Install and configure ADDS on Windows Server 2022 Core in Azure (Part 1)

Today, I’m going to show you how to install and configure Active Directory Domain Services on Windows Server 2022 Core edition on Azure.

I’ve used some ARM templates to deploy my two domain controllers in Azure, based on Windows Server 2022 Core edition. These servers are in a separate subnet within my Azure environment. In this example, Í’ve two domain controllers, mss-dc-core001 and mss-dc-core002.

The first step is to configure the following things:

  • Machine name
  • Static IP from the Azure Portal (NOT within the VM)
  • Static DNS from the Azure Portal (NOT within the VM)
  • Date and Time
  • Install all the latest updates

image

image

image

After logging in to the first domain controllers, there’s just one big black screen with ‘SCONFIG’ open, that’s all!

image

The next step is to prepare the data partition on our second disk to place the ADDS database, NETLOGON and SYSVOL directories. For this configuration, we are using DISKPART. We have created a new volume on the second disk It’s drive D: with 16 GiB storage and disk caching is disabled.

image

After the first configuration of the servers, we are ready to start the installation of the necessary services and features. Press ‘15’ to enter Powershell.

Install-windowsfeature -name AD-Domain-Services -IncludeManagementTools

image

Install-ADDSForest -DomainName "network.lab" -DomainMode 7 -ForestMode 7 -DatabasePath "D:\NTDS" -SYSVOLPath "D:\SYSVOL" -LogPath "D:\Logs"

image

image

Because we are using Windows Core edition, we don’t have any graphical management tools on the domain controllers. Therefore, we have installed the Remote Server Administration Tools or RSAT on a management server.

image

Here we can start ‘Active Directory Users & Computers’ to take a look into our new created Active Directory environment.

Install-windowsfeature -name AD-Domain-Services, DNS -IncludeManagementTools

image

Install-ADDSDomainController -DomainName "network.lab" -DatabasePath "D:\NTDS" -SYSVOLPath "D:\SYSVOL" -LogPath "D:\Logs" -Credential (Get-Credential "network.lab\azlocadmin")

image

image

Now we have two active domain controllers in our Active Directory environment, based on Windows Server 2022 Core edition.

image

Create a Central Store for your group policy ADMX and ADML files. Copy all the files from:
”C:\Windows\PolicyDefinitions” to “\\network.lab\SYSVOL\network.lab\Policies\PolicyDefinitions”.

image

Open the Group Policy Editor again and see if the policy definitions are loaded from the Central Store.

image

Wrap up:
We have created two domain controllers in Azure, based on Windows Server 2022 Core edition (no graphical user interface). We have created a new Active Directory Forest with a single domain ‘network.lab’. And last we have created the Central Store for storing the group policy definitions (ADMX and ADML) files.

In the next parts we are going to harden some security settings, configure Log Analytics for monitoring and configure Azure Backup for Back-up and Disaster Recovery.

Free eBook – How to Get the Most Out of Windows Admin Center – Second Edition

If you have experience with the Windows Admin Center, you might already have deduced it is a powerhouse of functionality making light of important server management tasks. If you’re just adding it to your system administrator toolbox, welcome to the wonder of Windows Admin Center!

With so much functionality, figuring out where to focus is key. Whether you’re just setting out with Windows Admin Center or wanting to realize its full potential, start with Altaro’s free 160+ page second edition eBook, How To Get The Most Of The Windows Admin Center.

clip_image002

Written by Microsoft Cloud & Datacenter Management MVP Eric Siron, it covers the latest developments like the Control Azure Stack HCI, use of WinRM over HTTPs and integration with Azure Monitor, amongst others. It’s a comprehensive guide on everything from installation methods and security considerations to integrating Windows Admin Center into an existing environment. There is even a brief history lesson along with a comparison to alternatives so you should get a solid overview of Windows Admin Center, why chose it and how to work with it.

An all-new server management experience when it was introduced, Windows Admin Center modernized administrative activities with a centralized HTML 5 web application. Just add servers, clusters, desktops, and Azure virtual machines into a personalized, persistent interface, and manage their roles, features, software, registry, PKI certificates, and more. And with Microsoft’s latest investment into the Windows Admin Center and new functionality, there is now even more server management power to work with.

