Objective 

Organizations looking to modernize their infrastructure often ask whether ADManager Plus can be hosted on Microsoft Azure. Hosting ADManager Plus on Azure helps centralize Active Directory management, improve availability, and support hybrid environments. This guide explains how to deploy ADManager Plus on an Azure virtual machine, configure connectivity to on-premises Active Directory, and ensure a secure and scalable setup.

Prerequisites   

Before deploying ADManager Plus on Azure, ensure the following are in place:

1. Azure virtual machine requirements

• OS: Windows Server 2016 or later

• Size: Minimum 4vCPUs and 8GB RAM

• Static private IP (public IP if external access is needed)

• Remote access secured via VPN, Azure Bastion, or network security group (NSG) rules

2. Active Directory connectivity

• Azure VM must reach on-premises domain controllers over:

• LDAP/LDAPS: TCP 389 or 636

• RPC: TCP 135 and dynamic range 49152–65535

• DNS: TCP/UDP 53

• Domain DNS server must be configured on the VM's NIC

3. Firewall and network configuration

• Allow traffic from Azure VM to on-premises AD and DNS servers

• It is recommended to use a site-to-site VPN or Azure ExpressRoute

4. Installation files

• Latest ADManager Plus installer

• Java JDK (bundled with installer)  

Steps to follow 

 Step 1: Provision a Windows VM in Azure   

1. Use the Azure Portal to create a VM with the above specs.

2. Assign a static private IP.

3. Enable RDP (port 3389) for remote access.

 Step 2: Join the Azure VM to your domain (optional but recommended)   

1. Join the VM to your on-premises or hybrid Active Directory domain.

2. Ensure domain connectivity via a VPN or ExpressRoute.

 Step 3: Install ADManager Plus   

1. Download the installer from here.

2. Run the installer and follow the setup instructions.

3. Use default settings or customize ports and paths as needed.

 Step 4: Configure Directory/Application Settings in ADManager Plus   

1. Log in to ADManager Plus

2. Navigate to Directory/Application Settings > Active Directory > Add Domain.

3. Enter your Domain Name and domain controller IP.

4. Provide domain admin credentials in the Domain Username and Domain Password fields.

5. Click Add.

 Step 5: Open required ports   

1. Ensure the following ports are allowed in Azure NSGs and the VM’s firewall:

• TCP 389 and 636 (LDAP/LDAPS)

• TCP 445 and 135 (SMB/RPC)

• TCP/UDP 53 (DNS)

• HTTP/HTTPS: Default ports 8080 or 8443 for web UI access

2. Set up SSL/TLS for secure browser access (optional).

 Tips 

• Use Azure Bastion, just-in-time RDP access, or a jump server to securely access the VM.

• Enable HTTPS access using a trusted SSL certificate to protect web-based connections.

• Set up regular backups using Azure Backup or third-party tools to safeguard the ADManager Plus database and configuration files.

• Deploy a load balancer and enable high availability in ADManager Plus to ensure continuous service.

• Monitor system performance with Azure Monitor or Log Analytics to track CPU, memory, and network usage effectively.