Mark Minasi's Tech Forum
Sign up Calendar Latest Topics

  Author   Comment  

New Friend (or an Old Friend who Built a New Account)
Posts: 81
Reply with quote  #1 
Hi all,

I'm working more and more with Microsoft 365 and Azure.

I may be involved with a plan to link our local network to Azure: setting up a vNet, some subnets (resource groups, etc.), and then the site-to-site VPN for the connection itself.

I would concentrate on the Active Directory aspect, so (possibly) the creation of some virtual machines acting as domain controllers.

I only have a vague idea of how this works and I'm hoping some of you guys could help an "old friend" out (yes, I was on the old forum, then posted here a little in the past, but like others, sadly, less and less over time).

I know some questions are going to be asked so I'm trying to do my research. I've found some answers already such as differences setting up servers in Azure:

  • Network TPC/IP properties are a separate object (?) and not configured within the VM itself.
  • No in-place upgrades (when the time comes to upgrade, we're not there yet).

As for domain controllers, I'm already hearing questions like:
  • What if we just have - or just start with - Linux servers in Azure? Presumably there would be no need for domain controllers (although our on-prem Linux servers do interact with our domain controllers - not sure how the Linux guys have this set up exactly, I just know there is some sort of interaction).
  • If we have this VPN link, and wanted to have Windows member servers in Azure, couldn't we just join them to the domain via the VPN link? I would think this would be suboptimal at best, and we'd be totally dependant on that link, but since setting up domain controllers in Azure means more licenses and more complexity, some will ask if we could do without.
  • If we do have domain controllers, I have to think that would involve setting up a separate Active Directory site up there? I don't think you could get around that, but once again, this is relatively new to me.
I'll start with those questions, may have more, or follow-up questions too.

Otherwise, nice to see some of the members of the old forum here! Lots of memories and lots of things learned. I think I joined in 2003. Almost (almost) 20 years ago!

David (Aval)


Avatar / Picture

Senior Member
Posts: 421
Reply with quote  #2 

it should be all part of the overall design since DC placement generally affects replication, site coverage etc.

If you will have systems in Azure that need to be able to communicate with a DC at all times, no matter what OS or role, you'll need DCs in Azure. VPNs do go down.

If only the Azure-based systems need to talk to the Azure-based DCs (i.e. those DCs won't have to serve as failover for the on-prem locations), put them into a separate site and make the replication cost to that site prohibitively high.

You've got the no inplace upgrade part right.

As to IP addresses, I'm not sure. It's certainly the case with public IPs. If you have a private subnet with a VPN gateway, I *think* you can assign IP addresses from that subnet directly in the NIC config.

Evgenij Smirnov

My personal blog (German):
My stuff on PSGallery:

New Friend (or an Old Friend who Built a New Account)
Posts: 81
Reply with quote  #3 
Thanks Evgenij!
Previous Topic | Next Topic

Quick Navigation:

Easily create a Forum Website with Website Toolbox.