I kept loosing my domain controller in Azure every time I entered a static IP address. This really got me confused. Now I am clear what was happening. Thanks for this course.
Dean, once again ... Thanks much for these videos.... in the last stretch, adding the VM-DC to my ADDS and then after it to promote as a DC but before that.... I noticed you are adding 192 168.166.4 and 192.168.0.5 as your new DNS... kind curious where the 191.168.166.4 IP cam from? we setup several subnets... where did you get this IP address randomly from (Assuming we are excluding the 5 Azure takes away)... this the part where I am not able to make the connection so I can join my Azure DC to my on-premises DC....
192.168.166.4 was the ip of my DC on prem. I needed to add that to my vnet so the new DC in Azure would be able to find my DC on prem over DNS so it could join the domain.
Dean another great video! However, I would add the following when creating Azure AD: When using Write Accelerator for an Azure disk/VHD, these restrictions apply:The Premium disk caching must be set to 'None' or 'Read Only'. All other caching modes are not supported.Snapshot are not currently supported for Write Accelerator-enabled disks. During backup, the Azure Backup service automatically excludes Write Accelerator-enabled disks attached to the VM.Only smaller I/O sizes (
Hi Dean, Two questions please 1. When connecting Azure and On-perm network, why do we need an extra Domain Controller in Azure? Why can't we just have the On-Prem DC and change the DNS server on the CNET to point to the DC on prem. 2. When migrating workloads to Azure (DC) When we want to configure the new DNS for all the systems moved from On-Prem to Azure. Do we still use Azure DNS or we change the DNS on the VNET to be DC's IP address. Thank you for your time
a domain controller in Azure is NOT required...however it is recommended. The reason is because it is a best practice to have a DC in every location so they can all function as independently as possible in case of an outage. Azure DNS is a resource in Azure and is different then the Virtual Network DNS Server settings. So which you select depends on several things.
Thank you Dean. Excellent Video. Can you advice why you chose to move the AD DS files to another Drive (E: Drive). I have not seen this before and not sure what the advantages are?
good question Abu. The purpose is following the general best practice on keeping the OS drive for the OS and putting applications, in this case AD on separate drives. some of the benefits are. disk performance redundancy high availability protection from single point of failure to name a few
correction.... kind curious where the 192.168.166.4 IP came from? I set my Vnet Local with 192.168.10.0/24 but my Hyper-V DC (local at home) has an IP address not in the same range as it is provided by my ISP as you suggested to locate it by using "What is my IP"....
There are a few things involved here 1 public ip for the vnet gateway 2 your internet IP address that you put into the local network gateway 3 the IP address range that you are allowing access over the S2S VPN. What is the private vnet IP address range?
Thank you very much for sharing these Videos, they are amazing and your explanation are just Great and you go till the end. thank you for that, can you please do videos on Azure Disaster recovery and also videos on Azure Migrate :)
Understood Graham, and thanks for the feedback! Like with anything things improve over time as we learn. I learned how to take better videos and use the editing software to make it easier to watch and learn. I hope you find the newer videos easier to watch.
Note: You might have made an minor error, please correct me if I am wrong here: At 16:22 You entered 192.168.166.4 instead of 192.168.0.4. I guess it only worked because 192.168.0.5 was a valid address! After joining the domain, the azure DC is basically a replication of the on-prem DC. I have a couple of questions and they are as follows: - Are we now using azure DC as a backup for our on-prem domain? - Is this a solution for HA? Thanks
The 166.0/24 range was on prem and the 0.0/24 range was in Azure At the end of the video I was showing that I can be logged onto a VM in Azure and access an onprem domain controller over the VPN. DCs function as multi-master systems...meaning you can read and write to any of them...with the exception of Read-Only Domain Controllers (RODC) then the DCs will replicate to each other. So having more than 1 DC does make your DCs HA, but it is NOT a Backup. For that you need Azure Backup or another backup solution.
