Export (0) Print
Expand All

Phase 2: Configure Domain Controllers

Updated: November 11, 2014

[This topic is pre-release documentation and is subject to change in future releases. Blank topics are included as placeholders.]

This is the second phase of deploying SharePoint with SQL Server AlwaysOn in Azure, which includes configuring the two domain controllers. You must complete this phase before moving on to Phase 3.

For the previous phase, see Phase 1: Configure Azure.

For the next phase, see Phase 3: Configure SQL Server Infrastructure.

For all of the phases of this deployment, see Deploying SharePoint 2013 with SQL Server AlwaysOn Availability Groups in Azure.

This deployment of SharePoint with SQL Server AlwaysOn is designed to accompany the SharePoint with SQL Server AlwaysOn Infographic and incorporate the latest recommendations.

The following figure shows the configuration resulting from the successful completion of this phase.

Phase 2: Adding domain controllers

Create the domain controller virtual machines in Azure

First, you need to fill out the Virtual machine name column of Table M and modify their sizes as needed in the Minimum size column. Note that this table uses values from Tables C (for cloud services) and A (for availability sets) that you defined in Phase 1: Configure Azure.

 

Virtual machine name Cloud service name Gallery image Availability set Minimum size

1. ______________ (first domain controller, example DC1)

Item 1 in Table C (see Phase 1: Configure Azure)

Windows Server 2012 R2 Datacenter

Item 1 in Table A (see Phase 1: Configure Azure)

A2

2. ______________ (second domain controller, example DC2)

Item 1 in Table C

Windows Server 2012 R2 Datacenter

Item 1 in Table A

A2

3. ______________ (first SQL Server computer, example SQL1)

Item 2 in Table C

Microsoft SQL Server 2012 SP1 Enterprise on Windows Server 2008 R2 Service Pack 1

Item 2 in Table A

A7

4. ______________ (second SQL Server computer, example SQL2)

Item 2 in Table C

Microsoft SQL Server 2012 SP1 Enterprise on Windows Server 2008 R2 Service Pack 1

Item 2 in Table A

A7

5. ______________ (cluster majority node, example MN1)

Item 2 in Table C

Windows Server 2012 R2 Datacenter

None

A2

6. ______________ (first SharePoint application server, example APP1)

Item 3 in Table C

Microsoft SharePoint Server 2013 Trial

Item 3 in Table A

A4

7. ______________ (second SharePoint application server, example APP2)

Item 3 in Table C

Microsoft SharePoint Server 2013 Trial

Item 3 in Table A

A4

8. ______________ (first SharePoint web server, example WEB1)

Item 3 in Table C

Microsoft SharePoint Server 2013 Trial

Item 4 in Table A

A4

9. ______________ (second SharePoint web server, example WEB2)

Item 3 in Table C

Microsoft SharePoint Server 2013 Trial

Item 4 in Table A

A4

Table M – Virtual machines for SharePoint 2013 intranet farm in Azure

Use the following procedure twice to create the two domain controller virtual machines. Note that this procedure uses values from Table M in this topic and Tables V (for your virtual network settings) and S (for your subnet) that you defined in Phase 1: Configure Azure.

Creating a VM from the gallery

  1. In the command bar of the Azure Management Portal, click New > Compute > Virtual Machine > From Gallery.

  2. On the Choose an image page, select Windows Server R2 2012 Datacenter.

  3. Click the next arrow icon to continue.

  4. On the Virtual machine configuration page:

    • In Virtual Machine Name, type the name of this computer from the appropriate row in Table M. This name will be displayed in the Azure Management Portal.

    • In Size, select the size for the virtual machine based on the Minimum size column of Table M. Virtual machines can be reconfigured for their size after creation. To do so, in the Azure Management Portal, click Virtual Machines, click the name of the virtual machine, and then click the Configure menu option.

    • In New User Name, type a user name for a local administrator account. You will use this name to log on to the machine when initially logging on to it through a Remote Desktop connection.

