AZ-140 ep02 | Configure Active Directory | Azure AD DNS
Summary
TLDRIn episode 2 of the AZ-140 study guide, Dean Sefola delves into planning and configuring name resolution for Active Directory and Azure Active Directory Domain Services. He explains the role of DNS in translating names into IP addresses, crucial for domain-joined systems in Azure. Dean guides viewers on setting custom DNS for virtual networks in Azure and highlights the importance of conditional forwarders for resolving non-internet registered DNS suffixes. The episode also covers integrating on-premises DNS with Azure through VPN or Express Route and setting up internet domain name resolution for remote clients, ensuring seamless access to Azure services.
Takeaways
- 😀 Name resolution is crucial for Active Directory and Azure Active Directory Domain Services, as it translates names into IP addresses for easier access.
- 🔍 DNS (Domain Name System) is the backbone of name resolution, allowing users to access websites and services using names instead of IP addresses.
- 📍 Computers understand IP addresses, but DNS makes it easier for users to remember and access resources by translating names into IP addresses and vice versa.
- 🤝 Domain-joined Windows clients register their IP addresses with the domain controller using secure dynamic DNS, maintaining a trust relationship within the domain.
- 🌐 In Azure, the default DNS server for VMs is provided by DHCP scope, but for WBD (Windows-based Desktop), custom DNS is required for domain-joined systems.
- 🔗 Configuring custom DNS in Azure involves setting specific IP addresses that the Azure DHCP scope will push to all hosts in the virtual network.
- 🌁 For on-premises DNS servers, connectivity to Azure, such as through VPN or Express Route, is necessary to enable name resolution from Azure to on-premises.
- 💻 Having a domain controller in the cloud is a best practice for minimizing latency in name resolution and authentication processes.
- 🔄 Conditional forwarders in DNS are used when a DNS server cannot resolve certain domain suffixes, directing the request to another server that can complete the resolution.
- 🔑 Azure Active Directory Domain Services (Azure ADDS) simplifies DNS configuration by providing a 'Configure DNS' button to automatically set up custom DNS for the virtual network.
- 🌐 Internet domain name resolution is achieved by registering a domain name and configuring DNS records to ensure that external clients can access the service.
Q & A
What is the primary function of DNS in the context of the video?
-DNS, or Domain Name System, is responsible for translating domain names into IP addresses and vice versa, making it easier for users to access websites and services like Windows Virtual Desktop (WVD).
Why is DNS important for Active Directory Domain Services in Azure?
-DNS is crucial for Active Directory Domain Services in Azure because it allows domain-joined WVD session hosts to register their IP addresses with the domain controller and maintain the trust relationship necessary for name resolution.
What does the default DNS server address provided by Azure to VMs represent?
-The default DNS server address provided by Azure (168.6.x.x) is derived from the DHCP scope that assigns IP addresses to VMs, and it represents Azure's own DNS service.
What is the purpose of setting custom DNS in Azure Virtual Networks?
-Setting custom DNS in Azure Virtual Networks allows the network to direct DNS queries to specific IP addresses, which is necessary for domain-joined systems to communicate with on-premises DNS servers or Azure Active Directory Domain Services.
How can on-premises DNS servers be integrated with Azure for name resolution?
-On-premises DNS servers can be integrated with Azure by establishing connectivity through VPN or Express Route and then configuring the custom DNS settings in Azure Virtual Networks with the IP addresses of the on-premises DNS servers.
What is a conditional forwarder in the context of DNS?
-A conditional forwarder is a DNS configuration that allows a DNS server to pass unresolved domain name queries to another server, which is useful for resolving domains that the local DNS server does not know about, such as internal Azure suffixes.
How does Azure Active Directory Domain Services simplify DNS configuration for Azure AD?
-Azure Active Directory Domain Services provides a 'Configure DNS' button that automates the DNS configuration for the virtual network it resides on, setting custom DNS to point at the Azure AD domain controllers, simplifying the setup process.
What is the role of the _msradc record in the WVD client?
-The _msradc record is a DNS text record that, when configured, allows the WVD client to discover the feed URL for accessing WVD resources, simplifying the client setup process for users.
Why is it a best practice to have a domain controller in the cloud for WVD?
-Having a domain controller in the cloud is a best practice for WVD because it minimizes latency and improves name resolution performance for authentications, enhancing the overall user experience.
How can users access WVD resources when they are not in the same network as the domain controller?
-Users can access WVD resources by resolving the _msradc DNS record, which points to the feed discovery URL, allowing them to connect to WVD even when they are outside the network where the domain controller is located.
What steps are involved in setting up internet domain name resolution for WVD?
-Setting up internet domain name resolution for WVD involves registering a custom domain name with an internet registrar, adding the domain to Azure Active Directory, and configuring DNS records at the registrar to ensure proper resolution to Azure services.