Have you skipped an entire section on the training? Because throughout the tutorial we created only 1 Windows Server at 192.168.0.4. Also, which computer is at 192.168.166.4? Is that another Windows Server that you created? Is possible for you to display an inventory of the real and virtual machines that are involved here? Kind regards, Aubin
@@AzureAcademy Thanks for your reply. It became confusing because I am following the our course step by step - one video, then the next - Perhaps mentioning that there you added another computer would help. To make sure that I understand, let me summarize what I think you've done here: Setting up DNS at 2:34 - 192.168.166.4 is your on-prem DC - 192.168.0.5 is the second Windows server that you installed Am I correct? Please note: When you set up the point-to-site connection the on-prem IP address for the connection was 192.168.166.2. By setting up the site-to-site connection that IP address changed to 192.168.166.4. I didn't get this far setting up the site-to-site because setting VPN using Microsoft VPN server has changed - we discussed in a previous comment. I look forward to the course on Monday.
Hi Dean, I have been following all the videos up to this point and I find myself stuck in this one, since when I try to connect the server 192.168.0.4 that is in Azure, with my DC onprem, it cannot find it. My Onprem environment is virtualized with VMWare WorkStation, my DC is connected to the NAT network of my virtual card VMnet8 and has the IP The poin-to-side VPN was configured on my windows 10 laptop where my onprem environment is virtualized and it connects without any error. The onprem ip configured in the VPN was 192.168.207.0/24. How can I validate that the VPN when connected sees the two sites, the Azure one and the virtualized onprem in VMWare, since a ping between these two networks is not working for me, which means that the Azure network (192.168.0.4) and the virtualized onprem (192.168.207.134), they are not going and therefore I will not be able to connect the Azure server with the onprem domain. Can you help me with this. Thanks.
The issue is either that the point to site VPN isn’t seen by the virtualized VM on prem or that you have the Azure side not accepting the connection. In Azure do you have a network security group protecting your VM? If you do you need to allow the traffic you want through it...like an access control list. You can also open Thee windows firewall for that same traffic. If you can ping the on prem VM then you are good
@@AzureAcademy The VPN is created by following the instructions in the video, it is created without problems and makes the connection, but my virtualized onprem environment and my Azure environment do not see each other, as valid if the VPN is working and what networks are connected. I'm new to Azure topics and I've only learned what I take from the Azure Fundamental videos you posted, and I'm stuck on video # 16, since I don't know how to validate if the VPN I create is working and you're seeing the network Azure and my virtualized onprem network. How could you guide me to validate this connection.
To validate if the VPN is working, after connecting it, I connect by RDP from my windows 10 where my virtualized onprem is and I can connect to the server in azure (192.168.0.4), the same I did from my virtual environment in VMWare WorkStation, doing RDP from my DC (192.168.207.134) to the server in Azure (192.168.0.4) and I also have access, I tried to enter the Azure server to my DC but it does not see the domain, is there something that is blocking this connection?
I don't think the issue is the VPN, but rather the Virtual NAT you are doing on your VMWARE Workstation. VMWARE doesn't know how to route to the VPN. Since your VM can reach the internet I suggest putting the Point to site on the VM and see if that works first. That will prove that the issue is the VMWARE Workstation config
NO almost all Azure VMs have the D:\ drive as a temp disk...this is required for the operation of the VMs and also where the page file is located, DO NOT REMOVE it
Hello Dean, Good Day! This is really a great video. May I know what are the steps to connect the on-prem server to azure domain controller? I can see that your on-prem Windows Sever already connected to azure domain. Can you help me with this please. Thank you.
you will need a VPN or Express Route to connect the onprem and Azure environments together. check out video #13 in the Fundamental series on the VPN Gateway th-cam.com/video/rRKJdbUjAn0/w-d-xo.html Then 15 on the Site to Site VPN - th-cam.com/video/9CCZ6I3DRqM/w-d-xo.html
@@AzureAcademy Thank you for your response. In the video you use Windows 10 for the P2S. Can I only use one Window server to configure the P2S and S2S VPN connection, then from there I will connect the onprem server to azure environment. Is that possible? Thank you very much in advance :)
If you have one system on prem a point to site can be fine...if you have several systems a site to site is the way to go. you also have more flexibility with Site to Site with Port configuration, FWD Rules etc.
