4: Azure Virtual Machines setup

In this objective, you will learn about how to build and configure the required Azure resources in your own environment. Make sure you use your own Azure subscription, tenant, and resource groups when completing the tasks. The goal of this lab is to gain hands-on experience with setting up Azure infrastructure in a secure and structured, where the goal is to maximize the learning experience.
Tags:

  8 minute read  

Difficulty: Easy to Medium

Introduction

In this lab, we will build our first real Infrastructure as a Service environment in terms of a Virtual Machine in Azure. The goal is to create a small but useful server environment for Justin Verstijnen Inc. using Azure Virtual Machines, a Virtual Network, Active Directory Domain Services and an application server.

This lab is not necessarily a complete step-by-step guide for every button in the Azure Portal. The main goal is to achieve the required end-state, understand what you are building and become more comfortable with Azure IaaS resources. The Azure Portal is updated regularly, so some buttons or menu names may be slightly different when you perform this lab.

In the previous lab, we prepared the Azure environment and created our first resource group. In this lab, we will now start using the resource group for actual infrastructure.

Requirements

  • Around 60 to 120 minutes of your time
  • Access to an Azure subscription
  • Basic knowledge of the Azure Portal
  • Basic knowledge of Windows Server
  • A domain name to use for the Active Directory domain
  • Remote Desktop access to the created virtual machines

Minimizing Azure costs

This lab uses virtual machines, which means the lab will cost more than only creating a resource group. As already mentioned in the introduction lab, you should remove resources when you are done testing.

To minimize costs during this lab, use the following guidelines:

  • Shutdown unused VMs
    • VMs are the most expensive when running
    • When VMs are stopped, you still pay for disks and some attached resources
  • Do not choose oversized virtual machines
  • Use one lab resource group, so everything can be removed quickly
  • Remove public IP addresses when you do not need them anymore
  • Check the Cost analysis page in your Azure subscription

My best recommendation is to complete the lab, take screenshots or notes of your configuration, test if everything works and remove the resource group afterwards.

Lab objective

Justin Verstijnen Inc. wants to deploy a secure and manageable network in Azure. The company needs a domain controller to manage Active Directory and DNS, and a separate application server to host business applications.

Both servers must be located in the same virtual network, joined to the same Active Directory domain and configured with the required roles.

Company domain

Use the following Active Directory domain for this lab:

justinverstijnen.nl

Resource group

All resources can be created in one resource group.

Resource group namePurpose
JV-LABAll resources for this Azure IaaS lab

Servers

Server nameIP addressDescription
JV-DC-SRV0110.0.0.100Domain controller, DNS server
JV-APP-SRV0110.0.0.101Application server, IIS

Network

The network should remain as simple as possible, using a single virtual network and a single subnet.

Network nameNetwork
JV-VNET0110.0.0.0/16

Recommended subnet:

Subnet nameNetwork
default10.0.0.0/24

2.1 Creating the resource group

Start by creating the resource group for this lab.

  • Open the Azure Portal
  • Find and open “Resource groups”
  • Create a new Resource Group
  • Use the name JV-LAB
  • Place it in the region “West Europe”
  • Finish the wizard

You can also create the resource group with Azure Cloud Shell.

Bash
az group create -l westeurope -n JV-LAB

This creates the resource group named JV-LAB in the West Europe region.

2.2 Creating the virtual network

Now create the virtual network where the servers will be connected.

  • Find and open “Virtual networks”
  • Create a new Virtual Network
  • Place it in the JV-LAB resource group
  • Use the name JV-VNET01
  • Use the address space 10.0.0.0/16
  • Create a subnet named default
  • Use the subnet range 10.0.0.0/24
  • Finish the wizard

You can also create the virtual network with Azure Cloud Shell.

Bash
az network vnet create \
  --resource-group JV-LAB \
  --name JV-VNET01 \
  --address-prefix 10.0.0.0/16 \
  --subnet-name default \
  --subnet-prefix 10.0.0.0/24

After creating the virtual network, review the subnet and check if the address ranges are correct.

2.3 Creating dedicated Network Security Groups

Each server must have its own dedicated Network Security Group. This makes it easier to understand which security rules apply to which server.

Create the following Network Security Groups:

NSG namePurpose
JV-NSG-DC-SRV01Network Security Group for the domain controller
JV-NSG-APP-SRV01Network Security Group for the application server

Recommended inbound rules for this lab:

RulePurposeRecommendation
RDPRemote managementOnly allow from your own public IP address
ICMPTesting ping between serversOnly allow inside the virtual network
HTTPTesting IIS on the application serverOnly allow where needed

Be careful with opening RDP to the internet. For a real production environment, you should use a more secure management solution, like Azure Bastion, VPN or Just-in-time VM access.

2.4 Creating the domain controller VM

Create the first virtual machine. This server will become the domain controller and DNS server.

