We help IT Professionals succeed at work.

Using Azure Domain Services with default domain name scheme

LA_Admin
LA_Admin asked
on
114 Views
Last Modified: 2016-08-28
Hello everyone,

I am currently building a testing environment in Office 365/Azure to get a feel for Domain Services and how it can help our business. I currently have it setup with a <companyname>.onmicrosoft.com domain name. I am trying to configure LDAPS, and it requires me to create a DNS record with the external DNS provider so that the DNS name of the managed domain points to the external IP address that gets created during setup. (using steps listed here, under Task 5: Configure LDAPS)

My issue is that I am not using an external DNS provider, just what MS is providing. Is there something that I am doing wrong, or will I need to get ahold of an external DNS provider like NetSol?
Comment
Watch Question

MaheshArchitect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
are you using contoso.onmicrosoft.com or your custom domain in azure

If you are using contoso.onmicrosoft.com, no dns entry is required, in fact you can't do it because you don't have control on that dns zone

If you are using custom domain, you would get custom dns zone for custom domain (public domain) where you can create required Host(A) record
I don't think this is your case
Further more, this step is optional and applicable only if you are accessing resources from managed domain over internet using LDAPS
Jian An LimSolutions Architect
CERTIFIED EXPERT
Top Expert 2016
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION

Author

Commented:
So I went and bought a .com domain. I was able to generate an A record for the external IP address for LDAPS access within NetSol. When I attempt to join a physical laptop to the domain, it tells me that it cannot find it. Also, when I attempt to connect Azure ADDS to an Amazon Workspace directory via AD Connector, I get the following message: "Connectivity issues detected: DNS unavailable (TCP Port 53) for IP X.X.X.X. Please ensure that the listed ports are available and retry the operation".
Jian An LimSolutions Architect
CERTIFIED EXPERT
Top Expert 2016
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
MaheshArchitect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
In addition to above the functionality you are trying to explore is available only with Windows 10 machines
Jian An LimSolutions Architect
CERTIFIED EXPERT
Top Expert 2016

Commented:
this is Azure Active directory domain services, NOT azure AD.
AADDS allows any windows to join to domain, as long as they are in the same network.
MaheshArchitect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Thanks Jian.

Not aware with this.

Author

Commented:
Ok, so it would appear that I misinterpreted the ability of AADDS. That is no problem. Any ideas about the Amazon Workspaces issue?
Jian An LimSolutions Architect
CERTIFIED EXPERT
Top Expert 2016

Commented:
what Amazon Workspaces issue?
as i said, do your both network (amazon and microsoft azure) are on the same (private) network, can they route via private IP?

AADDS is a domain controller, you never expose it directly via internet public IP address.
the only thing AADDS are exposing is the LDAPS that microsoft provided.
ALl other features (DOMAIN JOIN, kerberos and etc) required private IP address to function

Author

Commented:
From above:  "when I attempt to connect Azure ADDS to an Amazon Workspace directory via AD Connector, I get the following message: "Connectivity issues detected: DNS unavailable (TCP Port 53) for IP X.X.X.X. Please ensure that the listed ports are available and retry the operation"."
Solutions Architect
CERTIFIED EXPERT
Top Expert 2016
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION

Author

Commented:
Anyone else have any experience here?
Jian An LimSolutions Architect
CERTIFIED EXPERT
Top Expert 2016
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION

Author

Commented:
To answer your question about the IP address, I realized I was using an internal address, so no wonder it couldn't find it.

So I have attempted to configure a VPN between AWS and Azure. I have configured static gateways on both sides and tried to complete the connection, but so far the tunnels are still down. I have found walkthrough's that mention point to site VPN by spinning up a VM on one side or the other and installing RRAS, but I would like to avoid running a VM if at all possible.

I have configured site to site VPN connections in Azure, and feel confident that my config here is correct, but am green in AWS. Do you know if this is possible? Also, is there a way to export my AWS config so that I can share it?
Jian An LimSolutions Architect
CERTIFIED EXPERT
Top Expert 2016
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Jian An LimSolutions Architect
CERTIFIED EXPERT
Top Expert 2016

Commented:
There are no AAADS connectivty between Azure and AWS.
a VPN is required.