CA-Microsoft-WVD_ARM-Workshop

Start / Create Windows Active Directory VM

Create Windows Active Directory VM

In this step, you will

  • Deploy a new VM using the Template Deployment from the Marketplace
  • Connect the Windows Active Directory to Azure Active Directory using Azure AD Connect

You could use Azure Active Directory Domain Services, but this will not be covered in this workshop. If it is already enabled, you can skip this step.

In this workshop, we will use AD Connect on a Azure VM running the Windows Active Directory role (for better understanding of the setup & to keep costs lower).

Create Windows Active Directory VM

  1. Sign in on the Azure Portal with your credentials.

  2. Click on Resource Groups & create 2 Resource Groups in west-europe:
    • wvd-workshop-infra-rg
    • wvd-workshop-sessionhosts-rg
      Create Resource Group
  3. Select the first Resource Group: wvd-workshop-infra-rg
    Click on Add
    Add Resource in Resource Group

  4. Search for Template Deployment and select the option Template Deployment (deploy using custom templates)
    Search Marketplace for Template Deployment

  5. Click on Create to confirm
    Search Marketplace for Template Deployment

  6. Under Load a GitHub quickstart template, search for the template active-directory-new-domain
    Search GitHub for AD Deployment Click on Select template
    Search GitHub for AD Deployment

  7. Fill in the Create an Azure VM with a new AD Forest wizard and click on Purchase
    The Basics should already be completed due to the fact we started from the Resource Group

    IMPORTANT!

    • Remember the username & password!
    • Use only lowercase characters in the domain name & DNS prefix
    • Use the same name as your new Azure AD.
    • The NetBios name cannot exceed the 15 char limit

Deploy AD VM

Config Azure AD Connect

  1. When the Deployment is finished, you go to the Resource Group and open the adVM
    Open AD VM

  2. Connect to the Azure VM using the Connect button, or by using the DNS name in MSTSC.EXE
    In my example, this would be
    mstsc /v:wvdworkshopt01-dc01-vip.westeurope.cloudapp.azure.com
    

    Get AD VM DNS Name

  3. Disable IE Enhanced Security Configuration
    This wil make the download of AD Connect easier (and make your life a little easier 😉)
    You can do this in the Server Manager, or by executing this Powershell script in a Elevated Powershell window:
    function Disable-IEESC
    {
     $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
     Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0
     $UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
     Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0
     Stop-Process -Name Explorer
     Write-Host "IE Enhanced Security Configuration (ESC) has been disabled." -ForegroundColor Green
    }
    Disable-IEESC
    
  4. Download AD Connect on the adVM and execute the installer
    https://www.microsoft.com/en-us/download/confirmation.aspx?id=47594
    
  5. After the automatic installer, the Azure AD Connect wizard should start.
    Check to agree with the License terms and click on Continue
    Agree the Terms

  6. Because we will use a basic deployment, we can use the Express Settings
    Use Express Settings

  7. Enter your Azure AD Admin Account (admin@{tenant} for example) credentials and click on Next
    Connect to Azure AD

  8. Enter your Windows AD Admin Account (Created using the ARM Template & used to connect to the adVM)
    Connect to Windows AD

  9. Again, for simplicity, we will use the .onmicrosoft.com suffix (not a custom domain).
    Check Continue without matching all UPN suffixes to verified domains and click on Next
    Config Azure AD Signin configuration

  10. Click on Install to start the installation of the Sync Engine & configuration
    Start Sync engine installation

  11. Click on Exit to finish the installation
    Finish Config