First of all we need the network infrastructure in Azure. My suggestion for the solution would look like this:
| Network | IP Range | Purpose |
|---|---|---|
| vNet | 10.11.0.0/16 | Overall network for the WDV deployment (Azure only) |
| Backend | 10.11.2.0/24 | Backend network to hold the DC |
| Clients | 10.11.3.0/24 | Client network to deploy the VMs of the host pool in |
These vNet is quite big, to enable future testing and components in your environment. Feel free to change the IP ranges.
- Go to the Azure Portal
- Select create a resource
- In the Search bar look for Virtual Network
- In the dialog "New Virtual Network" click create
- Fill out the parameters for the creation like in this sample (including a new resource group for the whole implementation)
The subnet for the backend can be deployed in the same step.
After the vNet with the first subnet Backend is deployed we have to create the client subnet:
- Go to the vNet deployed in step 5 and in the settings section we can define a new subnet fot the clients
- After pressing the
the parameters for the new subnet must be provided
To demo purpose no Network Security Group, Routing Table or other configuration where made. In a productive environment it is highly recommended to work with security features like this. for a deeper understanding please refer to the Azure documentation.
As mentioned before we need a Active Directory in the network where the client will be deployed. So we have to deploy a domain controller into our Backend Subnet in the next steps. To make as simple as possible this documentation deploys a domain controller based on a serve core image and a client to manage the domain in the Client Subnet. Feel free to deploy a full server or any other edition.
-
Deploy the server core VM for the domain controller by clicking on the Create a resource in the Azure portal
-
Search for the Windows Server in the Marketplace and select Windows Server
-
Select the Server Image you want to use - in this sample the Windows Server 2019 datacenter server core
-
After clicking on Create you get the dialog for a new VM in Azure
Here it is important to bring the VM in the Backend Subnet and expose the VM with an Public IP to the internet. Keep in mind that you have to open the RDP port for the connection and remember your local Admin password for the connection. At the end of the dialog you get the summary - it should somehow like this one:
-
Next Step in the deployment is the installation of the Active Directory on the new VM.
To achieve this, connect to the VM via RDP an than open an PowerShell on the command prompt:
-
To deploy the Windows Feature for domain services use the following PowerShell command:
Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
-
And as a second step in the PowerShell deploy the new forest
Install-ADDSForest -DomainName DomainName -SafeModeAdministratorPassword (Convertto-SecureString -AsPlainText "Passwort" -Force)
Please paste in your domain name and the admin password at the parameter DomainName und "Password" in the powershell statement
-
Reboot the new deployed DC and your domain should be up and running
To manage the Active Directory and to ensure that everything works in the environment, a client VM is deployed into the Client Subnet. The management client is going to be joined to the Active Directory (see step 14) and the RSAT Tools are installed.
- Deploy a VM - depending on the subscription being uses, different kind of images are available. In this demo a Windows 10 Image was used to deploy the management client
- After the client is deployed it could be interesting to check the dns name resolution in your network. First step - check whether the domain controller is able to resolve DNS request. Connect via RDP to your DC and check with e.g. nslookup the external DNS resolution
- Get the Azure DNS Server IP to configure the vNet for DNS - the fastest way if you not already know the IP is to connect to client and get the ipconfig ipconfig /all an check the provided DNS information
in this Case we have the 168.63.129.16 - Change the DNS setting for the vNet in the Azure portal
- Before the management client can be joined to the domain, the DNS config of the VM must be refreshed and than the VM can be joined to the AD created on the domain controller in step 14
Enter the needed Domain Admin credentials and than reboot the VM - Check at the end that the management VM is now in the domain and install the RSAT Tools from the following URL
https://www.microsoft.com/en-us/download/details.aspx?id=45520 - In preparation for the further deployment of the Windows Virtual Desktop Service it would be helpful to already have a special OU in the AD for the clients in the host pool. In this sample an OU WVDDemo is deploy with Clients and User as folders.