    • In New Password, enter a strong password for the local administrator account.

    • In Confirm Password, re-enter the strong password.

      Record the local administrator account name and password in a secure location for future reference.

  5. Click the next arrow to continue.

  6. On the Virtual machine configuration page:

    • In Cloud Service, select the name in the Cloud service name column of Table M for the virtual machine.

    • In Region/Affinity Group/Virtual Network, select the name corresponding to Item 1 in Table V, your newly-created virtual network.

    • In Virtual Network Subnets, select the name of your subnet corresponding to Item 1 in Table S.

    • In Storage Account, select the storage account that you created for this deployment.

    • For the first domain controller virtual machine, in Availability Set, click Create availability set and type the name from the Availability set column of Table M for Item 1. For the second domain controller, select the name of the availability set created for the first domain controller.

  7. Click the next arrow to continue.

  8. On the Virtual machine configuration page, in Endpoints, click the PowerShell row and delete 5986 from the Public Port column.

    This will tell Azure to generate a random public port for remote Windows PowerShell sessions for this virtual machine. To see this port number in the Azure Management Portal, click Virtual Machines, click the name of the virtual machine, and then click the Dashboard menu option.

  9. Click the check mark to create the machine. Virtual machine creation can take several minutes.

Next, you need to add an extra data disk to each domain controller virtual machine. Both domain controllers will use this extra disk to store their Active Directory database and logging information.

Use the following procedure twice, one for each domain controller, to attach an empty data disk.

Attaching an empty disk to an Azure VM

  1. In the Azure Management Portal, click Virtual Machines, and then select the virtual machine to which you want to attach the data disk. You must wait until the VM is provisioned and its status is Running before attaching the empty disk.

  2. On the command bar, click Attach, and then click Attach Empty Disk. The Attach Empty Disk dialog box appears. By default, the storage created earlier is entered into the Storage Location. The File Name box contains an automatically generated name that does not need to be altered.

  3. In Size, type 20.

  4. Leave the Host Cache Preference set to the default value None.

  5. Click the check mark to attach the empty data disk. Wait until the status is Running before continuing (a few minutes).

For additional guidance on creating data disks, see Disks.

Next, you need to logon to the first domain controller computer using the credentials of the local administrator account.

Logging on to a virtual machine with a Remote Desktop connection

  1. In the Azure Management Portal, in the left panel click Virtual Machines.

  2. To connect to a VM, click Running in the Status column next to its name.

  3. In the command bar on the bottom of the page, click Connect.

  4. The Management Portal informs you the .rdp file is being retrieved. Click OK.

  5. The browser dialog appears asking, "Do you want to open or save ComputerName.rdp from manage.windowsazure.com." Click Open.

  6. In the Remote Desktop Connection dialog, click Connect.

  7. In the Windows Security dialog, click Use another account.

  8. In User name, type the name of the VM and user name of the local administrator account created with the VM (a local machine account). Use the following format:

    ComputerName\LocalAdministratorAccountName

  9. In Password, type the password for the local administrator account.

  10. Click OK.

  11. In the Remote Desktop Connection dialog, click Yes. The desktop of the new machine appears in a Remote Desktop session window.

Next, you need to add the extra data disk to the first domain controller.

To initialize an empty disk

  1. In Server Manager, in the left pane, click File and Storage Services.

  2. In the left pane, click Disks. In the list of disks, select the empty disk, which is identifiable by its capacity and its Partition set to Unknown.

  3. In the Volumes panel, click To create a volume, start the Volume Wizard. Follow the steps in the wizard to initialize the disk. Accept all defaults to create a GUID Partition Table (GPT) disk assigned to the drive letter "F". Give the volume a friendly name to distinguish it from other disks.

Next, test the first domain controller's connectivity to locations on your organization network.

To test connectivity

  1. From the desktop, open an administrator-level PowerShell command prompt.

  2. At the PowerShell command prompt, use the ping command to ping names and IP addresses of resources on your organization network.

