Now that we have set the stage, let’s take an Azure virtual machine and make it a member in our new “onmicrosoft.com” domain.
Before creating the VM, let’s go and add the domain IP as the new DNS server for the VNet we’ve created. We need to do this for the machines to be able to resolve the domain name and join it.
As you can see, my domain IP is 220.127.116.11
To add the DNS to the VNet, go to the Configure page for the VNet, give the DNS server a display name and the IP, hit Save and confirm the change.
Now, for this post I’m not going to explain all the steps for deploying an Azure VM – I’m assuming you know your way around. I do however want to emphasis that when you need to create your VM as Classic (which is the only mode in the old portal) and not using Azure Resource Manager (ARM). Also, make sure you are pointing it the new VNet and Subnet, otherwise this all thing is not going to work.
I’m using the new portal to create my Windows Server 2012 R2 Datacenter VM, this is just how I roll 8-).
From now, this is all walk in the park as the new VM will be attached to the VNet which can resolve my Azure AD DNS.
Login to the machine with the local administrator and add it to the domain like you will do in your day to day. You can also run a ping test just to make sure you are good to go (don’t forget Windows FW configurations first).
As you can see, I’m showing you the BGINFO details so you will not think I’m playing with you ;-).
After you successfully added the machine to the domain, your first instinct will be to RDP it with the domain user but you won’t be able to do so. Make sure you give the user you are doing this with the proper remote access permissions and then RDP the machine, you wouldn’t want everyone to be able to RDP your machine.
You now have an Azure Windows machine, joined to an Azure Active Directory which you consumed as a Service, how cool is that?!
In the next post we will see how Azure AD can be removed safely from your subscription, stay tuned…