We already have seen how Windows Azure connect can help us in connecting our windows azure role instances to our local computers in the previous post. We also saw in the use cases/scenarios for azure connect, that we can domain join our windows azure roles with our on-premise Active Directory, and this is possible by using connect plug-in.
This is a very useful feature provided by Windows Azure Connect. Active Directory Domain Join might help you in following regards:
- You can now control access to your azure role instances based on domain accounts.
- You can now provide access control using windows authentication along with on-premise SQL server.
- In general, as customers migrate existing Line of Business applications to cloud; many of those applications today are written or assume domain joined environment. And with this capability of domain joining your azure roles to on-premise AD, this process of migration can be made simpler.
The process to setup, enable and configure Active Directory Domain Join using connect, involves following steps:
- Enable one of your domain controller/DNS servers for connectivity by installing Windows Azure Connect Agent on that machine.
Many customers with multiple Domain Controller environment, will have many DCs. For such scenario it is recommended to create a dedicated AD site to be used for domain joining of your azure roles.
- Configure your Windows Azure connect plug-in to automatically domain join your azure role instances to active directory. For domain joining there are specific settings to be done in Service Configuration file (.cscfg )
– credentials (domain account that has permission to domain join these new instances coming online)
- target organizational unit (OU) for where your azure role instances SHOULD be located within your AD
- you can specify list of domain users or groups that will automatically be added to local admin groups for your azure role.
- Configure your network policy. This will specify which roles will connect to what Active Directory servers. This is done from admin portal.
- New Windows Azure Role instances will automatically be domain-joined