Deploying an Exchange 2013 Hybrid Lab Environment in Windows Azure (Part 16)

If you would like to read the other parts in this article series please go to:

Introduction

In part 15 of this article series revolving around what the Windows Azure service is all about as well as how you deploy an Exchange hybrid deployment in Windows Azure, we deployed the AD FS servers required for the identity federation between the on-premises Active Directory forest and the Azure Active Directory (Office 365 tenant).

Let’s get going…

Connecting to the AD DS Server via Remote Desktop

We have reached the point where we are going to establish a remote desktop connection to the first virtual machine (AzureLabADFS1) we deployed in the previous part. To do so highlight the virtual machine and then click “Connect” in the action pane in the bottom of the Microsoft Azure Management Portal page as shown in Figure 1.

Figure 1: Clicking Connect in the action pane in the bottom of the Microsoft Azure Management Portal page

As you should know by now, a browser dialog box will appear asking whether you wish to “Open”, “Save” or “Cancel” the RDP. If you wish to store all the RDP config files in a local folder, click the little arrow to the right of the “Save” option.

Let’s verify we received an IP address and DNS has been configured accordingly. We can do so by opening Windows PowerShell and typing “IPCONFIG /ALL”. Note that the computer has been assigned an IP address of “10.0.0.6” and that the DNS server is “10.0.0.4”. As explained earlier on, this is because the first server started in the used virtual network will be assigned an address ending with “.4” as the first three addresses are used internally by Windows Azure. The reason why the DNS server is also set to “.4” is because we registered “10.0.0.4” as the DNS server in Windows Azure.

Figure 2: IPConfig /All output

Time to add the server to the “azurelab.dk” domain. Since the Server Manager should already be open, let us click on “WORKGROUP” > “Change” and specify the domain (azurelab.dk) to which the servers is to be added and then restart the virtual server.

Figure 3: Adding virtual server to the domain

After the virtual server has restarted, we can now login using the administrator account for the “azurelab.dk” domain.

Figure 4: Providing the virtual machine credentials

Ok time to install the AD FS prerequisites and establish the AD FS farm. To do so, remote the first AD FS server and in the “Server Manager”, click “Add Roles and Features” as shown in Figure 5.

Figure 5: Selecting ”Add Roles and Features” in the Server Manager

On the “Before you begin” page, click “Next”.

Figure 6: Add Roles and Features wizard – Before you begin page

On the “Select installation type” page leave the defaults and click “Next”.

Figure 7: Add Roles and Features wizard – Select installation type

On the “Select destination server” page leave the defaults and click “Next”.

Figure 8: Add Roles and Features wizard – Select destination server

Tick “Active Directory Federation Services” and click “Next”.

Figure 9: Add Roles and Features wizard – Select server roles

On the “Select features” page leave the defaults and click “Next”.

Figure 10: Add Roles and Features wizard – Select features

On the “Active Directory Federation Services” click “Next”.

Figure 11: Add Roles and Features wizard – AD FS

Click “Install” to install the necessary AD FS components.

Figure 12: Add Roles and Features wizard – Confirm installation selections

When the AD FS components have been properly installed, click “Finish”.

Figure 13: Installation progress

Back in the “Server Manager”, you will now see a yellow exclamation mark in the top right corner. Click on the flag and choose “Configure the federation service on this server”.

Figure 14: Configure the federation service on this server

On the AD FS wizard “Welcome” page, select “Create the first federation server in a federation server farm” and click “Next”.

Figure 15: AD FS Configuration Wizard – Welcome page

Make sure the account you are logged on with has domain admin permissions to the Active Directory and then click “Next” otherwise specify an account with the necessary permissions.

Figure 16: Connect to Active Directory Domain Services

On the “Specify Service Properties” page, import the SSL certificate to be used (I use the wildcard certificate also used for Exchange 2013 purposes), then specify the federation service name (in my case “fs.azurelab.dk”). Finally enter a friendly name for the federation service and click “Next”.

Figure 17: Specify Service Properties

On the “Specify Service Account” page, create a managed accounts or enter the account details for a traditional service account created in Active Directory.

Click “Next”.

Figure 18: Specify Service Account

If you are new to managed accounts, then you can enable the feature using the following PowerShell command:

Add-KdsRootKey –EffectiveTime (Get-Date).AddHours(-10)

Figure 19: Enabling KdsRootKey

On the “Specify Configuration Database” page, select “Create a database on this server using Windows Internal Database” and click “Next”.

Figure 20: Specify Configuration Database

On the “Pre-requisite Checks” page, click “Configure”.

Figure 21: Pre-requisite Checks

When configuration tasks has completed, click “Close”.

Figure 22: Results

Now switch to the second AD FS server and repeat the above steps until you reach the following page in the AD FS configuration wizard. Since we have already configured the federation server farm, we of course wish to add the second AD FS server to the existing AD FS farm.

Select “Add a federation server to a federation server farm” and click “Next”.

Figure 23: Welcome page

On the “Connect to Active Directory Domain Services” page, click “Next”.

Figure 24: Connect to Active Directory Domain Services

On the “Specify Farm” page, enter the name of the primary federation server and click “Next”.

Figure 25: Specifying name of the primary federation server

Import the SSL certificate and click “Next”.

Figure 26: Importing the SSL Certificate

Specify the federation service service account and click “Next”.

Figure 27: Specifying the federation service service account

Review options and click “Next”.

Figure 28: Reviewing options page

Make sure all pre-requisite checks has completed successfully and then click “Configure”.

Figure 29: Pre-requisite checks page

When the second federation server has been configured properly, click close to exit the “Active Directory Federation Services Configuration Wizard”.

Figure 30: Results page

This concludes part 16 of this multi-part article in which I provide you with an explanation of what Windows Azure is and how you configure an Exchange 2013 hybrid lab environment in Windows Azure.

If you would like to read the other parts in this article series please go to: