In this blog let’s create a few users now in our on-prem Active Directory which will be later used in our AVD deployment. All these users will be synced up the Azure AD on-prem and then from Azure AD to the Azure Active directory domain services.
Users | Purpose | Role Group |
poweradm | AVD Administrator | AVD / Domain Admin |
localadm | Local Desktop Admin | Local Laptop Admin |
testuser01 | Desktop User1 | AVD Hub Site User |
testuser02 | Desktop User2 | AVD Spoke Site User |
Let’s also create a few OU’s
An OU is a subdivision/container in Active Directory that contains users, groups, computers, or other OUs. By separating OU’s we could apply granular permissions and control across to the computer/user objects within just that container.
Organizational Unit | Purpose |
FSlogix Administrators | AVD Desktop |
FSlogix AVD Users | AVD Desktop Users |
We will be building out the hub/spoke architecture in our virtual lab.
vNET | Subnets | Subnet range |
UKWest-Hub-vNET (10.1.0.0/16) | Default Ad subnet Desktops subnet Azure firewall subnet | 10.0.0.4/24 10.0.0.5/24 10.0.0.6/24 10.0.0.7/24 |
USEast-Spoke-vNET (10.2.0.0/16) | Default Desktops subnet | 10.2.0.0/24 10.2.2.0/24 |
I have two Resource groups in place. UK-AVD-Site-vNET resource group representing our on-prem environment or hub network is in the Azure UK region and the USWest-Spoke-vNET resource group is in US West 3 Azure which is the spoke.
I have deployed a Windows AD server running in the UK-AVD-Site-vNET and it’s synced to Azure AD by using Azure AD Connect.
I am also to deploy Azure AD domain services ( ADDS ) as well in Azure.
Choose the resource group to install the Azure AD Domain Services to
I’ll deploy to the AD subnet
Choose to add Azure Active Directory administrators here
These are my administrators that are listed as my temp ADDS admins
Review and create
Our Azure ADDS is now installed and in sync
Azure ADDS will deploy the service configure a load balancer as shown
In the backend pool, it will add two IP’s which are our DNS servers
We will now use these IP addresses to reconfigure all our vNETs
Modify DNS servers
Select Custom to define our DNS server list. In there add the private ip address of the Windows ADDS server so, in my demo setup, it is 10.0.0.9 and 10.0.0.5
There is no console to manage the ADDS in Azure so we will deploy a new VM to manage the Azure ADDS environment we created now by adding all the AD management role
Under roles and features, add AD and ADS LDS tools
I’ve joined my Azure ADDS VM to domain after installing Admin tools
As expected, we can now manage our Azure ADDS. Our on-prem Active directory users that are synced will appear under ADDC users.
Our on-prem AD sever shows the below configuration
That’s it to configuring ADDC