Windows Azure Connect – Joining local machine to a different domain using Azure Connect

Windows Azure Connect has changed the definition of connectivity between the machines. The power of Azure lies in release of Azure Connect.
Here we are going to follow the steps which you can use for making a machine joined to the domain. Many readers will feel that, what is a big deal in that?
Ahhh here is the catch…!!! Joining a local machine of your network to the domain of other network. Yes!!!!  You read it correctly.
Let me put an interesting scenario in front of you so that understanding will be easier.
Consider that, I have a local machine say in domain myDomain1.com. Let’s say that, the domain con07oller of myDomain1.com is present in India. Also my local machine is also present in the same network in India and eventually in myDomain1.com.




Let’s say I have another myDomain2.com. The associated domain con07oller is present in Aus07alia. And the network is different. Both networks and domain belong to two different companies. Hence no connectivity between them.
What we want to achieve? We want to connect local machine of myDomain1.com to myDomain2.com.
To change the domain, I will follow the conventional way first. I go to My Computer of my local machine – Right click – Properties. Click on “Change Settings” button against the computer name. Pop up named as “System Properties” appear. Click on button labeled as “Change”. “Pop up named as “Computer name/Domain changes” will appear. Under the panel “Member of” I see domain name as “myDomain1.com”. Instead of that I enter the new text as “myDomain2.com”. And BANG!!! We get an error stating “AD DC for the domain could not be contacted. Ensure that domain name is typed correctly”.


The error is obvious, it is not able to find myDomain2.com domain. I do another workaround. I first took the local machine out of myDomain1.com by making it join to work group say “MyWorkGroup”. Then after restarting again I 07y to join it to the myDomain2.com and same error displayed.
So now what we do? Here comes the Windows Azure Connect for rescue.
Login with your windows Azure subscription to Azure Portal. Click on link “Get Activation Token” on the ribbon. Pop up will appear with activation token. Copy it so notepad, we will use it for further use.

Login to local machine and Domain Con07oller of myDomain2.com and enable IPv6 on both machines. Azure connect establishes connectivity based on IPv6. Also open firewall settings on both machines and enable TCP 443 outbound port.
 Create a sample web role application using VS 2010. Go to properties of Web role application. Select “Virtual Network” tab on left hand side panel. Check the checkbox “Activate Windows Azure Connect” and paste your activation token in the textbox below.
Publish the web role to hosted service in Azure using VS 2010. Go to Azure portal and click on “Install Local Endpoint” button on the ribbon. A pop up will appear with connect agent installation link.

Copy and paste agent installation link in the browser of your local machine, domain con07oller of mydomain2.com and follow all the ins07uction to install connect agent on both machines. Windows Azure Connect Endpoint Software enables Windows Azure users to set up secure, IP-level network connectivity between their Windows Azure hosted services (web role in our case) and local (on-premises – local machine of myDomain1.com and DC of myDomain2.com) resources. After successful installation of Connect agent, both the machines will appear on Azure Portal under Activated Endpoints section.

Note - As here in this post we are not concerned about taking our web role Azure VM in domain; I will skip that part. If you want to take your azure roles in domain, I will explain the steps in next posts. Here just let’s concen07ate on local machine domain joining.
To make your azure web role, local machine and DC (of myDomain2.com in our case) communicate with each other, you need to create Azure machine group on Azure Management Portal. We will use this machine group to manage connectivity between local machine of myDomain1.com (which is now in Work Group) and Domain Con07oller of myDomain2.com.
To create machine group, select the “Create Groups” button on the ribbon of management portal. In the pop up dialog name the group, select the local machines to add to it (in our case DC of myDomain2.com and local machine), and add the web role. Make sure that, you check the “Interconnected” checkbox. This enable the machines present in the group to communicate with each other via Connect.

Here we have completed setting up Azure Connect !!!
Login to local machine, in run window type “regedit”. This opens the regis07y editor of local machine. Create a new s07ing value (REG_SZ) called DNSServers under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Azure Connect\Endpoint and set its value to FQDN (fully qualified domain name) of DC of mydomain2.com. In our case FQDN of DC will be DC.myDomain2.com.
Then open My Computer of local machine – Right click – Properties. Click on “Change Settings” button against the computer name. Pop up named as “System Properties” appear. Click on button labeled as “Change”. Pop up named as “Computer name/Domain changes” will appear. Enter domain name as myDomain2.com and click OK. If asked, enter domain adminis07ator username and password of myDomain2.com. Restart the machine and YOU ARE DONE!!!
This joins the local machine to domain which is present in the other network. Hope you find this article useful.
Cheers..

Please give food to all my fishes swimming at the bottom. It's fun!! Try it!!
Thanks for reading!!
Happy coding.


Comments

Post a Comment

Popular posts from this blog

The request has both SAS authentication scheme and 'Bearer' authorization scheme. Only one scheme should be used

Image
While doing testing after doing a POC on Securing Logic App with Azure Active Directory authentication , where I have put logic app behind APIM and before passing the request to logic app, apim does validation of the token.  I was encountered with an error "The request has both SAS authentication scheme and 'Bearer' authorization  scheme.  Only one scheme should be used." Why it happened After validating the token which is part of the header i.e. Authorization, APIM forwards the request as it is to backend. As  Logic app is configured as  back end , it's url already consist of SAS signature plus the request also has Authorization section and this is the problem. By default every request endpoint on a logic app has a Shared Access Signature (SAS) in the endpoint's URL, which follows this format: https://<request-endpoint-URI>sp=<permissions>sv...
Read more

Getting Started with Logic Apps - AS2

Image
What is AS2? Every enterprise requires some kind of product, service or counselling from another enterprises thus there happens a B2B(business to business) communications, some of the communication is unique whereas most of the communications are common for most of the enterprises e.g., Purchase Order. But every enterprise has there own way(format) of sending the messages, leading to difficult management when number of partners increased.  Considering this the Enterprise leaders decided to have some standards/rules defined across the communication leading to B2B protocol standards which provide guidelines for trading partners to follow when conducting business between enterprises. EDI X12, EDIFACT, TRADACOM etc. AS2 stands for Applicability Statement 2 and is a B2B messaging protocol used to transmit Electronic Data Interchange (EDI)/Business documents from one organization to another. So EDI standards define how to format data and AS2 specifies how to securely transport...
Read more

How to Debug and Trace request in Azure APIM - Portal, Postman, RequestBin

Image
Introduction  APIM is a great option to expose API's with out of box features for applying restrictions, preprocessing, postprocessing etc. You can leverage existing API's,  by importing it and it gets added as a new API with all the operations associated with it. And based on the requirements you  apply policies at the stage/level (Inbound,Backend/Outbound) and you are ready to use the API. Before it is shared, we do some testing to make sure everything is working as per the expectation and this is where Debugging and Tracing request becomes important. APIM does provide a way to Trace a call with the help of  Ocp-Apim-Trace http header. So whichever request/call is to be traced, it needs to include this in header  with the value set to true and it has dependency on another header, so that also needs to be passed i.e.  Ocp-Apim-Subscription-Key Note: The api on which Tracing is to applied , it requires the subscription key to be en...
Read more