Great Vid..I'm using 192.168.0.0/23 subnet on prem My on Prem server get static ip on this subnet still i can not join 192.168.0.4 to my domain the VPN work fine.. what is the problem?
Thanks Mohammed! So if I under stand correctly...on prem and Azure are on the same network... what is the ip of the domain controller? What is the ip of the VM in Azure? If the are on the same network this is not a valid configuration. All networks must be unique to talk to each other. So if on prem is 192.168.0.0/23 And Azure is in the same range of 192.168.0.0/x This will not work. Azure should be another range like 172.18.0.0/24 Then you will be able to connect back to on prem and join the domain
@@sneha-ob6yz I don't know AWS...sorry. But if someone does and wants to help make these video comparisons let me know...and to be very, very clear this should NOT be thought of as one or the other is better, rather they are different platforms each with their own strengths and areas to improve and we want to help the community learn the differences in how each platform functions to find what works best for their scenarios.
@ Sneha, Dean - if you want to add AWS to this collection of video I would suggest looking into Terraform as automation and Docker as cross cloud platform. Then we would outline great benefits on how to provision resources b/w clouds
I kept loosing my domain controller in Azure every time I entered a static IP address. This really got me confused. Now I am clear what was happening. Thanks for this course.
Thanks Bijou...happy to help!
Dean, once again ... Thanks much for these videos.... in the last stretch, adding the VM-DC to my ADDS and then after it to promote as a DC but before that.... I noticed you are adding 192 168.166.4 and 192.168.0.5 as your new DNS... kind curious where the 191.168.166.4 IP cam from? we setup several subnets... where did you get this IP address randomly from (Assuming we are excluding the 5 Azure takes away)... this the part where I am not able to make the connection so I can join my Azure DC to my on-premises DC....
192.168.166.4 was the ip of my DC on prem.
I needed to add that to my vnet so the new DC in Azure would be able to find my DC on prem over DNS so it could join the domain.
@@AzureAcademy at the end of the day I decided to create a AADDS instance so I could join my host pool to and everything is working fine......
thanks @@edthefixer2011 good to hear!
Dean another great video! However, I would add the following when creating Azure AD: When using Write Accelerator for an Azure disk/VHD, these restrictions apply:The Premium disk caching must be set to 'None' or 'Read Only'. All other caching modes are not supported.Snapshot are not currently supported for Write Accelerator-enabled disks. During backup, the Azure Backup service automatically excludes Write Accelerator-enabled disks attached to the VM.Only smaller I/O sizes (
.
Hi Dean,
Two questions please
1. When connecting Azure and On-perm network, why do we need an extra Domain Controller in Azure?
Why can't we just have the On-Prem DC and change the DNS server on the CNET to point to the DC on prem.
2. When migrating workloads to Azure (DC)
When we want to configure the new DNS for all the systems moved from On-Prem to Azure. Do we still use Azure DNS or we change the DNS on the VNET to be DC's IP address.
Thank you for your time
a domain controller in Azure is NOT required...however it is recommended. The reason is because it is a best practice to have a DC in every location so they can all function as independently as possible in case of an outage.
Azure DNS is a resource in Azure and is different then the Virtual Network DNS Server settings. So which you select depends on several things.
Thank you Dean. Excellent Video. Can you advice why you chose to move the AD DS files to another Drive (E: Drive). I have not seen this before and not sure what the advantages are?
good question Abu.
The purpose is following the general best practice on keeping the OS drive for the OS and putting applications, in this case AD on separate drives.
some of the benefits are.
disk performance
redundancy
high availability
protection from single point of failure
to name a few
correction.... kind curious where the 192.168.166.4 IP came from? I set my Vnet Local with 192.168.10.0/24 but my Hyper-V DC (local at home) has an IP address not in the same range as it is provided by my ISP as you suggested to locate it by using "What is my IP"....
