While it’s easy to get a virtual machine (VM) up and running on Windows Azure, you need to take some extra steps before configuring a VM if it’s going to host an Active Directory domain controller or any application that requires a static IP address. In the first of a two-part series on how to install a domain controller in a Windows Azure virtual machine, I’ll look at how IP addressing works in Windows Azure and how to create a virtual network for your domain computers. In part two, I’ll show you how to provision a VM with a persistent IP address and how to correctly install the AD DS role and promote the server to a domain controller
When you configure a new VM in Windows Azure, it receives an IP address automatically and keeps it until the end of the current session, i.e. until the VM is shutdown, restarted or deallocated. Configuring a network adapter with a static IP address is not supported in Azure VMs, but it is possible to ensure that a VM receives the same IP address every time it is started.
Server applications, such as Active Directory domain controllers (DCs), rely on having a static IP address, so the default method for assigning IP addresses in Azure is a problem if you want to install Active Directory in a VM. The solution to the problem is to create a virtual network in Azure and provision VMs that would require a static IP address in a physical environment to acquire a persistent IP address in Azure.
When you create a virtual network, you need to specify which IP address will be used for AD integrated DNS. In the example that follows, that will be the first and only DC in the forest. The IP address for the integrated AD DNS server must be specified to ensure that VMs are assigned a DNS server address from DHCP, otherwise they won’t be able to locate each other because Azure virtual networks don’t support name resolution.
No DHCP reservations are required or can be made. When Windows Azure assigns a persistent IP address to a VM from a virtual network’s address space, the IP address is guaranteed for the lifetime of the VM. The VM can be restarted infinitely, and the IP address will persist until the VM is physically deleted or deallocated (shut down from the Azure management portal). Therefore, it’s important to understand that if you use the shutdown command in the Azure management portal, the VM will be deallocated and its IP address will not persist. If you want to shut down the VM, you must issue a shutdown command in the OS itself.
If you shut down the OS using the operating system, and the VM was provisioned with a persistent IP address, it will eventually show a Stopped status in the Azure management portal. VMs without a persistent IP will change their status to Stopped (Deallocated). Don’t forget Azure VMs that are not deallocated use compute resources and can incur charges.
Prior to creating a virtual network, we need to specify which IP address will serve as a DNS server. In this case, it will be our first domain controller. I’m choosing to use a private address range of 192.168.0.0/24, but you can use any valid IPv4 private address range.
Login to the Windows Azure management portal. If you don’t ready have an Azure account, you can sign up for a free evaluation.
In Azure, the first three IP addresses are not available in private address ranges, so I know that the first usable IP address will be 192.168.0.4.
The new DNS server should now appear in the management portal. At the bottom you’ll see a message to say that the DNS server is being provisioned.
Now we need to create a virtual network in the management portal. I’m going to create a virtual network using the 192.168.0.0/24 address space, but you could equally choose to use the default 10.0.0.0/8 address space.
In this example, I will call the new network CONTOSONET1 and select the preexisting Contoso affinity group. If you don’t already have an affinity group in Azure, you can select Create a new affinity group from the drop-down menu. If you create a new affinity group at this stage, you will additionally need to select a region and give the new affinity group a name.
The Point-to-Site Connectivity and Site-to-Site Connectivity options do not need to be configured.
You should now see the new network appear in the main portal window, and see the status change to Created after around 30 seconds.
In the second part of this series, I’ll show you how to provision a new VM with a persistent IP address, and how to correctly install the AD DS role and promote the server to a domain controller.