This procedure ensures that DNS name resolution is working correctly (that the virtual machine is correctly configured with on-premises DNS servers) and that packets can be sent to and from the cross-premises virtual network.

Next, use the instructions in How to install and configure Azure PowerShell to install Azure PowerShell.

Next, fill out the variables in the following set of Windows PowerShell commands—removing the text and the brackets—and then run the following in the PowerShell command prompt:


$vmname="[name of your first domain controller virtual machine (Item 1 in Table M)]"
$svcname="[name of the cloud service for your first domain controller virtual machine (Item 1 in Table C)]"
$ipaddr=[the first address from Item 6 in Table V]
Get-AzureVM -ServiceName $svcname -Name $vmname | Set-AzureStaticVNetIP -IPAddress $ipaddr | Update-AzureVM

Next, join the first domain controller to the appropriate on-premises Active Directory domain with the following Windows PowerShell commands:


$domname="[DNS domain name of the domain for which this computer will be a domain controller]"
Add-Computer -DomainName $domname
Restart-Computer

After the virtual machine restarts, connect to it using the same steps as the previous Logging on to a virtual machine with a Remote Desktop connection procedure. However, the credentials (the name and password) to enter in steps 8 and 9 are for a domain administrator account, not the local administrator account. The name is in the format DomainName\DomainAdminUserAccountName. For example, contoso\johndoe.

Next, open an administrator-level Windows PowerShell command prompt and run the following commands (removing the text and the brackets for the $domname variable):


$domname="[DNS domain name of the domain for which this computer will be a domain controller]"
Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
Install-ADDSDomainController -InstallDns –DomainName $domname  -DatabasePath "F:\NTDS" -SysvolPath "F:\SYSVOL" -LogPath "F:\Logs"

The computer will restart.

Next, you need to logon to the second domain controller computer using the credentials of its local administrator account. See the previous Logging on to a virtual machine with a Remote Desktop connection procedure.

Next, you need to add the extra data disk to the second domain controller. See the previous To initialize an empty disk procedure.

Next, test your connectivity to locations on your organization network from the second domain controller. See the previous To test connectivity procedure.

Use this procedure to ensure that DNS name resolution is working correctly (that the virtual machine is correctly configured with on-premises DNS servers) and that packets can be sent to and from the cross-premises virtual network.

Next, fill out variables in the following set of Windows PowerShell commands (removing the text and the brackets), and then run them in the PowerShell command prompt:


$vmname="[name of your second domain controller virtual machine (Item 2 in Table M)]"
$svcname="[name of the cloud service for your first domain controller virtual machine (Item 1 in Table C)]"
$ipaddr=[the second address from Item 6 in Table V]
Get-AzureVM -ServiceName $svcname -Name $vmname | Set-AzureStaticVNetIP -IPAddress $ipaddr | Update-AzureVM

Note that these commands use values from Table M in this topic and Tables V (for your virtual network settings) and C (for your cloud services) that you defined in Phase 1: Configure Azure.

Next, join the second domain controller to the same on-premises Active Directory domain as the first domain controller with the following Windows PowerShell commands:


$domname="[DNS domain name of the domain for which this computer will be a domain controller]"
Add-Computer -DomainName $domname
Restart-Computer

After the virtual machine restarts, connect to it using the same steps as the Logging on to a virtual machine with a Remote Desktop connection. However, the credentials (the name and password) to enter in steps 8 and 9 are for a domain administrator account, rather than the local administrator account. The name is in the format DomainName\DomainAdminUserAccountName. For example, contoso\johndoe.

Next, open an administrator-level Windows PowerShell command prompt and run the following commands:


$domname="[DNS domain name of the domain for which this computer will be a domain controller]"
Install-WindowsFeature AD-Domain-Services -IncludeManagementTools
Install-ADDSDomainController -InstallDns –DomainName $domname  -DatabasePath "F:\NTDS" -SysvolPath "F:\SYSVOL" -LogPath "F:\Logs"

The computer will restart.