Use the following values:

SettingValue
Resource groupJV-LAB
Virtual machine nameJV-DC-SRV01
RegionWest Europe
ImageWindows Server 2022
Virtual networkJV-VNET01
Subnetdefault
Private IP address10.0.0.100
Network Security GroupJV-NSG-DC-SRV01

After creating the VM, open the Network Interface of the VM and make sure the private IP address is static.

The domain controller should always keep the same IP address, because DNS and domain services depend on it.

2.5 Installing Active Directory Domain Services

Log in to JV-DC-SRV01 using Remote Desktop.

Open PowerShell as Administrator and install the Active Directory Domain Services role.

PowerShell
Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

After the role is installed, promote the server to a domain controller and create a new forest.

PowerShell
Install-ADDSForest `
  -DomainName "justinverstijnen.nl" `
  -DomainNetbiosName "JV" `
  -InstallDns:$true

You will be asked to enter a Directory Services Restore Mode password. After the configuration is completed, the server will reboot.

After the reboot, log in with the domain administrator account.

2.6 Configuring DNS for the virtual network

The application server must use the domain controller as DNS server. Otherwise, it will not be able to find the Active Directory domain.

  • Open JV-VNET01
  • Go to “DNS servers”
  • Select “Custom”
  • Add 10.0.0.100
  • Save the configuration

After changing the DNS server of the virtual network, restart the VMs or renew the network configuration inside the VMs.

You can also configure the DNS server with Azure Cloud Shell.

Bash
az network vnet update \
  --resource-group JV-LAB \
  --name JV-VNET01 \
  --dns-servers 10.0.0.100

2.7 Creating the application server VM

Create the second virtual machine. This server will become the application server.

Use the following values:

SettingValue
Resource groupJV-LAB
Virtual machine nameJV-APP-SRV01
RegionWest Europe
ImageWindows Server 2022
Virtual networkJV-VNET01
Subnetdefault
Private IP address10.0.0.101
Network Security GroupJV-NSG-APP-SRV01

After creating the VM, open the Network Interface of the VM and make sure the private IP address is static.

2.8 Joining the application server to the domain

Log in to JV-APP-SRV01 using Remote Desktop.

Before joining the domain, check if the server can resolve the domain name.

PowerShell
Resolve-DnsName justinverstijnen.nl

Also test if the domain controller can be reached.

PowerShell
Test-Connection 10.0.0.100

If DNS and network connectivity work, join the server to the domain.

PowerShell
Add-Computer -DomainName "justinverstijnen.nl" -Restart

After the reboot, log in using a domain account.

2.9 Installing IIS on the application server

The application server must host a basic web service. We will use IIS for this lab.

Open PowerShell as Administrator on JV-APP-SRV01 and run the following command:

PowerShell
Install-WindowsFeature Web-Server -IncludeManagementTools

After the installation, test the IIS default website locally.

PowerShell
Invoke-WebRequest http://localhost

You can also browse to the private IP address of the application server from the domain controller.

PowerShell
Invoke-WebRequest http://10.0.0.101

2.10 Testing the lab objective

Now validate if the environment meets the requirements.

Check the following items:

  • JV-DC-SRV01 exists and has private IP address 10.0.0.100
  • JV-APP-SRV01 exists and has private IP address 10.0.0.101
  • Both servers run Windows Server 2022
  • Both servers are connected to JV-VNET01
  • Both servers can ping each other
  • JV-DC-SRV01 is a domain controller for justinverstijnen.nl
  • JV-APP-SRV01 is joined to justinverstijnen.nl
  • IIS is installed on JV-APP-SRV01
  • Both servers have their own dedicated Network Security Group

Useful validation commands:

PowerShell
whoami
hostname
ipconfig /all
Test-Connection 10.0.0.100
Test-Connection 10.0.0.101

Run this command on the domain controller to check if the application server is known in Active Directory.

PowerShell
Get-ADComputer -Filter * | Select-Object Name, Enabled

2.11 Cleaning up the lab

When you are done, remove the resource group to prevent unexpected costs.

  • Open “Resource groups”
  • Open JV-LAB
  • Review all resources in the resource group
  • Click “Delete resource group”
  • Type the resource group name
  • Confirm the deletion

You can also remove the resource group with Azure Cloud Shell.

Bash
az group delete -n JV-LAB

The lab is now done, let’s check your knowledge!

Knowledge check

Knowledge check
This quiz needs JavaScript to show the questions and feedback.

 

End of the page 🎉

You have reached the end of the page. You can navigate through other blog posts as well, share this post on X, LinkedIn and Reddit or return to the blog posts collection page. Thank you for visiting this post.

If you think something is wrong with this post or you want to know more, you can send me a message to one of my social profiles at: https://justinverstijnen.nl/about/

Go back to Blog homepage

If you find this page and blog very useful and you want to leave a donation, you can use the button below to buy me a beer. Hosting and maintaining a website takes a lot of time and money. Thank you in advance and cheers :)

Buy me a beer

The terms and conditions apply to this post.

Last modified June 24, 2026: Updated post titles (553e43d)