Using same domain controller for multiple virtual networks in azure - azure

In a azure virtual network(say vnet1) I have 2 virtual machines(say VM1 & VM2).I have windows server active directory installed in VM1. In vnet setting in azure I have mentioned VM1 as my DNS server.So I can use user credentials in AD(from VM1) to login to VM2.Now I want another virtual network(vnet2) to use same AD(in vnet1) so that I could login to the virtual machines in vnet2 using user credentials in AD in vnet1.I tried putting in public IP of VM1 as a DNS setting in vnet2 but that did not work.I would like to know if this is possible? or I have to use another windows server active directory which would be part of my vnet2?
I would also like to know if there are any network limitations on AD?
Thanks in advance.

You net to do a Site to Site between the Vnets.
Depending on if you are using ASM (Azure Service Manager) or ARM (Azure Resource Manager) the solution might have a different setup and there are many blog posts on how to do a Vnet to Vnet connection but i always try to use the official documentation since it always has the latest supported information.
Here is the guide you are looking for.
https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-configure-vnet-to-vnet-connection/

Related

How to add AWS Virtual Machine to Azure Active Directory Domain?

I need to understand whether is it possible to add AWS Virtual machine to custom domain controller of Azure.
I have created Active Directory Domain controller in one of the Virtual machine of Azure. Now I have created few virtual machines on AWS (Amazon Web Services). I want to add these machines into Azure custom Domain controller.
Is it possible and if yes, then can someone please guide me on how to do that?
I don't think it is possible with AWS now, but you could try and create a Site-to-Site VPN and test, most likely will not work, but who knows, you might try to replicate your Azure VM DNS network configuration on your AWS VM and see if it helps.
Here's the networking guide for Azure AD Services.
I have tested joining Linux VMs across a Site to Site VPN and they work OK (it was to Azure Active Directory Domain Services, machines could join and users log on).
As the above answer notes however DNS is the killer here. With the Linux boxes I was able to use local config files to save needing to replicate the DNS zone, for Windows boxes you could try hacking the hosts file with some #pre #dom entries but in reality I think you would need a zone replica in your AWS DNS servers for it to work reliably.

How-To Configure Virtual Network Gateway in AZURE

I am using AZURE and have created several webapps and one Virtual Machine. I need all of them to be part of a virtual network so that cookies/and other packets transferred between them work properly. I created the VM and the network at the same time. But when I try to add networking to the webapps it shows the network but says that it does not have a gateway.
I don't know how to add a gateway to that VPN or how to make it work. Can anyone please help me?
You have to configure point to site in your virtual network before you can connect a web application to your vnet. Basically, you need to create a gateway and then configure point to site.
Since you already have a virtual network, follow steps 4 and 5 only:
Create a VNet with a Site-to-Site VPN connection using the Azure Portal
Later, configure P2S:
Configure a Point-to-Site connection to a virtual network using PowerShell
If everything goes right, you will be able to select the VNET in your app settings instead of a greyed item.
I wrote about this process a while ago and you can find my notes here.

How to add users to the Azure Virtual Network

I have several virtual machines in the azure network. Instead of creating users separately for each machine I would like to create the users at the network level. It will be easier for me to maintain users at the network level.
I am guessing it is not possible to add users to the virtual network because so far I haven't found anything while googling for the question and there is nothing in the Azure Management Portal Virtual Network settings that hints that this feature is available. If this is correct then would you like to suggest a workaround?
You cannot add users to a virtual network in Azure. You can only add VMs (IaaS) and Web and Worker Roles (PaaS) to virtual networks.
In the case you mean to authorize users to access Windows VMs, then think about an Active Directory Domain for your VMs and join all your VMs in that domain.
Here is a guide how to do this: Install a new Active Directory forest on an Azure virtual network

How do I add a website to a virtual network in Windows Azure?

Scenario:
I have a website on Windows Azure. That website needs to connect to a (new) Azure VM.
I have done the following:
Created new Virtual Network on Azure
Added the VM to the Virtual Network, and it does get an IP in the virtual network.
I have configured the appropiate Endpoint for the VM (Public/Private port).
Now, how do I "connect" the Azure website to the same virtual network, such that my .NET code in the website can create a TCP connection to the VM on it's IP on the Virtual Network ?
This is now possible. Be sure to use the NEW Azure Portal. For details, check out:
http://azure.microsoft.com/blog/2014/09/15/azure-websites-virtual-network-integration/
Currently you cannot connect/add Azure Web Site to a Virtual Network. You can only add VMs and Cloud Services to a Virtual Network. However this is a demanded feature and I believe we will see it in the future releases of the Web Sites service (my speculation).
The key here is to create the Virtual Network before the Virtual Machine and then place the VM in the VN during it's creation. The article here gives instructions moving a VM into a VN.
http://blogs.msdn.com/b/walterm/archive/2013/05/29/moving-a-virtual-machine-from-one-virtual-network-to-another.aspx

How to Connect Azure Worker/Web role to Azure Iaas VMs without using public IP's?

We want to run MongoDB and some custom services on Azure Iaas VMs and connect to them with our roles but we do not want to have public IP exposure on the VMs.
If possible what is the best way of doing this?
If not possible is this on the roadmap?
We can add the VM's under the same cloud service and they can communicate happily, the roles are in same deployment so they communicate, but issue between the vm's and roles. We appreciate that the Iaas stuff is still in preview.
Thanks
If you have your Windows Azure Web/Worker Role and Windows Azure Virtual Machine in the same DC you can access them directly using internal IP address using Virtual Networking (Vnet) using internal Endpoints. To achieve it first you would need to create a Virtual Network and then add your Virtual Machine to this VNet. VNet will give your internal IP address and your Web/Worker Role can communicate to this internal IP address.
You can not do mix mode deployment directly from Windows Azure Preview Portal (it is not supported in preview yet) however you can use PowerShell VNet cmdlets to get it configured and working. To need further assistance with VNet team you can contact them directly here.

Resources