What is currently deployed with the lab?
All deployed with a PowerShell command and the use of a JSON template. I am in the process of trying to convert this to Bicep to make this a more complete experience. Examples of Bicep files can be found here.
Simply run this file and provide the rquired parameters.
PowerShell
##Populate as needed for housing AD components
$rgLocation = read-host "Which Location?"
$rgName = read-host "Please provide RG Name"
$fileURI = "https://raw.githubusercontent.com/fskelly/azure-lab/main/01-activeDirectory/templates/domaincontrollerAzureDeploy.json"
## add tags if you want to add metadata
$tags = @{"Purpose"="Identity"; "Can Be Deleted"="no"}
#use this command when you need to create a new resource group for your deployment
$rg = New-AzResourceGroup -Name $rgName -Location $rgLocation
New-AzTag -ResourceId $rg.ResourceId -Tag $tags
New-AzResourceGroupDeployment -ResourceGroupName $rgName -TemplateUri $fileURIThis is the start of the native bicep components. This deploys all the requirements for Point-to-Site connectivity to be established. There is still some additional work you would need to do based upon the type of VPN connection you want to use. I, personally, use OpenVPN and these instructions, specifically for the certificate commands.
Components
Remember a Virtual Network Gateway will take some time to provision.
This extends the functionality of the Virtual Network gateway to allow site-to-site connections. You will need to be able to provide a gatewayIP, this is your router's / firewall's public ip address. Depending on your device, the steps for completing the VPN connection will be different. You will also need to provide your local ip range.
Components
Connectivity Vnet - Virtual network connected to Virtual Network Gateway and Local Network Gateway.
Identity Vnet - Virtual network with the domain controllers deployed with the first PowerShell Script.
Another extension that connects these two vnets together.
Components