This lab will explore Azure Active Directory, in it will provision virtual machines within the same subnet, install Active Directory on Windows Server, create a new Organizational Unit, manage Group Policy, link a client to our Server using DNS, and use Powershell to automate the creation of new users.
Process
We start by building a new Azure Virtual Network. When one is created, hidden services are automatically created, like DHCP and DNS.
We can now take a look at Network Watcher > Topology in Azure Portal to ensure that both virtual machines are on the same subnet.
At this point we want to change our domain controller's IP address from dynamic to static.
At this point we'll allow DC-1 to use ICMP so we can ping it.
We'll connect to DC-1 using RDP.
Now we are able to ping our client virtual machine.
Installing Active Directory
Now we will install and deploy Active Directory on our domain controller.
We can now create an organizational unit for employees.
We can then create our first user
Once the profile has been established we will add it to the domain admin's OU.
We can now log in with the new credentials.
Checking our command line we can see we're logged in as our new user.
Now we'll joing our client to our domain controller.
We'll redirect its DNS settings to our domain controller so it's not searching throughout the internet for it and we'll set the DNS setting within Azure Portal.
We can enter system settings to to change the name of the PC so it will have permission to join the domain.
And it works! Logging in with our changed name will show that your are now logging in as the new user joined into our domain.
So normally, this would be done at scale with group policy, but in the interest of scope, we'll just be doing this with individual users.
Now on our client machine we'll add all of the domain users to RDP capabilities.
I have a powershell script to randomly assign names and create new users within our OU at scale that I'll run within Powershell ISE.
I can pull out one of these randomly generated names and attempt a login with it after the domaincorp.com domain, and we're able to log in!