Learn to simplify and optimize your server management tasks – Download your free eBook now!

Remove DVD drive on Azure virtual machine

When you deploy a new virtual machine, for example Windows Server 2016/2019 or 2022, you’ll get the C: drive with the operating system, the D: drive for the TEMP storage (most of the VM types) and a DVD drive.

The DVD drive is not needed in some situations, for example on domain controllers. This type of servers you want to harden the security as much as possible. So, for domain controllers we’re deploying in our customer environments, we want to disable the DVD drive.

We run the following command when deploying new domain controllers in Azure.

## Disable DVD drive
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\cdrom -Name Start -Value 4 -Type DWord

After this step, reboot the server and your DVD drive is gone!

2021-09-23_16h37_49

2021-09-23_16h38_20

2021-09-23_16h51_07

Error: ‘User failed validation to purchase resources’ when deploying a virtual machine

Today I’ve deployed a new virtual machine within Azure using the Windows Server 2022 Azure Edition Preview Marketplace image. After running my Powershell script, I received an error:
’User failed validation to purchase resources. Error message: ‘You have not accepted the legal terms on this subscription: …..’

image

So, let’s take a look at the legal terms, also using Powershell. I’ve used a couple of variables.

$azureVmPublisherName = "MicrosoftWindowsServer"
$azureVmOffer = "microsoftserveroperatingsystems-previews"
$azureVmSkus = "windows-server-2022-azure-edition-preview"
$Version = "latest"


Get-AzMarketplaceTerms -Publisher $azureVmPublisherName -Product $azureVmOffer -Name $azureVmSkus

image

As you can see, the legal terms are not accepted yet!! With a small Powershell command, we can accept the legal terms.

Get-AzMarketplaceTerms -Publisher $azureVmPublisherName -Product $azureVmOffer -Name $azureVmSkus | Set-AzMarketplaceTerms -Accept

image

Now you’re good to go!!

Microsoft Ignite Cloud Skills Challenge 2021

2021-03-04_13h00_32

During this month (March 2021), you can do the ‘Microsoft Ignite Cloud Skills Challenge to earn a free Microsoft Exam voucher for the following exams:

AZ-104: Microsoft Azure Administrator
DP-100: Designing and Implementing a Data Science Solution on Azure
MS-700: Managing Microsoft Teams
MS-100: Microsoft 365 Identity and Services
MS-101: Microsoft 365 Mobility and Security
DA-100: Analyzing Data with Microsoft Power BI
SC-200: Microsoft Security Operations Analyst
SC-300: Microsoft Identity and Access Administrator
SC-400: Microsoft Information Protection Administrator

This is a great opportunity to raise your knowledge and get one Microsoft exam for free!

You can find register and find more information about the challenge in the link below!
https://csc.docs.microsoft.com/ignite/officialrules/March2021

Free ebook ‘Azure for Architects’

Do you want to know all the ins and outs about cloud computing. What is the cloud? What is Azure? What kind of functionalities and concepts are available within this cloud?

cloud_1220

You’ll find all  the answers in this great free ebook ‘Azure for Architecs’.

Download the free ebook here.

Microsoft Ignite 2020 ‘Book of news’

Yesterday, the biggest Microsoft event in the world has started, Microsoft Ignite 2020! This year, it’s completely digital and online!

If you’re not going to watch all the sessions, but you only want to know all the new announcements, start reading the ‘Book of news’. This document will give you an overview of all the new stuff. Happy reading!

Download the Book of news.

Microsoft Ignite 2020 Keynote

Improvements to Azure VM backups are now available

Azure Backup now has even greater support and functionality for Azure VM backups:

  • Azure Backup is introducing restoring Unmanaged VMs/Disks as Managed VMs/Disks to provide the benefit of Managed disks for customers who are currently backing up their unmanaged disks.

For more details, please read our documentation

Restore virtual machine

  • Azure Backup now supports Replace existing disks as an option for VMs that have Managed Service Identities (MSI) Both User assigned Identities and System assigned Identities.

For more details, please read our documentation.

All the above features are generally available in all Azure regions.