Outlines
🌐 DNS Configuration for Active Directory and Azure AD Domain Services
In this segment, Dean Sefola introduces the concept of name resolution in the context of Windows Virtual Desktop (WVD) architecture planning. He explains the role of Domain Name System (DNS) in translating human-readable names into IP addresses and vice versa, which is crucial for domain-joined systems in Azure. Dean discusses the importance of configuring DNS for Active Directory and Azure Active Directory Domain Services (Azure ADDS), emphasizing the need for custom DNS settings to enable domain join for WVD session hosts. He also covers how to set DNS in the Azure portal for virtual networks and the process of configuring conditional forwarders on a DNS server to handle requests that the local DNS server cannot resolve, which is particularly useful for WVD environments.
🔍 Enhancing Name Resolution for WVD with Conditional Forwarders and Public DNS
Dean continues the discussion on name resolution, focusing on the use of conditional forwarders to direct DNS requests to Azure's DHCP scope when the local DNS server is unable to resolve certain domain suffixes used internally by Azure. He demonstrates how to add a conditional forwarder for 'reddog.microsoft.com' and explains its application in WVD for secure access to resources like FSLogix and Azure Files. Dean also addresses the challenge of clients accessing WVD from the internet, describing the process of registering a custom domain name with Azure Active Directory and using DNS to simplify client access to the WVD environment. He illustrates how to create a TXT record for the '_msradc' service in both Azure Public DNS and an on-premises DNS server to enable seamless client discovery of WVD resources.
Mindmap
Keywords
💡WVD
💡DNS
💡Active Directory
💡Azure Active Directory Domain Services
💡Domain Join
💡Fully Qualified Domain Name (FQDN)
💡Virtual Network
💡Conditional Forwarder
💡FSLogix
💡Custom Domain Name
💡DNS Propagation
Highlights
Introduction to planning and configuring name resolution for Active Directory and Azure Active Directory Domain Services.
Explanation of DNS (Domain Name System) and its role in translating names into IP addresses.
Importance of DNS in using Windows Virtual Desktop (WVD) and various DNS types in Azure.
All WVD session hosts need to be domain joined, which requires custom DNS configurations.
The primary DNS suffix is set during the domain join process to maintain trust relationships and fully qualified domain names.
Demonstration of configuring DNS servers in Azure for virtual networks to ensure domain join and secure dynamic DNS registration.
How to use Azure's default DNS server and custom DNS settings in virtual networks.
Explanation of conditional forwarders in DNS to resolve domains not registered on the internet, such as internal Azure domains.
Recommendation to have a domain controller in the cloud to minimize latency for lookups and authentication.
Use of VPN or ExpressRoute to connect on-premises DNS servers with Azure for seamless name resolution.
Steps to configure Azure Active Directory Domain Services (AAD DS) with custom DNS settings for domain controllers.
Details on setting up a private DNS zone in Azure to improve security and control over domain resolution for WVD and other services.
Example of adding conditional forwarders to handle internal Azure suffixes like 'reddog.microsoft.com'.
Process for setting up DNS to enable external clients, such as users on an iPhone, to access WVD instances via internet domain name resolution.
Instructions for adding text records to both public and private DNS zones for service discovery and better client access to WVD.
Transcripts
thanks for clicking and joining us for
episode 2 in the az140 study guide and
we're continuing to plan our wbd
architecture and today we're going to
get into
planning and configuring name resolution
for active directory
and azure active directory domain
services
[Applause]
i'm dean sefola and this is the azure
academy name resolution is where we get
it into
the dns this is the domain name system
so what is that well computers
understand ip addresses
like 20.42.6.197
but it's easier for people to remember
names
so you get bonus points if you comment
down below with the name that that ip
address i just gave you resolves to
so it's dns's job to translate names
into ips and back into names
so that computers and the rest of us can
get along dns is what allows you to use
your web browser to find
websites as well as use windows virtual
desktop and there are multiple kinds of
dns in azure now as of today when i'm
recording this video
all of your wvd session hosts need to be
domain
joined and dns is one of the most
important things that an active
directory domain does
and like everything else in a domain
it's built on trust
so a domain joined windows client will
register
its ip address with the domain
controller by using
secure dynamic dns now the domain join
process
will set the primary dns suffix of the
client
and creates and maintains that trust
relationship
and that's what gives you the fully
qualified domain name of something like
wvd wvdhost1.msazureacademy.com
the first part is the name of your
session host the second part is your
domains
dns suffix over here in the azure portal
i've got multiple
virtual networks as you can see so let's
click on one of them
and notice right up here that we have
the dns
server for this particular virtual
network which you can also see
over there on the left and we can see up
top that the dns server is currently set
as the
default of azure so what is that well
this is from the dhcp
scope that gives the vms their ip
addresses
so the default dns server that every vm
in azure gets is going to be 168.6
so this is azure's dns now as of today
you can't use this in relation to wbd
because we need our systems to be domain
joined which is going to require
custom dns and by putting these ip
addresses here that tells the azure dhcp
scope
to push these dns server ip addresses
to all of the hosts in this virtual
network so if you're using an active
directory domain controller that's
in azure you can just set these ip
addresses
in your dns and the azure side is done
there's still some things to do on our
dns server which we'll get into in a
minute
but what if your dns server happens to
