Deploying Windows Server AD DS as IaaS (VM) in Azure?

Senior Systems Engineer

1/1/23, 9:59 AM

I'm currently seeking some advice and guidance whether deploying additional Windows Server 2019 VM in Azure to run Active Directory Domain Controller / Global Catalog in separate AD sites called 'Azure' is really have any benefits or not?

At the moment my AD domain is just single forest AD, spread across multiple geographical locations throughout Asia Pacific.

Azure AD Connect runs Password Hash Sync to Azure AD, since we are still using Hybrid Exchange 2016-Office 365.

What are the benefits and the caveats when deploying one more AD DS as IaaS in Azure to serve the AD Sites called 'Azure' that is for the IP Subnet of the VNET I peered from Azure to OnPremise?

1 + 0

active-directory

azure

azure-active-directory

azure-active-directory-ds

azure-networking

Score:1

Server

Massimo

1/1/23, 10:17 AM

If you want to run domain-joined VMs in your Azure virtual network, the best practice is for them to have a "local" Domain Controller (or two) available, running as another Azure VM; otherwise, they will need to reach out to one of your on-premises Domain Controllers every time they need to query DNS or AD (i.e. continuously).

Of course, if you don't want to run domain-joined VMs in your Azure virtual network, having a Domain Controller there would be quite useless.

0 + 3

Senior Systems Engineer

1/1/23, 11:46 AM

I've got ExpressRoute circuit already established too and peered to the VNET - OnPremise DataCenter

Massimo

1/1/23, 12:37 PM

The same applies. You should treat your Azure VNet just like an additional site in your network. If you want to use your AD domain there, it's better to have a local DC.

Senior Systems Engineer

1/2/23, 5:14 AM

that's great, thank you @massimo

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Deploying Windows Server AD DS as IaaS (VM) in Azure?

TH: ปรับใช้ Windows Server AD DS เป็น IaaS (VM) ใน Azure หรือไม่

RO: Implementarea Windows Server AD DS ca IaaS (VM) în Azure?

RU: Развертывание Windows Server AD DS как IaaS (ВМ) в Azure?

VI: Triển khai Windows Server AD DS dưới dạng IaaS (VM) trong Azure?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.