Azure Identity And Access Management Part 28 – Azure Active Directory – Domain Service ( Azure AD-DS) 3 – Join Windows Server VM To An Azure AD DS Managed Domain
Hope you all are doing good !!!
In our last articles we have discussed , how to Configure An Azure AD DS Managed Domain. Today In this article, we will continue with the same topic and will see how to Join a Windows Server virtual machine to an Azure Active Directory Domain Services managed domain.
If you have missed our previous articles on Azure Identity And Access Management (IAM), please check it in following links.
Join Azure VM To Domain :
As Windows Server VMs can’t be directly joined to Azure AD, we need to configure an Azure AD Domain Service (Azure AD DS). It will be then synchronized with our Azure AD and allow the VM to join the domain. During this process, it requires a VPN between the VMs and the Azure Network. We can say, Azure AD DS is an online Domain Controller allowing us to join computers to azure using the standard way like we do with on-premises domain.
As we discussed, we have configured Azure AD DS in our last article. Now we will throughout the following steps to join VM with a domain.
Step 1 – Login to Azure Portal and Create a new Window Server Virtual Machine (VM) under same VNet where we have configured our Azure AD DS but in different subnet. I have created a virtual machine named as ‘Manas-AADDS’. Now we will discuss, how to join this VM to a domain.
Step 2 – Let’s connect the VM. As we an see in the following figure, there are different ways to connect with VM. Here I am connecting the VM through BASTION ( Azure Bastion is a new fully platform-managed PaaS service you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your VMs directly in the Azure portal over SSL ) . In the Overview pane for our VM, select Connect, then Bastion => provide the credentials for VM that we specified, when created the VM and click Connect to connect the VM.
Step 3 – Once we connected with the VM through this web based RDP, let’s join the Windows Server virtual machine to the managed domain. Select the Start menu => choose Server Manager as shown in the following figure.
Step 4 – From the left menu of Server Manager window, select Local Server. Under Properties on the right pane, click Workgroup as shown in the following figure. This will open System Properties window.
Step 5 – Initially it is under WORKGROUP, Click Change button from System Properties window as shown in the following figure to join the managed domain.
Step 6 – Select Domain option in Members of section and specify the name of managed domain, In this case, manasmoharana.onmicrosoft.com is our domain then select OK as showing in the following figure.
Step 7 – Let’s provide domain credentials to join the domain. Provide credentials of a user that’s a part of the managed domain. The account must be part of the managed domain or Azure AD tenant. There is one Azure AD user email@example.com . This user account also synced to managed domain because user has modified his password after Azure AD DS configured. As showing in the following figure, we have provided the user credential and click OK to proceed with this configuration.
Step 8 – When complete, we will get a welcomes message as showing in the following figure and then click OK to proceed.
Step 9 – Once we configured everything, the system will ask to restart the computer so that , it will apply the changes and join the computer with domain.
Step 10 – After restarting the VM, we can connect to the VM using a user of managed domain. As we can see, in the following figure, now the VM is under the manasmoharana.onmicrosoft.com domain.
I hope this article helps. As I am exploring the Azure Identity and Access Management (IAM) in a deep level. Please let me know if I missed anything important or if my understanding is not up to mark.
Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.
Thanks for reading 🙂