be on premise so how do we bridge that
gap well
you need some kind of connectivity
either a vpn
or an express route to connect your
on-prem network
with azure and we'll get into that in
detail in a future episode but
all you have to do is just enter the ip
address here
as long as my vpn tunnel and all of the
azure routing
and gateways are all working properly
again more on that in a future episode
you'll be able to get name resolution
from your wvd session host in azure
to the network which knows now to
communicate back over to on premise
talk to your dns server and complete
name resolution
now if that sounds like going really far
down the path
instead of having a dns server in the
cloud you are exactly right and it is a
best practice to have a domain
controller in the cloud from the
perspective
of keeping your lookups name resolution
and latency for all your authentications
as short as possible but what about
azure active directory domain services
now here i have an instance of azure
active directory domain services that
i've created
and if we scroll down the page here
you'll see right over there is a
configure dns
button so this is the easy way to do it
when you have azure adds
and when you click that button it's
going to configure the virtual network
that your azure ad domain services
lives on to do exactly what we saw in
the last screen
which is configure azure with custom dns
which will point at your two
azure ad domain services domain
controllers
so i've logged on to my domain
controller and i've got my dns
server manager open i've got forward
lookup zones reverse zones and then i've
got some conditional forwarders
and that's what i want to talk about
here so what is a conditional forwarder
well it's when your dns
server doesn't know how to resolve
something for example
reddog.microsoft.com now this is one of
the dns suffixes along with the others
that are listed
there that are used by azure internally
and are not
internet registered so your dns server
won't know how to resolve those by
default so we have to
tell it so when you add a conditional
forwarder you're asking your dns server
to pass that request
onto another server so if i click on
redog.microsoft.com you can see
we've got that same azure dhcp address
here
so when your local server doesn't know
what to do you would forward that
request
onto the azure dhcp scope over your vpn
or your express route
and then azure would finish that
resolution and give you the response
now this comes in pretty handy in wvd
because notice i have
private link link.core.windows.net
and i use this in my fslogix azure files
storage configuration
to add extra security to that storage
that only my wvd systems can get to my
user profiles
and we'll cover more on that in a future
episode on fs logics and
storage one last thing for today and
that is how we can
actively use name resolution so of
course your vms are joined to your
domain
and they're going to talk to one of your
domain controllers to do all of their
lookups and name resolution but what
about your clients
let's say that you've got a user who's
sitting in an internet cafe
and you allow them to use wvd how do
they find
your instance and how do they get on
their client to see what they even have
access to well this is handled in two
ways
first is internet domain name resolution
which you do when you establish your
domain like
ms azureacademy.com i had to go to an
internet registrar
and buy that domain name and then i
could come over here to azure active
directory
and over on the left at the bottom we've
got custom domain
name and i had to add a custom domain
name and register
my azure active directory tenant to be
ms azureacademy.com
and you do that by adding the
appropriate records into your dns
registrar so that everything resolves
from out in the world
down to you but now what about those
clients i mentioned so here i've got my
iphone opened and i'll open my wvd app
and i've got nothing registered so i
want to add a new
user so i'll click to add and i'll type
in my user's email address but i can't
find anything
now you could resolve this just by
telling them to remember the
long url for the feed discovery but
that's a pain
let's solve this with dns so here i have
an azure public dns
zone and this is what i use for my
internet name resolution we need to go
and add a new record
and your name for that record should be
underscore msradc
the type of record should be a text
record and i'll leave my time to live
at one hour and now we need our value
for this record it's
where that text record resolves to and
you can grab that link directly from the
docs and i'll just post it here for our
feed discovery
and there you go our new record has been
added so all you have to wait for
is dns propagation which could take
anywhere from a couple minutes to a
couple
hours let's do this again in our private
dns on our domain controller so back in
my server manager i'll go and create a
new text record
so right click on your domains forward
lookup zone
go down to other new records and then
scroll down until you find your text
record and hit
create record and it's the same name as
before underscore msradc
and then the text value is the feed
discovery url
and then hit ok and we go back to my ios
client and then type in the user's email
address again
and now through the power of dns we can
complete that lookup
find all of the things that we have
access to and get back to work
so if this has been helpful for you go
ahead and hit the like button subscribe
if you haven't done that already
and click that notification bell because
the videos in this study guide are just
going to come out as
fast as i can do them so you want to be
sure that you're notified when that
happens
and be sure to click through to the next
video by clicking on our playlist right
over there
or you can check out the latest video at
the azure academy up top thanks for
joining us today and we'll see you in
the next episode
happy learning
関連動画をさらに表示
DNS - Domain Name System in Computer Networks
Setting up Active Directory in Windows Server 2019 (Step By Step Guide)
How a DNS Server (Domain Name System) works.
4- شرح DNS وطريقة جمع معلومات عن ال Domain | دورة اختبار اختراق تطبيقات الويب
SMT 2-3 Well known Network Services
DNS Configuration - CompTIA A+ 220-1101 - 2.6
5.0 / 5 (0 votes)