A lot of us have been setting up Hybrid Cloud (Azure) environments and one of the first things that needs to be done is setup a Replica Domain Controller.

This post will show the steps that I followed to get this done.


Before we get started it is important to note that the following steps have already been completed:

  • Created a Virtual Network (
  • Connected the Virtual Network to a S2S (Site to Site) VPN to my On-Premise Network (
  • Created a Local Network which defined the On-Premise Network and my External IP from that location
  • Configured an on premise Windows 2012 R2 RRAS Server to act as the other end of the VPN On-Premise
    • Ran the downloaded 2012 RRAS Configuration Script from the Virtual Network / Gateway Dashboard Page
  • Validated routing from my On-Premise Network to my Azure Virtual Network
  • Azure PowerShell Module downloaded and installed


Where we will get started today is the build out of the new Azure Replica Domain Controller


Step # 1 – We need to a new Azure VM for this (We will use the smallest one to save costs)

  1. From the Azure Management Portal, Add a Custom Virtual Machine, Select Windows 2012 R2 DataCenter

  2. On the Virtual Machine Configuration Page Configure with the following options:

    Virtual Machine Name: TC-AZ-DC01
    SIZE: A0 (shared core, 768 MB Memory)
    NEW USER Name: Administrator_<XXX>

  3. On the Create A Virtual Machine Page Configure with the following options:

    Cloud Service: Create a new cloud service
    Cloud Service DNS Name: TC-AZ-DC01
    Subscription: Pay-As-You-Go <This will Vary>
    Availability Set: (None)

  4. On Create A Virtual Machine Page, click the check mark to continue

  5. Now be Patient as it will take a few minutes for provisioning to complete.

  6. Once Provisioning is complete open an Administrative
    Windows Azure PowerShell and type the <Note we are already connected to our Azure Instanace>

    This is a quick way to check the VM and make sure it is fully provisioned for us:


  7. Now because this is going to be a Replica Domain Controller we should configure this with a Static IP.

    Note: With the current release of Azure it is now possible to configure a Static IP (DHCP Reservation) and have it retained
    even if the VM is shut down and de-provisioned.




  8. In think we will use as a Static IP for this Azure Replica DC









  9. Let’s go check out our VM and see if it indeed has a new Static IP Configured. From the Azure Management Portal,
    Select Virtual Networks, Click on TC-AZ-PROD, Click on DashBoard

  10. Logon as an administrator to TC-AZ-DC01 and validate the IP Address before continuing

  11. Validate that we can ping our other On-Premise Domain Controllers

    Note: Our On-Premise Network is

  12. To run the Active Directory Installation Wizard (Dcpromo) open Server Manager and Add Active Directory Domain Services

    Note: Just Click next all the way through the role installation

  13. Open Server Manager, Click on AD DS, Click on More

  14. In All Server Tasks Details click Promote this server to a Domain Controller

  15. On the Deployment Configuration screen, Select Add a domain controller to
    an existing domain,
    type the Domain Name into domain: and ensure
    you use an account with Domain Admin privileges.

  16. On the Domain Controller Options configure with the following options:

    Domain Name (DNS) Server: Selected
    Global Catalog (GC): Selected
    Read on domain controller (RODC): Not Selected
    Site Name: An Internal AD Site… We will change later
    DSRM Password: <Standard Password>

  17. On the rest of the Install Screen’s simply click Next and then start the
    Domain Controller Promotion process.

  18. A sample of this deployment script is listed below:


    # Windows PowerShell script for AD DS Deployment




    Install-ADDSDomainController `

    -NoGlobalCatalog:$false `

    -CreateDnsDelegation:$false `

    -Credential (Get-Credential) `

    -CriticalReplicationOnly:$false `

    “C:\Windows\NTDS” `

    “<YOURDOMAIN>.com” `

    -InstallDns:$true `

    “C:\Windows\NTDS” `

    -NoRebootOnCompletion:$false `

    “TCCALCorp” `

    “C:\Windows\SYSVOL” `



  19. Depending on the size of your Active Directory Partitions it may take some time to

  20. To validate the installation open c:\windows\debug\dcpromo.log it may take some time for
    the initial replication to occur. Ensure that this logfile shows that the process has been

    After being patient for a while it finally completed about 20 minutes later…

    We knew it was completed when the dcpromo.log file showed us DSRoleSetOperationDone

  21. Validate that replication is working by logging into TC-AZ-DC01 and running the following from an
    Administrative Command Prompt:

    repadmin /kcc
    repadmin /syncall /e

    repadmin /syncall /e /P

    Ensure there are no errors before continuing…

  22. Now let’s fix our Active Directory Sites… We need to create an Azure Cloud site and assign the
    subnet to it.

    Create a New Site Called TC-AzureCloud

    Create a new Subnet and assign to TC-AzureCloud site

  23. Validate Replication by running the following command from an Administrative
    Command Prompt:

    repadmin /kcc
    repadmin /e
    repadmin /e /P

    Verify that there are no errors and now we should have a fully functional
    Replication Domain Controller in Windows Azure.

  24. Our final step will be updating our DNS Servers in the Virtual Network
    to have as the primary DNS Server for the Azure VM’s

  25. Now logon to TC-AZ-DC01 and ensure the DNS Server settings have
    been updated by running ipconfig /all