2

We are using Windows Azure and instead of having an on-premises domain controller they want to have the VM in the cloud act as the Active Directory DC. I am using Windows Server 2012 R2 Datacenter with Server Essentials.

The Azure VM is launched in its own Virtual Network so that I have address space for the VPN. Now am I able to join desktops using Azure connect and have those desktops with roaming profiles? The idea is to have the users' desktop and the DC in the cloud. If I use Essentials connect can I accomplish this?

edit: Just want to use Windows Azure the same as I would use an on premises Server 2012 with Essentials role installed with roaming profiles. This means that we need Essentials Connector or VPN or Direct Connect to join work stations remotely with the DC.

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
user3095668
  • 29
  • 2
  • 1
    Just to be clear... you *are* going to have more than one domain controller soon, right? – Wesley Dec 12 '13 at 17:35
  • Nope they want that shit in the cloud, and they prefer not to use site to site VPN. I recommended getting a DD-WRT compatible router and using it for Site to Site VPN at each location then we could just access the server and resources directly. If the DC is redundant in the cloud would there be a benefit to more than one? Sorry for these noobish questions. – user3095668 Dec 15 '13 at 01:54
  • 2
    What does using a cloud service have to do with having more than one DC? – MDMarra Dec 15 '13 at 02:18
  • Where is Essentials coming into play here? You say you have Datacenter edition, right? Where does roaming profiles come into play? Where is the file server for the profiles? Are you doing VDI in Azure for your desktops or are your desktops on-prem? This is a terribly confusing question. – MDMarra Dec 15 '13 at 02:24
  • Not sure, am a noob. Its not worth it to pay for the extra VM and they are apprehensive about having on premises servers. I know its not ideal or even the best way to go about it but its not a battle worth fighting. – user3095668 Dec 15 '13 at 03:00
  • In Azure they have Server 2012 Datacenter and Essentials is a role. They have it with the Essentials Role pre-installed. The roaming profiles is just pointing it to a server share so that users have the same desktop with them. The file server is the same as the DC No VDI this is Azure everything is Session Based no Virtual – user3095668 Dec 15 '13 at 03:05
  • This....is a terrible idea. Really, consider hiring someone on a contract with experience in these things. – MDMarra Dec 15 '13 at 03:23

1 Answers1

2

Its not worth it to pay for the extra VM is a very very scary sentence to say when talking about running a single DC. It's just asking for trouble. 2 DCs per domain at a minimum should be what you're looking for. Those servers shouldn't run any other roles. If you need a file server for roaming profiles, spin up a third instance. Hosting roaming profiles in Azure will likely be abominably slow though.

I strongly urge you to consider hiring a consultant that deals in AD design to help you with this.

MDMarra
  • 100,183
  • 32
  • 195
  • 326