Create two virtual machines in Azure; One with Windows server and the other running Windows 10. Ensure both are using two cores then ensure they are both on the same network using network watcher and using the topology feature shown on the left side of the screen in the Azure portal interface.
The virtual machine with Windows server installed will be the Domain Controller and is called DC-1 in this example. From the virtual machine page go to networking and then click the text next to network interface to continue with the demonstration.
From the network interface page click on ip configurations and then ipconfig1 to set the IP to static.
Open the client on remote desktop and from a command line type in ping -t and then the Domain Controller's private IP address. This will lead to a request time out. To enable traffic go onto the server and go to windows firewall with advance security maximize the window then click on inbound rules sort by protocol and then enable the first two ICMPv4 rules.
To install active directory click on server manager and then to add roles and features.
Click on the flag in server manager and then promote to Domain controller. This will open this window click on add new forest and name your domain. You will have to set a password but we will not use it for this demonstration. This installation will require the VM to restart login in using yourdomain.com a '\' and then the username you made for the VM.
Once you've logged back into the Domaain Controllwer click on tools and then scroll to Active Directory and Users and then right click on your domain click new and create three organizational units: _EMPLOYEES, _ADMINS, _CLIENTS.
Go to the admin organizational unit you created and creat a new user by right clicking and going to new and then user and make sure to set the password to never expire. Use this account for the rest of the demonstration.
Go to the virtual machine that will be the client's network interface and then click on DNS Servers to set the DNS server to the private IP address of the Domain Controller.
Once you've done this restart the client and log back into it. Right click on the windows icon and click system and then rename the PC advanced to change the domain. Once you type in your domain use your admin login to join the client to the domain which will iniiate another restart.
Login into the client with your admin account and go to the system settings and go to remoter desktop and the select users who can access this PC and add Domain Users to allow non-admin accounts to use remote desktop.
Use this link to copy a raw script and then open windows power shell ISE as an administrator from the Domain Controller. Click on file then new and then paste script and then click the green play button on top to run the script. This script requires you to have an OU named _EMPLOYEES. This will generate a numerous amount of accounts with the same password: password1. Use one of these accounts to login into your client to conclude the demonstration.