$aayush-acharya
Project 03 · Cloud Infrastructure
Virtual Active Directory & Site-to-Site VPN on Azure
Microsoft Azure · Windows Server 2022 · Active Directory · Domain Controllers · GPO · Azure VPN Gateway · Entra ID
Microsoft AzureWindows Server 2022Active DirectoryGPOAzure VPN GatewayEntra IDHybrid Cloud
← Back to all projects
30 Second Summary

Demonstrates the ability to deploy and manage cloud infrastructure on Microsoft Azure — virtualised Active Directory and a site-to-site VPN, which are foundational components of any hybrid enterprise environment. This separates a pure L1 technician from someone capable of junior sysadmin or cloud support work.

Step-by-Step Breakdown
1
Set Up Azure Resource Group and Virtual Network
  • Created a Resource Group to contain all project resources
  • Deployed a VNet with address space 192.168.0.0/16
  • Subnets: VMs /24, AzureBastionSubnet /26, database /24, GatewaySubnet /24
  • NSG rules: RDP allowed from specific IP only, all other inbound blocked
  • Custom DNS servers pointing to DC private IP
2
Deploy Windows Server 2022 VMs
  • Deployed DC01, FP01, TS01, and client01 VMs (Standard_D2s_v3)
  • Assigned static private IPs — DCs must not use DHCP
  • Accessed securely via Azure Bastion — no public IP exposure
  • Patched all servers before domain promotion
3
Promote to Domain Controller — AD Setup
  • Installed AD DS role on DC01, created new forest: aayushlab.local
  • Promoted FP01 as additional DC for redundancy
  • Configured DNS on both DCs — all VMs point to primary DC private IP
  • Verified AD replication: repadmin /showrepl
4
Build OU Structure and Configure GPOs
  • OU hierarchy: Departments → IT, Finance, HR, Management
  • Password Policy GPO: 12-char minimum, complexity, 90-day expiry
  • Desktop Lockdown GPO: removed Control Panel, restricted USB
  • Drive Mapping GPO: auto-mapped network drives by department
  • Security GPO: disabled SMBv1, enabled logon event auditing
  • Verified: gpupdate /force and gpresult /r
5
Deploy Azure VPN Gateway and Entra Connect
  • Created Azure VPN Gateway in the GatewaySubnet (Route-based, IKEv2)
  • Created Local Network Gateway for on-premises side, connected with pre-shared key
  • Installed Microsoft Entra Connect Sync on a member server
  • Selected Password Hash Synchronisation, configured OU scope
  • Verified users appear in Entra ID with "synced from on-premises" badge
  • Tested hybrid sign-in: on-prem AD user signing into M365 with same credentials
Proof of Work

Click any image to expand.

Azure — Create Virtual Network

Azure — Create Virtual Network

Azure VNet — IP Address Space & Subnets

Azure VNet — IP Address Space & Subnets

Azure — Domain Controller VM (DC01) Deploying

Azure — Domain Controller VM (DC01) Deploying

Azure VMs — DC01, FP01, client01 + Bastion Access

Azure VMs — DC01, FP01, client01 + Bastion Access

Microsoft Entra Connect Sync — Installation

Microsoft Entra Connect Sync — Installation
Skills Demonstrated
Microsoft AzureAzure VMsAzure VNetNSG RulesActive DirectoryDomain ControllersWindows Server 2022GPOAzure VPN GatewayEntra ConnectHybrid IdentityAzure Bastion
Certifications

Microsoft Cloud Support Associate
MD-102: Endpoint Administrator
View all →

Related Projects
→ Enterprise M365 E5 Tenant→ VLAN Network Design