This tutorial outlines the implementation of on-premises Active Directory within Azure Virtual Machines.

• Microsoft Azure (Virtual Machines)
• Remote Desktop
• Active Directory Domain Services
• PowerShell

• Windows Server 2022
• Windows 10

• Install Active Directory Domain Services
• Deploying Active Directory
• Create Users with PowerShell
• Group Policy and Managing Accounts

1️⃣ Install Active Directory Domain Services ⤵️

Promote as a Domain Controller (DC)

• Setup a new forest as talondomain.com
• Restart and log back into DC as user: talondomain.com\talons

2️⃣ Create a Domain Admin user within the Domain ⤵️

In Active Directory Users and Computers (ADUC):

• Create an Organizational Unit (OU) called _EMPLOYEES
• Create another new OU named _ADMINS
• Create a new employee named Jane Doe with username: jane_admin
• Add Jane Doe user to the Domain Admins Secuirty Group
• Logout of DC as talondomain.com\talons, Log back into DC as talondomain.com\jane_admin
  

3️⃣ Join client-1 to your Domain ⤵️

• From Azure Portal:
  • Set client-1 DNS settings to DC's private IP address
• Login to client-1 as local admin (ctalons) and join it to the domain
• Login to DC and verify if client-1 shows in ADUC
• In ADUC:
  • Create a new OU named _CLIENTS and add client-1

4️⃣ Setup Remote Desktop for non-admin users on client-1 ⤵️

Log into client-1 as talondomain.com\jane_admin

• Open System Properties
  • Click Remote Desktop
  • Allow domain users access to remote desktop
• You can now log into client-1 as non-admin user

⚠️ This task is usually done with Group Policy which allows you to change many systems at once ⚠️

5️⃣ Creating additional users with Powershell script 🏁

Log into DC-Jane Doe

• Open Powershell_ise as an administrator
  • Create a new file and paste contents of script
  • Run the script and observe the accounts being created
• Open ADUC and observe the new accounts created under _EMPLOYEES OU
• Log into client-1 with one of the new user accounts

🔒 Account Lockouts 🔓

User account is locked out due to exceeding limit of incorrect password attempts

• Observe that the account has been locked out within Active Directory
  • Open ADUC, right click talondomain, then click Find...
    • Search for the user that is locked out, then click Find Now
• To Reset the password and Unlock account:
  • Right click on user name, click Reset Password
• To Unlock account only:
  • Double click on user name, click Account tab and check Unlock Account box

🚦 Enable and Disable Accounts 🚦

• Open ADUC, right click talondomain, then click Find...
  • Search for the user that is locked out, then click Find Now
• To Disable and Enable Account:
  • Right click on user name, click Disable Account or Enable Account

🧾 Observing Logs 🧾

• Open Event Viewer
  • Expand Windows Logs, then click Secuirty
    • Right click Secuirty then click Find to search specific user name log events