Install a new Active Directory forest in Windows Azure

chunk should go here.

This tutorial walks you through the steps to create a new Active Directory forest on a virtual machine (VM) on Windows Azure Virtual Network. In this tutorial, the virtual network for the VM is not connected to the network at your company. For conceptual guidance about installing Active Directory Domain Services (AD DS) on Windows Azure Virtual Network, see Guidelines for Deploying Windows Server Active Directory on Windows Azure Virtual Machines.

Prerequisites

Before you install Active Directory Domain Services (AD DS) on a Windows Azure virtual machine, you need to create a virtual network using one of the following options:

Create a virtual network without connectivity to another network by doing the following in the order listed:
1. First, Create a virtual network in Windows Azure.
2. Then install AD DS using the steps in the tutorial below. It's important that you create your virtual machine using the Windows Azure PowerShell procedure in the tutorial below instead of creating the virtual machine via the Management Portal.
Create a virtual network with connectivity to another network, such as an Active Directory environment on premises by doing the following in the order listed:
1. First, Create a Virtual Network for Cross-Premises Connectivity.
2. Next, Add a Virtual Machine to a Virtual Network.
3. Finally, install AD DS by following the steps in Install a Replica Active Directory Domain Controller in Windows Azure Virtual Networks.

Step 1: Create the first Virtual Machine (VM)

Create a storage account that is in the same region as the affinity group. To check the region of the affinity group, click Networks, and click Affinity Groups. To create a storage account:
a. Click Storage, click New, and then click Quick Create.
b. Under URL: type the name of the storage account, and for Region/Affinity Group, select the region of the affinity group, such as West US. By selecting a region for the storage account, it can be used with any affinity group in the virtual network.
Install Windows Azure PowerShell. The VM where you plan to install AD DS must be created using Windows Azure PowerShell in order for the DNS client settings of the domain controller to persist after service healing.
a. Go to https://www.windowsazure.com/en-us/.
b. Click Manage, then click Downloads.
c. Under Windows, click Install, then click Run. Click Yes if prompted by the User Account Control dialog.
d. Click Install to go through installation wizard, click I accept, and when the wizard is done, click Finish.
e. Click Exit to close the Web Platform Installer 4.0.
If you are running Windows 7, click Start, click All Programs, click Windows Azure, right-click Windows Azure PowerShell, and click Run as Administrator. Click Yes if prompted by the User Account Control dialog. If you are running Windows 8, click Start, and in the Search field, type Windows Azure PowerShell and press ENTER.
In Windows Azure PowerShell, run the following cmdlet, and then type Y to finish the command:
```
Set-ExecutionPolicy RemoteSigned
```

Run the following cmdlet:

Import-Module 'C:\Program Files (x86)\Microsoft SDKs\Windows Azure\PowerShell\Azure\Azure.psd1'