There are a few things involved here
1 public ip for the vnet gateway
2 your internet IP address that you put into the local network gateway
3 the IP address range that you are allowing access over the S2S VPN.
What is the private vnet IP address range?
Thank you very much for sharing these Videos, they are amazing and your explanation are just Great and you go till the end. thank you for that,
can you please do videos on Azure Disaster recovery and also videos on Azure Migrate :)
Glad we could be a help to you
Great video, but why is the screen captures so poor? It make following the video difficult.
Understood Graham, and thanks for the feedback! Like with anything things improve over time as we learn.
I learned how to take better videos and use the editing software to make it easier to watch and learn.
I hope you find the newer videos easier to watch.
Note: You might have made an minor error, please correct me if I am wrong here: At 16:22 You entered 192.168.166.4 instead of 192.168.0.4. I guess it only worked because 192.168.0.5 was a valid address!
After joining the domain, the azure DC is basically a replication of the on-prem DC. I have a couple of questions and they are as follows:
- Are we now using azure DC as a backup for our on-prem domain?
- Is this a solution for HA?
Thanks
The 166.0/24 range was on prem and the 0.0/24 range was in Azure
At the end of the video I was showing that I can be logged onto a VM in Azure and access an onprem domain controller over the VPN.
DCs function as multi-master systems...meaning you can read and write to any of them...with the exception of Read-Only Domain Controllers (RODC) then the DCs will replicate to each other.
So having more than 1 DC does make your DCs HA, but it is NOT a Backup. For that you need Azure Backup or another backup solution.
@@AzureAcademy Thank you
@@BijouBakson Anytime!
full course on automation in Azure, would be nice.
We do have a playlist on automation and another one on ARM Templates
If there is something more specific you are looking for please let me know
Have you skipped an entire section on the training? Because throughout the tutorial we created only 1 Windows Server at 192.168.0.4. Also, which computer is at 192.168.166.4? Is that another Windows Server that you created?
Is possible for you to display an inventory of the real and virtual machines that are involved here?
Kind regards,
Aubin
There were 2 computers in the video
1 in Azure and the other on prem in my lab.
I did not show building of my lab for times sake.
@@AzureAcademy Thanks for your reply. It became confusing because I am following the our course step by step - one video, then the next - Perhaps mentioning that there you added another computer would help. To make sure that I understand, let me summarize what I think you've done here:
Setting up DNS at 2:34
- 192.168.166.4 is your on-prem DC
- 192.168.0.5 is the second Windows server that you installed
Am I correct?
Please note: When you set up the point-to-site connection the on-prem IP address for the connection was 192.168.166.2. By setting up the site-to-site connection that IP address changed to 192.168.166.4. I didn't get this far setting up the site-to-site because setting VPN using Microsoft VPN server has changed - we discussed in a previous comment. I look forward to the course on Monday.
hows it going?
Hi Dean, I have been following all the videos up to this point and I find myself stuck in this one, since when I try to connect the server 192.168.0.4 that is in Azure, with my DC onprem, it cannot find it.
My Onprem environment is virtualized with VMWare WorkStation, my DC is connected to the NAT network of my virtual card VMnet8 and has the IP
The poin-to-side VPN was configured on my windows 10 laptop where my onprem environment is virtualized and it connects without any error. The onprem ip configured in the VPN was 192.168.207.0/24.
How can I validate that the VPN when connected sees the two sites, the Azure one and the virtualized onprem in VMWare, since a ping between these two networks is not working for me, which means that the Azure network (192.168.0.4) and the virtualized onprem (192.168.207.134), they are not going and therefore I will not be able to connect the Azure server with the onprem domain.
Can you help me with this. Thanks.
The issue is either that the point to site VPN isn’t seen by the virtualized VM on prem or that you have the Azure side not accepting the connection.
In Azure do you have a network security group protecting your VM? If you do you need to allow the traffic you want through it...like an access control list.
You can also open Thee windows firewall for that same traffic.
