Install and configure ADDS on Windows Server 2022 Core in Azure (Part 1)

Today, I’m going to show you how to install and configure Active Directory Domain Services on Windows Server 2022 Core edition on Azure.

I’ve used some ARM templates to deploy my two domain controllers in Azure, based on Windows Server 2022 Core edition. These servers are in a separate subnet within my Azure environment. In this example, Í’ve two domain controllers, mss-dc-core001 and mss-dc-core002.

The first step is to configure the following things:

  • Machine name
  • Static IP from the Azure Portal (NOT within the VM)
  • Static DNS from the Azure Portal (NOT within the VM)
  • Date and Time
  • Install all the latest updates

image

image

image

After logging in to the first domain controllers, there’s just one big black screen with ‘SCONFIG’ open, that’s all!

image

The next step is to prepare the data partition on our second disk to place the ADDS database, NETLOGON and SYSVOL directories. For this configuration, we are using DISKPART. We have created a new volume on the second disk It’s drive D: with 16 GiB storage and disk caching is disabled.

image

After the first configuration of the servers, we are ready to start the installation of the necessary services and features. Press ‘15’ to enter Powershell.

Install-windowsfeature -name AD-Domain-Services -IncludeManagementTools

image

Install-ADDSForest -DomainName "network.lab" -DomainMode 7 -ForestMode 7 -DatabasePath "D:\NTDS" -SYSVOLPath "D:\SYSVOL" -LogPath "D:\Logs"

image

image

Because we are using Windows Core edition, we don’t have any graphical management tools on the domain controllers. Therefore, we have installed the Remote Server Administration Tools or RSAT on a management server.

image

Here we can start ‘Active Directory Users & Computers’ to take a look into our new created Active Directory environment.

Install-windowsfeature -name AD-Domain-Services, DNS -IncludeManagementTools

image

Install-ADDSDomainController -DomainName "network.lab" -DatabasePath "D:\NTDS" -SYSVOLPath "D:\SYSVOL" -LogPath "D:\Logs" -Credential (Get-Credential "network.lab\azlocadmin")

image

image

Now we have two active domain controllers in our Active Directory environment, based on Windows Server 2022 Core edition.

image

Create a Central Store for your group policy ADMX and ADML files. Copy all the files from:
”C:\Windows\PolicyDefinitions” to “\\network.lab\SYSVOL\network.lab\Policies\PolicyDefinitions”.

image

Open the Group Policy Editor again and see if the policy definitions are loaded from the Central Store.

image

Wrap up:
We have created two domain controllers in Azure, based on Windows Server 2022 Core edition (no graphical user interface). We have created a new Active Directory Forest with a single domain ‘network.lab’. And last we have created the Central Store for storing the group policy definitions (ADMX and ADML) files.

In the next parts we are going to harden some security settings, configure Log Analytics for monitoring and configure Azure Backup for Back-up and Disaster Recovery.

Enable Azure Hybrid Benefit with Azure Resource Manager (ARM)

In Azure, you have the option to bring in your own licenses (Azure Hybrid Benefit). If you deploy a virtual machine using Azure Resource Manager (ARM) templates, this option is not enabled by default. Certainly for test environments, demos, but in many cases also production environments, you want to enable this option.

By adding the line below to your ARM template, the Azure Hybrid Benefit is enabled.

2021-10-19_21h12_41

2021-10-19_21h04_48

Error: ‘User failed validation to purchase resources’ when deploying a virtual machine

Today I’ve deployed a new virtual machine within Azure using the Windows Server 2022 Azure Edition Preview Marketplace image. After running my Powershell script, I received an error:
’User failed validation to purchase resources. Error message: ‘You have not accepted the legal terms on this subscription: …..’

image

So, let’s take a look at the legal terms, also using Powershell. I’ve used a couple of variables.

$azureVmPublisherName = "MicrosoftWindowsServer"
$azureVmOffer = "microsoftserveroperatingsystems-previews"
$azureVmSkus = "windows-server-2022-azure-edition-preview"
$Version = "latest"


Get-AzMarketplaceTerms -Publisher $azureVmPublisherName -Product $azureVmOffer -Name $azureVmSkus

image

As you can see, the legal terms are not accepted yet!! With a small Powershell command, we can accept the legal terms.

Get-AzMarketplaceTerms -Publisher $azureVmPublisherName -Product $azureVmOffer -Name $azureVmSkus | Set-AzMarketplaceTerms -Accept

image

Now you’re good to go!!

PowerCLI: An Aspiring Automator’s Guide

Getting into scripting can be daunting. It’s easier to just use existing scripts found online, but if you choose this route you’ll quickly run into limitations. If you take the time to learn how to create your scripts, trust me, you’ll never look back!

clip_image002

Automating vSphere is particularly useful for countless applications and the best way is through PowerCLI – a version of PowerShell developed specifically for VMware. Learn how to develop your own PowerCLI scripts with this free 100+ page eBook from Altaro, PowerCLI: The Aspiring Automator’s Guide.