Run the following cmdlet:
```
Get-AzurePublishSettingsFile
```
You will be prompted to sign on to the Windows Azure portal and then prompted to save a .publishsettings file. Save the file in a directory, for example, E:\PowerShell\MyAccount.publishsettings. To subsequently run any other Windows Azure PowerShell cmdlets, steps 4 through 6 do not need to be repeated because they only need to be completed once.
Run the following cmdlet to open Windows Azure PowerShell ISE:
```
powershell ise
```
Paste the following script into Windows Azure PowerShell ISE, replacing the placeholders (such as subscriptionname) with your own values, and the run the script. If necessary, click Networks in the Management Portal to obtain the subscription name. The storage account name is the name you specified in step 1. The image name used in following script installs Windows Server 2008 R2 with Service Pack 1 (SP1), but the image names are updated periodically. To get a list of currently available images, run Get-AzureVMImage. You can install Windows Server 2012, but be aware that the virtualized domain controller safeguards that are built into Windows Server 2012 are not available on Windows Azure Virtual Networks. The virtualized domain controller safeguards require support for VM-GenerationID, which Windows Azure Virtual Networks do not provide at the present time. For more information about virtualized domain controller safeguards, see Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100).
```
cls


Import-Module "C:\Program Files (x86)\Microsoft SDKs\Windows Azure\PowerShell\Azure\Azure.psd1"
Import-AzurePublishSettingsFile '*E:\PowerShell\ MyAccount.publishsettings*'
Set-AzureSubscription -SubscriptionName *subscriptionname* -CurrentStorageAccount *storageaccountname*
Select-AzureSubscription -SubscriptionName *subscriptionname*


#Deploy the Domain Controller in a virtual network
#-------------------------------------------------


#Specify my DC's DNS IP (127.0.0.1)
$myDNS = New-AzureDNS -Name 'myDNS' -IPAddress '127.0.0.1'
$vmname = '*ContosoDC1*'
# OS Image to Use
$image = 'MSFT__Win2K8R2SP1-Datacenter-201207.01-en.us-30GB.vhd'
$service = '*myazuredemodcsvc*'
$AG = '*YourAffinityGroup*'
$vnet = '*YourVirtualNetwork*'


#VM Configuration
$MyDC = New-AzureVMConfig -name $vmname -InstanceSize 'Small' -ImageName $image |
    Add-AzureProvisioningConfig -Windows -Password '*p@$$w0rd*' |
        Set-AzureSubnet -SubnetNames '**BackEnd**'


New-AzureVM -ServiceName $service -AffinityGroup $AG -VMs $MyDC -DnsSettings $myDNS -VNetName $vnet
```
If you rerun the script, you need to supply a unique value for $service. After the Windows Azure PowerShell cmdlet successfully completes, the VM will initially appear in the UI in the management portal in a stopped state, followed by a provisioning process. After the VM is provisioned, continue with the next steps.
In the management portal, click the name of the VM you created, and on the bottom of the screen, click Attach, and click Attach Empty Disk.
Type the size of hard disk (in GB) you want, such as 30, and click the Check button.
Repeat steps 9 and 10 to attach a second disk.
Click Connect.
Click Open.
In RDP connection dialog, click Don’t ask me again for connections to this computer, and click Connect.
Type your credentials.
In Remote Desktop Connection, click Yes.

Step 2: Install Active Directory Domain Services

In the RDP session, Click Start, right-click Computer and click Manage.
In the console tree, click Computer Management (Local), click Storage, and then click Disk Management.
When you are prompted to initialize the disks, click OK.
Right-click each remaining disks that is not formatted, and click New Simple Volume. Accept the default values in the wizard and finish creating the volume, and then create a new folder named NTDS on one volume in order to store the Active Directory database and log files. The other volume will be used to store backup files.
Click Start, type dcpromo, and press ENTER. If you are installing AD DS on Windows Server 2012, you can use the Add Roles Wizard or the New-ADDSForest cmdlet. For more information about installing AD DS on Windows Server 2012, see Install Active Directory Domain Services (Level 100).
On the Welcome page, click Next.
On the Operating System Compatibility page, click Next.
On the Choose a Deployment Configuration page, click Create a new domain in a new forest, and click Next.
On the Name the Forest Root Domain page, type the fully qualified domain name (FQDN) of the forest root domain (for example, hq.litwareinc.com) and click Next.
On the Set Forest Functional level page, click Windows Server 2008 R2 and then click Next. If you choose a different value, you also need to select a value for the domain functional level.
On the Additional Domain Controller Options page, make sure DNS server is selected and click Next.
On the Static IP assignment warning, click Yes, the computer will use an IP address automatically assigned by a DHCP server (not recommended). Although the IP address on the Windows Azure Virtual Network is dynamic, its lease lasts for the duration of the VM. Therefore, you do not need to set a static IP address on the domain controller that you install on the virtual network. Setting a static IP address in the VM will cause communication failures.
If you are prompted about the DNS delegation warning, click Yes. The DNS delegation warning appears if the AD DS installation process cannot create or update the DNS delegation in the parent DNS zone for the Active Directory domain you are creating. For more information about this warning, see Active Directory Domain Services Installation Wizard (Dcpromo.exe) issues.
On the Location for Active Directory database, log files and SYSVOL page, click Browse and type or select the NTDS folder location you created previously on the additional data disk for the Active Directory files, and click Next.
On the Directory Services Restore Administrator page, type and confirm the DSRM password, and click Next.
On the Summary page, confirm your selections, and click Next.
After the Active Directory Installation Wizard finishes, click Finish, and then click Restart Now to complete the installation.