If you can ping the on prem VM then you are good
@@AzureAcademy The VPN is created by following the instructions in the video, it is created without problems and makes the connection, but my virtualized onprem environment and my Azure environment do not see each other, as valid if the VPN is working and what networks are connected.
I'm new to Azure topics and I've only learned what I take from the Azure Fundamental videos you posted, and I'm stuck on video # 16, since I don't know how to validate if the VPN I create is working and you're seeing the network Azure and my virtualized onprem network. How could you guide me to validate this connection.
To validate if the VPN is working, after connecting it, I connect by RDP from my windows 10 where my virtualized onprem is and I can connect to the server in azure (192.168.0.4), the same I did from my virtual environment in VMWare WorkStation, doing RDP from my DC (192.168.207.134) to the server in Azure (192.168.0.4) and I also have access, I tried to enter the Azure server to my DC but it does not see the domain, is there something that is blocking this connection?
I don't think the issue is the VPN, but rather the Virtual NAT you are doing on your VMWARE Workstation. VMWARE doesn't know how to route to the VPN.
Since your VM can reach the internet I suggest putting the Point to site on the VM and see if that works first.
That will prove that the issue is the VMWARE Workstation config
yeah...sounds like a misconfiguration in VMWARE Workstation NAT
What happened to that temporary disk on the Azure DC? is it safe to remove/delete?
NO almost all Azure VMs have the D:\ drive as a temp disk...this is required for the operation of the VMs and also where the page file is located, DO NOT REMOVE it
@@AzureAcademy Got it! many thanks!
👍👍
So it seems the Vnet Local connection is not communicating with my Vnet GW.....
🤔
Hello Dean,
Good Day!
This is really a great video. May I know what are the steps to connect the on-prem server to azure domain controller? I can see that your on-prem Windows Sever already connected to azure domain. Can you help me with this please. Thank you.
you will need a VPN or Express Route to connect the onprem and Azure environments together.
check out video #13 in the Fundamental series on the VPN Gateway
th-cam.com/video/rRKJdbUjAn0/w-d-xo.html
Then 15 on the Site to Site VPN -
th-cam.com/video/9CCZ6I3DRqM/w-d-xo.html
@@AzureAcademy Thank you for your response. In the video you use Windows 10 for the P2S. Can I only use one Window server to configure the P2S and S2S VPN connection, then from there I will connect the onprem server to azure environment. Is that possible?
Thank you very much in advance :)
If you have one system on prem a point to site can be fine...if you have several systems a site to site is the way to go.
you also have more flexibility with Site to Site with Port configuration, FWD Rules etc.
@@AzureAcademy Thank you very much :)
Anytime Ryan!
Great Vid..I'm using 192.168.0.0/23 subnet on prem My on Prem server get static ip on this subnet still i can not join 192.168.0.4 to my domain the VPN work fine.. what is the problem?
Thanks Mohammed! So if I under stand correctly...on prem and Azure are on the same network...
what is the ip of the domain controller?
What is the ip of the VM in Azure?
If the are on the same network this is not a valid configuration.
All networks must be unique to talk to each other.
So if on prem is 192.168.0.0/23
And Azure is in the same range of 192.168.0.0/x
This will not work.
Azure should be another range like 172.18.0.0/24
Then you will be able to connect back to on prem and join the domain
@@AzureAcademy it was helpful Thank you.
anytime!
I think you should do videos on comparison between AWS and Azure
sounds good...do you want to help on the AWS side?
@@AzureAcademy I would like to learn both for my knowledge
@@sneha-ob6yz I don't know AWS...sorry. But if someone does and wants to help make these video comparisons let me know...and to be very, very clear this should NOT be thought of as one or the other is better, rather they are different platforms each with their own strengths and areas to improve and we want to help the community learn the differences in how each platform functions to find what works best for their scenarios.
@@AzureAcademy Thank you
@ Sneha, Dean - if you want to add AWS to this collection of video I would suggest looking into Terraform as automation and Docker as cross cloud platform. Then we would outline great benefits on how to provision resources b/w clouds