. He enjoys everything from programming and scripting to working with all types of infrastructure. There just isn’t a technology that isn’t interesting to him. Brian enjoys several hobbies outside of computers including rock climbing, trail biking, and swimming. http://mythoughtsonit.com Brian is a DZone MVB and is not an employee of DZone and has posted 13 posts at DZone. You can read more from them at their website. View Full User Profile

DR - Extend Active Directory to the Cloud with Windows Azure

05.08.2013
| 1900 views |
  • submit to reddit

This month, my fellow IT Pro Technical Evangelists and I are authoring a new series of articles on 20 Key Scenarios with Windows Azure Infrastructure Services.  Check out the list of articles here:
http://mythoughtsonit.com/2013/05/20-key-scenarios-with-windows-azure-infrastructure-services/

For today’s post I will cover the steps to put a Domain Controller in Windows Azure for Disaster Recovery. This DC can actually serves two purposes, first it is a full copy that give us an offsite copy of AD, second it can be used for servers in Azure so they don’t have to travers the WAN.

Let’s clear up some confusion first, the Active Directory tab in the Azure portal is for Windows Azure Active Directory. Windows Azure AD is a modern, REST-based service that provides identity management and access control capabilities for your cloud applications. It is similar to Active Directory Lightweight Directory Services and does not offer Disaster Recovery for your AD environment. It can sync users with your corporate AD and provide a single sign on solution with ADFS. It is useful for your developers when building custom applications. You can read more on Azure AD here: http://www.windowsazure.com/en-us/home/features/identity/

What we need to is create a full blown Active Directory Domain Controller up in Azure. To accomplish this we will create a Virtual Machine.

image

To extend our Corp at to Azure we will treat it just as if we were building a server in a remote datacenter with one change to watch for. The fundamental requirements for deploying Windows Server Active Directory on Windows Azure Virtual Machines is the same as deploying AD from on-premises with one change. We need to install the AD database on a different disk other than the C: drive. We will create an Azure data-disk and attach it as drive E:. This is where we will store both the AD database and the SYSVOL.

Why store AD on a different drive?Windows Azure provides two distinct disk types for virtual machines. Azure offers an “Operating System-disks” and “Data-disks.” Data-disks use write-through caching, guaranteeing durability of writes — this is fundamental to the integrity of any Windows Server Active Directory forest that has more than a single domain controller because the loss of a single write can affect the entire distributed system rather than just a single machine.

Cross-premises AD DS deployment

Overview of the Steps to Create an Active Directory DC in Azure

  1. Link the Networks with a site to site VPN. (See how to do that with Server 2012 here)
  2. Configure your AD Sites with a new site
  3. Create a Windows Server VM (Config DNS to read from a DC)
  4. Join the Server to the Domain
  5. Promote the Server to a Domain Controller
  6. Pour yourself a Fresca Smile

For this post I originally wanted to do a step by step guide instead of this overview. I began, how most Microsofties begin, I  “Bing’ed” what was currently available on this topic. What I found was that a fantastic step by step article already existed. My co-worker, fellow Microsoft IT Pro Evangelist Keith Mayer, already has created a great step by step guide below:

Detailed Step by Step guide to extending AD to Azure – by Keith Mayer
http://blogs.technet.com/b/keithmayer/archive/2013/01/20/step-by-step-extending-on-premise-active-directory-to-the-cloud-with-windows-azure-31-days-of-servers-in-the-cloud-part-20-of-31.aspx

If you are interested in more details on guidelines and options for deploying Active directory in Azure be sure to check out the Microsoft documentation:

Guidelines for Deploying Windows Server Active Directory on Windows Azure Virtual Machines
http://msdn.microsoft.com/en-us/library/windowsazure/jj156090.aspx 

-Brian

Published at DZone with permission of Brian Lewis, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)