none
Promote Azure compute resource to DC in on premise AD RRS feed

  • Question

  • I have an Azure compute resource running Windows Server 2016.  AADDS is already configured, and the Azure server is now a member of the on premise AD.  I need to promote the Azure server to DC in the on premise AD.  The Azure server is not listed as a computer object in the on premise AD, and the server is not listed as a device in the Azure tenant.  Is that a problem, and if so how can both those issues be resolved?  

    What is the process for promoting the Azure server to DC in the on premise AD?  Thank you.

    Monday, July 15, 2019 3:12 PM

All replies

  • Should be possible. You can follow along here.

    https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/identity/adds-extend-domain

     

    Please don't forget to mark helpful replies as answer)

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.



    Monday, July 15, 2019 5:07 PM
  • Thanks for the reply.  I've seen the article provided before.  With AADDS configured I thought that configuration would not be necessary.  Note that I can already join Azure computers to the on premise domain.  I'm only wondering about the process for promoting the Azure computer to a DC and whether the Azure computer should be displayed in the on premise domain and/or the Azure/O365 tenant.  
    Tuesday, July 16, 2019 1:39 PM
  • If its just an azure virtual machine that happens to be connected by VPN to the LAN. Then I'd expect you could join domain and also promote it to domain controller.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Tuesday, July 16, 2019 1:49 PM
  • Hello,
    Thank you for posting in our TechNet forum.

    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?


    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, July 17, 2019 6:57 AM
    Moderator
  • "dcpromo" did not work.  I received a message saying the credentials used were not valid.  However, I can sign onto the server with those same credentials which are a domain admin in the current domain.  Was also the same credentials used to join the computer to the domain.  ADDS was installed successfully on the server, and I can see some domain objects but not the same as I see when I sign into one of the on premise DCs.  

    Note there is no Azure VPN configured yet, but AADDS is configured and LDAPS.

    Wednesday, July 17, 2019 1:11 PM
  • I'd check the domain controller and problem member both have the static ip address of DC listed for DNS and that ports are open between gateways.

    https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Wednesday, July 17, 2019 1:14 PM
  • Hi,
    I am just writing to see if this question has any update. If anything is unclear, please feel free to let us know.
    Thanks for your time and have a nice day!



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, July 22, 2019 11:28 AM
    Moderator
  • I was not able to work on this the last few days.  I've engaged some outside help.
    Monday, July 22, 2019 1:00 PM
  • Hi,
    Would you please share your help with us?

    Thank you in advance!



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, July 23, 2019 10:09 AM
    Moderator