The SharePoint farm will need the following user accounts:

  • sp_farm: A user account for managing SharePoint farms.

  • sp_farm_db: A user account that has sysadmin rights on SQL Server instances.

  • sp_install: A user account that has domain administration rights needed for installing roles and features.

  • sqlservice: A user account that SQL instances can run as.

Next, logon to the first domain controller computer, open an administrator-level command prompt, and run the following commands:


New-ADUser -SamAccountName sp_farm -AccountPassword (read-host "Set user password" -assecurestring) -name "sp_farm" -enabled $true -PasswordNeverExpires $true -ChangePasswordAtLogon $false
New-ADUser -SamAccountName sp_farm_db -AccountPassword (read-host "Set user password" -assecurestring) -name "sp_farm_db" -enabled $true -PasswordNeverExpires $true -ChangePasswordAtLogon $false
New-ADUser -SamAccountName sp_install -AccountPassword (read-host "Set user password" -assecurestring) -name "sp_install" -enabled $true -PasswordNeverExpires $true -ChangePasswordAtLogon $false
New-ADUser -SamAccountName sqlservice -AccountPassword (read-host "Set user password" -assecurestring) -name "sqlservice" -enabled $true -PasswordNeverExpires $true -ChangePasswordAtLogon $false

For each command, you will be prompted to enter a password. Record these account names and passwords and store them in a secure location.

Add additional account properties to the new user accounts

  1. Open the Server Manager. In the upper right corner, click Tools and click Active Directory Users and Computers.

  2. In the Users panel, select the sp_install user.

  3. Right-click the selected node and click Add to a group.

  4. In the Select Groups dialog, type domain admins. Then click the Check Names button to resolve the name.

  5. After the Domain Admins group is resolved, click OK to add the user to the group and close the dialog.

  6. Grant further rights to the sp_install account using the Active Directory Users and Computers dialog

    1. In the dialog, click View and click Advanced Features. The option lets you see all hidden containers and hidden tabs in the property windows for AD objects.

    2. Right-click your domain name and click Properties.

    3. In the Properties dialog, select the Security tab and click the Advanced button.

    4. In the Advanced Security settings for <YourDomainName> window, click Add.

    5. In the text box, type <YourDomainName>\sp_install and click OK.

    6. Select Allow for Read all properties and Create computer objects, then click OK three times to close the dialog box.

Next, update the DNS servers for your virtual network so that Azure assigns virtual machines the IP addresses of the two domain controllers to use as their DNS servers. Note that this procedure uses values from Table V (for your virtual network settings) that you defined in Phase 1: Configure Azure.

Add DNS servers to your virtual network for the two domain controllers

  1. In the left pane of the Azure Management Portal, click Networks, and then click the name of your virtual network (Item 1 from Table V).

  2. Click Configure.

  3. In DNS Servers, remove the entries corresponding to the DNS servers that are located on your on-premises network.

  4. In DNS Servers, add two entries with friendly names and the IP addresses of Item 6 in Table V (the addresses of the two domain controllers).

  5. In the command bar at the bottom, click Save.

  6. In the left pane of the Azure Management Portal, click Virtual Machines, and then click the Status column next to the name of your first domain controller.

  7. In the command bar, click Shut Down.

  8. When the first domain controller is shut down, in the command bar click Start.

  9. When the second domain controller is started, click the Status column next to the name of your second domain controller.

  10. In the command bar, click Shut Down.

  11. When the second domain controller is shut down, in the command bar click Start.

Note that we restart the two domain controllers so that they are not configured with the on-premises DNS servers as DNS servers. Because they are both DNS servers themselves, they are automatically configured with the on-premises DNS servers as DNS forwarders when they were promoted to domain controllers.

Next Steps

For the next phase of the deployment, see Phase 3: Configure SQL Server Infrastructure.

For all of the phases of this deployment, see Deploying SharePoint 2013 with SQL Server AlwaysOn Availability Groups in Azure.

Community Additions

ADD
Show:
© 2014 Microsoft