Part 2- Configure Azure Active Directory Domain Services for AVD

In this blog let’s create a few users now in our on-prem Active Directory which will be later used in our AVD deployment. All these users will be synced up the Azure AD on-prem and then from Azure AD to the Azure Active directory domain services.

UsersPurposeRole Group
poweradmAVD AdministratorAVD / Domain Admin
localadmLocal Desktop AdminLocal Laptop Admin
testuser01Desktop User1AVD Hub Site User
testuser02Desktop User2AVD Spoke Site User

 Let’s also create a few OU’s

An OU is a subdivision/container in Active Directory that contains users, groups, computers, or other OUs. By separating OU’s we could apply granular permissions and control across to the computer/user objects within just that container.

Organizational UnitPurpose
FSlogix AdministratorsAVD Desktop
FSlogix AVD UsersAVD Desktop Users

We will be building out the hub/spoke architecture in our virtual lab.

vNETSubnetsSubnet range
UKWest-Hub-vNET
(10.1.0.0/16)
Default
Ad subnet
Desktops subnet
Azure firewall subnet
10.0.0.4/24
10.0.0.5/24
10.0.0.6/24
10.0.0.7/24
USEast-Spoke-vNET
(10.2.0.0/16)
Default
Desktops subnet

10.2.0.0/24
10.2.2.0/24

I have two Resource groups in place. UK-AVD-Site-vNET resource group representing our on-prem environment or hub network is in the Azure UK region and the USWest-Spoke-vNET resource group is in US West 3 Azure which is the spoke.

I have deployed a Windows AD server running in the UK-AVD-Site-vNET and it’s synced to Azure AD by using Azure AD Connect.

I am also to deploy Azure AD domain services ( ADDS ) as well in Azure.

Choose the resource group to install the Azure AD Domain Services to

I’ll deploy to the AD subnet

Choose to add Azure Active Directory administrators here

These are my administrators that are listed as my temp ADDS admins

Review and create

Our Azure ADDS is now installed and in sync

Azure ADDS will deploy the service configure a load balancer as shown

In the backend pool, it will add two IP’s which are our DNS servers

We will now use these IP addresses to reconfigure all our vNETs

Modify DNS servers

Select Custom to define our DNS server list. In there add the private ip address of the Windows ADDS server so, in my demo setup, it is 10.0.0.9 and 10.0.0.5

There is no console to manage the ADDS in Azure so we will deploy a new VM to manage the Azure ADDS environment we created now by adding all the AD management role

Under roles and features, add AD and ADS LDS tools

I’ve joined my Azure ADDS VM to domain after installing Admin tools

As expected, we can now manage our Azure ADDS. Our on-prem Active directory users that are synced will appear under ADDC users.

Our on-prem AD sever shows the below configuration

That’s it to configuring ADDC

(Visited 66 times, 1 visits today)

By Ash Thomas

Ash Thomas is a seasoned IT professional with extensive experience as a technical expert, complemented by a keen interest in blockchain technology.

Leave a Reply