Active Directory Basics

Step 7 — Create a Windows Client VM and Join the Domain

In this step, you will create a second Windows Server virtual machine and join it to your Active Directory domain as a client.

Even though this machine runs Windows Server, it will behave like a standard domain-joined workstation.

Why is a server acting as a client?

In Active Directory, a client is any machine that authenticates to a domain controller and consumes directory services. The operating system does not determine the role — how the machine is used does.

In Azure labs, Windows Server is commonly reused as a client because desktop images may not be available in all regions.

1. Create the Client VM in Azure

  • Create a new Azure virtual machine
  • Image: Windows Server 2022 Datacenter
  • Virtual Machine Name: CLIENT01
  • Size: Small (B2s or similar)
  • Resource Group: Same resource group as the domain controller
  • Virtual Network: Same VNet as the domain controller

The client and domain controller must be on the same virtual network for domain join and authentication to work.

2. Connect to the Client VM

  • Once deployment completes, connect via RDP
  • Log in using the local administrator account

3. Configure DNS (Critical Step)

Before joining the domain, the client must use the domain controller for DNS resolution.

  1. Open Network Connections
  2. Right-click the active network adapter → Properties
  3. Select Internet Protocol Version 4 (IPv4)
  4. Select Properties
  5. Set Preferred DNS server to the domain controller’s private IP address
  6. Select OK
Why this matters

Active Directory relies entirely on DNS to locate domain controllers. Incorrect DNS is the most common cause of domain join failures.

4. Join the Domain

  1. Open Settings → System → About
  2. Select Join a domain
  3. Enter your domain name (e.g., lab.local)
  4. Authenticate with a domain administrator account
  5. Restart the computer when prompted

5. What Happens During a Domain Join?

  • A computer account is created in Active Directory
  • A secure trust relationship is established with the domain
  • The client begins authenticating against the domain controller
  • Group Policy becomes applicable to the machine

This behavior is identical regardless of whether the OS is Windows Server or Windows Desktop.

6. Verify Domain Join

  • After reboot, log in using a domain user account
  • Confirm the device shows as domain-joined
  • Locate the computer account in Active Directory
  • By default, the computer appears in the Computers container

In the next step, you will move this computer into the correct branch OU.

Is This Common in Real Environments?

Yes. While end users typically run Windows desktop editions, the underlying Active Directory behavior is the same. Many labs, test environments, and jump hosts use Windows Server as a client.

What matters is understanding the authentication flow, DNS dependency, and policy application — not the OS branding.

Checkpoint

  • CLIENT01 exists on the same VNet as the domain controller
  • DNS is set to the domain controller’s private IP
  • The machine successfully joined the domain
  • A computer account exists in Active Directory

If all of these are true, your Active Directory environment is now fully functional.