Administration of Active Directory does not have to be hard. Too often what should be a simple task is made more difficult than it needs to be.The solution? Hyena from SystemTools Software. With ease-of-use as well as powerful importing and bulk updating capabilities.
Using Azure Domain Services with default domain name scheme
Hello everyone,
I am currently building a testing environment in Office 365/Azure to get a feel for Domain Services and how it can help our business. I currently have it setup with a <companyname>.onmicrosoft.
My issue is that I am not using an external DNS provider, just what MS is providing. Is there something that I am doing wrong, or will I need to get ahold of an external DNS provider like NetSol?
I am currently building a testing environment in Office 365/Azure to get a feel for Domain Services and how it can help our business. I currently have it setup with a <companyname>.onmicrosoft.
My issue is that I am not using an external DNS provider, just what MS is providing. Is there something that I am doing wrong, or will I need to get ahold of an external DNS provider like NetSol?
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
hi.
do you have a domain like "mydomain.com" to use?
you must have your own domain ldap.mydomain.com , and cannot use vanity domain <tenant>.onmicrosoft.com
i have recently deployed this so i know the limitation well.
If you want to by pass, you can expose your LDAP via a kemp/netscaler load balancer
this will not require a wildcard certificate as well
do you have a domain like "mydomain.com" to use?
you must have your own domain ldap.mydomain.com , and cannot use vanity domain <tenant>.onmicrosoft.com
i have recently deployed this so i know the limitation well.
If you want to by pass, you can expose your LDAP via a kemp/netscaler load balancer
this will not require a wildcard certificate as well
So I went and bought a .com domain. I was able to generate an A record for the external IP address for LDAPS access within NetSol. When I attempt to join a physical laptop to the domain, it tells me that it cannot find it. Also, when I attempt to connect Azure ADDS to an Amazon Workspace directory via AD Connector, I get the following message: "Connectivity issues detected: DNS unavailable (TCP Port 53) for IP X.X.X.X. Please ensure that the listed ports are available and retry the operation".
wait, what do you mean JOin to the domain?
you cannot joined a physical laptop to the domain unless you have site to site VPN.
you cannot joined a physical laptop to the domain unless you have site to site VPN.
In addition to above the functionality you are trying to explore is available only with Windows 10 machines
this is Azure Active directory domain services, NOT azure AD.
AADDS allows any windows to join to domain, as long as they are in the same network.
AADDS allows any windows to join to domain, as long as they are in the same network.
Ok, so it would appear that I misinterpreted the ability of AADDS. That is no problem. Any ideas about the Amazon Workspaces issue?
what Amazon Workspaces issue?
as i said, do your both network (amazon and microsoft azure) are on the same (private) network, can they route via private IP?
AADDS is a domain controller, you never expose it directly via internet public IP address.
the only thing AADDS are exposing is the LDAPS that microsoft provided.
ALl other features (DOMAIN JOIN, kerberos and etc) required private IP address to function
as i said, do your both network (amazon and microsoft azure) are on the same (private) network, can they route via private IP?
AADDS is a domain controller, you never expose it directly via internet public IP address.
the only thing AADDS are exposing is the LDAPS that microsoft provided.
ALl other features (DOMAIN JOIN, kerberos and etc) required private IP address to function
From above: "when I attempt to connect Azure ADDS to an Amazon Workspace directory via AD Connector, I get the following message: "Connectivity issues detected: DNS unavailable (TCP Port 53) for IP X.X.X.X. Please ensure that the listed ports are available and retry the operation"."
can you tell me technically how do you achieve this?
I am not a Amazon workspace experts so I am clueless how it works.
According to this http://docs.aws.amazon.com/workspaces/latest/adminguide/prep_connect.html
, you need to have VPN between amazon and Azure.
you also need to run the connect verification to make sure it is OK.
my understand is AADDS should able to achieve that, but VPN and firewall might block it.
I am not a Amazon workspace experts so I am clueless how it works.
According to this http://docs.aws.amazon.com/workspaces/latest/adminguide/prep_connect.html
, you need to have VPN between amazon and Azure.
you also need to run the connect verification to make sure it is OK.
my understand is AADDS should able to achieve that, but VPN and firewall might block it.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
you can "request attention" below the question but you need to work with some one ..
I might not be experts in amazon but i indeed experts in Azure, especially my last project is working on AADDS preview.
YOu have not attempt to answer my previous question. can you kindly tell me whether you have a VPN on board?
also, you wrote "Connectivity issues detected: DNS unavailable (TCP Port 53) for IP X.X.X.X" is this X.X.X.X an internal IP or external IP. and if it is external IP, is it the LDAPS IP address provided by Microsoft?
I might not be experts in amazon but i indeed experts in Azure, especially my last project is working on AADDS preview.
YOu have not attempt to answer my previous question. can you kindly tell me whether you have a VPN on board?
also, you wrote "Connectivity issues detected: DNS unavailable (TCP Port 53) for IP X.X.X.X" is this X.X.X.X an internal IP or external IP. and if it is external IP, is it the LDAPS IP address provided by Microsoft?
To answer your question about the IP address, I realized I was using an internal address, so no wonder it couldn't find it.
So I have attempted to configure a VPN between AWS and Azure. I have configured static gateways on both sides and tried to complete the connection, but so far the tunnels are still down. I have found walkthrough's that mention point to site VPN by spinning up a VM on one side or the other and installing RRAS, but I would like to avoid running a VM if at all possible.
I have configured site to site VPN connections in Azure, and feel confident that my config here is correct, but am green in AWS. Do you know if this is possible? Also, is there a way to export my AWS config so that I can share it?
So I have attempted to configure a VPN between AWS and Azure. I have configured static gateways on both sides and tried to complete the connection, but so far the tunnels are still down. I have found walkthrough's that mention point to site VPN by spinning up a VM on one side or the other and installing RRAS, but I would like to avoid running a VM if at all possible.
I have configured site to site VPN connections in Azure, and feel confident that my config here is correct, but am green in AWS. Do you know if this is possible? Also, is there a way to export my AWS config so that I can share it?
https://blogs.technet.microsoft.com/canitpro/2016/01/11/step-by-step-connect-your-aws-and-azure-environments-with-a-vpn-tunnel/
you need to follow this (i am not aws experts)
you need to follow this (i am not aws experts)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MCSE Microsoft Certified Systems Engineer - Identity … 440 lessons
-
Business CommunicationCertification: PMI ACP® Project Management Institute Agile Certified P… 340 lessons
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
If you are using contoso.onmicrosoft.com, no dns entry is required, in fact you can't do it because you don't have control on that dns zone
If you are using custom domain, you would get custom dns zone for custom domain (public domain) where you can create required Host(A) record
I don't think this is your case
Further more, this step is optional and applicable only if you are accessing resources from managed domain over internet using LDAPS