Written by VMware vExpert Xavier Avrillier, this eBook presents a use-case approach to learning how to automate tasks in vSphere environments using PowerCLI. We start by covering the basics of installation, set up, and an overview of PowerCLI terms. From there we move into scripting logic and script building with step-by-step instructions of truly useful custom scripts, including how to retrieve data on vSphere objects; display VM performance metrics; how to build HTML reports and schedule them; the basics on building functions; and more!

Stop looking at scripts online in envy because you wish you could build your own scripts.

Get started on your path to automation greatness – Download the eBook now!

Free ebook ‘Azure for Architects’

Do you want to know all the ins and outs about cloud computing. What is the cloud? What is Azure? What kind of functionalities and concepts are available within this cloud?

cloud_1220

You’ll find all  the answers in this great free ebook ‘Azure for Architecs’.

Download the free ebook here.

5nine AzSec for Azure Security

5nine AzSec - Azure Security Simplified

5nine AzSec is an intuitive standalone application that creates, maintains and manages inbound/outbound traffic rules for virtual machines in Azure. Firewall log data is collected, displayed and managed in a central console.

5nine Cloud Security with AzSec is a bundled offering that includes 5nine Cloud Security and 5nine AzSec. This integrated solution enables hybrid cloud administrators to manage firewall rules, alerts and logs across Azure and Hyper-V environments from a single access point.

  • Easy Firewall Configuration: Apply firewall rules in a single step instead of using complex scripts or the Azure portal.
  • Automate Firewall Rule Configuration: Built-in templates enable you to easily apply firewall rules and reduce the risk of misconfiguration for virtual machines running in the Azure environment.
  • Simplify Anomaly Discovery: The firewall log export allows you to view and analyze firewall log data right from within the 5nine Cloud Security Anomaly Analysis module, and export logs to Splunk or other SIEM systems.
  • Monitor Azure from One Location: Review your Azure subscription resource groups, status, usage and billing summary from within 5nine’s interface.
  • Consolidate Hybrid Cloud Management: Configure firewall rules and view log data across Azure and Hyper-V environments from a single access point.*

 

image

image

 

How to: Create multiple VM’s in Hyper-V within a few seconds

Automation is one of my favorite things. Some actions are just time consuming, so let’s automate these things!! For example, create a demo environment within Hyper-V. This environment needs 8 VM’s. With a few lines of code, this is realy easy to automate, off course with PowerShell.


## Create 8 Gen2 Virtual Machines
## 4 vCPU per VM
## 1 GB per VM
## C: drive 50 GB Dynamic
## D: drive 50 GB Dynamic
## NIC renamed to MGMT
$vSwitchName01 = "NIC - PRI"
$InstallRoot = "E:\DEMO"
$VMName = "HV-0"

## How much VM's 1..8 = 8 VM's
1..4 | % {
New-VHD -Path ($InstallRoot + "\$VMName" + "$_\" + "\$VMName" + "$_" + "_C.vhdx") -SizeBytes 50GB -Dynamic
New-VHD -Path ($InstallRoot + "\$VMName" + "$_\" + "\$VMName" + "$_" + "_D.vhdx") -SizeBytes 50GB -Dynamic
New-VM -VHDPath ($InstallRoot + "\$VMName" + "$_\" + "\$VMName" + "$_" + "_C.vhdx") -Generation 2 -MemoryStartupBytes 1GB -Name ("$VMName" + "$_") -Path $InstallRoot -SwitchName $vSwitchName01

Set-VMProcessor -VMName ("$VMName" + "$_") -Count 4
Set-VM -VMName ("$VMName" + "$_") -AutomaticStopAction ShutDown -AutomaticStartAction StartIfRunning
Enable-VMIntegrationService ("$VMName" + "$_") -Name "Guest Service Interface"

Rename-VMNetworkAdapter -VMName ("$VMName" + "$_") -NewName "MGMT"
Set-VMNetworkAdapter -VMName ("$VMName" + "$_") -Name "MGMT" -DeviceNaming On

Add-VMScsiController -VMName ("$VMName" + "$_")
Add-VMHardDiskDrive -VMName ("$VMName" + "$_") -ControllerType SCSI -ControllerNumber 1 -ControllerLocation 0 -Path ($InstallRoot + "\$VMName" + "$_\" + "\$VMName" + "$_" + "_D.vhdx")

Start-VM -Name ("$VMName" + "$_") | Out-Null
}

Within a few seconds, I’ve 8 VM’s up and running.

2016-03-23_10h10_00    2016-03-23_10h10_44    2016-03-23_10h11_23

/ Happy Automation!