Step 3: Validate the installation

Reconnect to the VM.
Click Start, right-click Command Prompt, and click Run as Administrator.
Type the following command and press ENTER:
```
Dcdiag /c /v
```
Verify that the tests ran successfully. Some tests related to validating IP addresses may not pass. To prevent validation errors related to Time server, configure the Windows Time Service on the new DC.

Step 4: Backup the domain controller

Connect to the VM.
Click Start, click Administrative Tools, click Server Manager, click Add Features, and then select Windows Server Backup Features. Follow the instructions to install Windows Server Backup.
Click Start, click Administrative Tools, click Windows Server Backup, then click Backup once.
Click Different options, then click Next.
Click Full Server, then click Next.
Click Local drives, then click Next.
Select the destination drive that does not host the operating system files or the Active Directory database, then click Next.
Confirm the settings you selected and then click Backup.

Step 5: Provisioning a Virtual Machine that is Domain Joined on Boot

After the DC is configured, run the following Windows PowerShell script to provision additional virtual machines and have them automatically join the domain when they are provisioned. The DNS client resolver settings for the VMs must be configured when the VMs are provisioned.
For more information about using Windows PowerShell, see Getting Started with Windows Azure PowerShell and Windows Azure Management Cmdlets.

To create an additional virtual machine that is domain-joined when it first boots, open Windows Azure PowerShell ISE, paste the following script, replace the placeholders (such as ContosoDC13) with your own values and run it.
To determine the Internal IP address of the domain controller, click the name of virtual machine where it is running. Specify the name of the domain controller for the -Name parameter for the New-AzureDNS cmdlet.
In the following example, the Internal IP address of the domain controller is 10.4.3.1. The Add-AzureProvisioningConfig also takes a -MachineObjectOU parameter which if specified (requires the full distinguished name in Active Directory) allows for setting Group Policy settings on all of the virtual machines in that container.
After the virtual machines are provisioned, log on by specifying a domain account using User Principal Name (UPN) format, such as administrator@corp.contoso.com.

cls


Import-Module "C:\Program Files (x86)\Microsoft SDKs\Windows Azure\PowerShell\Azure\Azure.psd1"
Import-AzurePublishSettingsFile '*E:\PowerShell\MyAccount.publishsettings*'
Set-AzureSubscription -SubscriptionName *subscriptionname* -CurrentStorageAccount *storageaccountname*
Select-AzureSubscription -SubscriptionName *subscriptionname*


#Deploy a new VM and join it to the domain
#-------------------------------------------
#Specify my DC's DNS IP (10.4.3.1)
$myDNS = New-AzureDNS -Name '*ContosoDC13*' -IPAddress '*10.4.3.1*'


# OS Image to Use
$image = 'MSFT__Sql-Server-11EVAL-11.0.2215.0-08022012-en-us-30GB.vhd'
$service = '*myazuresvcindomainM1*'
$AG = '*YourAffinityGroup*'
$vnet = '*YourVirtualNetwork*'
$pwd = '*p@$$w0rd*'
$size = 'Small'


#VM Configuration
$vmname = 'MyTestVM1'
$MyVM1 = New-AzureVMConfig -name $vmname -InstanceSize $size -ImageName $image |
    Add-AzureProvisioningConfig -WindowsDomain -Password $pwd -Domain '*corp*' -DomainPassword '*p@$$w0rd*' -DomainUserName 'Administrator' -JoinDomain '*corp.contoso.com*'|
    Set-AzureSubnet -SubnetNames '*BackEnd*'


New-AzureVM -ServiceName $service -AffinityGroup $AG -VMs $MyVM1 -DnsSettings $myDNS -VNetName $vnet

If you rerun the script, you need to supply a unique value for $service. After the Windows Azure PowerShell cmdlet successfully completes, the VMs will initially appear in the UI in the management portal in a stopped state, followed by a provisioning process. After the VMs are provisioned, you can log on to them

Mohansharing

Friday 28 December 2012

How to install Active directory forest in windows Server 2012