Last Update: Sep 04, 2024 | Published: May 26, 2016
In today’s Ask the Admin, I’ll show you how to deploy a Windows Server 2012 R2 VM in Azure and join it to an existing Active Directory (AD) domain.
This tutorial uses Azure Resource Manager (ARM) to deploy a virtual machine and join it to a domain. If you need a primer on ARM and how to work with templates, or want to deploy a new AD domain in Azure, take a look at “Provision a domain using a Microsoft Azure Resource Manager template” on the Petri IT Knowledgebase.
As in the previous article, I’m going to use a readymade template, 201-vm-domain-join, from the quick-start gallery on GitHub. First we need to get the template URI:
Before you can start working with the PowerShell ARM cmdlets, you’ll need to make sure that you’ve got Microsoft Azure PowerShell 1.0 or later installed on your system. For more information, see “Install Azure PowerShell 1.0 Preview” on Petri.
The 201-vm-domain-join template creates a new VM in the same Resource Group (RG) as the domain controllers. Some additional variables are also required, including the name of the virtual network (VNET), subnet, AD domain administrator username and password, and a local administrator username and password for the new VM. To keep it simple, I’ll specify the same VNET and subnet that host my domain controller in Azure.
The code below logs in to Azure ARM and selects the first available subscription associated with the given Microsoft Account. The account credentials must be entered manually when prompted. The Resource Group name is then set ($rgName), and Azure region ($location). I’ve included some error checking to throw an error if the RG doesn’t exist and if the DNS name specified for the new VM is already in use.
Login-AzureRmAccount $subs = Get-AzureRmSubscription Select-AzureRmSubscription -TenantId $subs[0].TenantId -SubscriptionId $subs[0].SubscriptionId $rgName ='contosodcs' $location = 'North Europe' $domainPassword = 'passW0rd!' $vmPassword = 'passW0rd!' $vmName = 'srv1' # Check availability of DNS name If ((Test-AzureRmDnsAvailability -DomainQualifiedName $vmName -Location $location) -eq $false) { Write-Host 'The DNS label prefix for the VM is already in use' -foregroundcolor yellow -backgroundcolor red throw 'An error occurred' } # Create New Resource Group # Checks to see if RG exists # -ErrorAction Stop added to Get-AzureRmResourceGroup cmdlet to treat errors as terminating try { Get-AzureRmResourceGroup -Name $rgName -Location $location -ErrorAction Stop } catch { Write-Host "Resource Group doesn't exist" -foregroundcolor yellow -backgroundcolor red throw 'An error occurred' }
In the code below, I’ve defined the parameters in a hash table, and then splat them to the New-AzureRmResourceGroupDeployment cmdlet, which deploys the resources defined in the template to the specified Resource Group. Values for some of the parameters, such as existingVNETName and existingSubnetName, are taken from the existing domain deployment.
$newVMParams = @{ 'ResourceGroupName' = $rgName 'TemplateURI' = 'https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/201-vm-domain-join/azuredeploy.json' 'existingVNETName' = 'adVNET' 'existingSubnetName' = 'adSubnet' 'dnsLabelPrefix' = $vmName 'vmSize' = 'Standard_A2' 'domainToJoin' = 'ad.contoso.com' 'domainUsername' = 'adadmin' 'domainPassword' = convertto-securestring $domainPassword -asplaintext -force 'ouPath' = '' 'domainJoinOptions' = 3 'vmAdminUsername' = 'azureuser' 'vmAdminPassword' = convertto-securestring $vmPassword -asplaintext -force } New-AzureRmResourceGroupDeployment @newVMParams
The New-AzureRmResourceGroupDeployment can take a long time to deploy the resources defined in the template, so while it may appear to have hanged, if there’s a problem with the deployment, you’ll receive an error message fairly quickly. No output usually indicates the deployment is running successfully. You can check to see if the VM is being deploying by checking its status in the Azure management portal.
For convenience once the deployment is complete, I output the URL to connect to the VM via Remote Desktop.
# Display the RDP connection string $rdpVM = Get-AzureRmVM -ResourceGroupName $rgName -Name $vmName $rdpString = $vmName + '.' + $rdpVM.Location + '.cloudapp.azure.com' Write-Host 'Connect to the VM using the URL below:' -foregroundcolor yellow -backgroundcolor red Write-Host $rdpString
In this Ask the Admin, I showed you how to deploy a VM and join in to an existing Active Directory domain running in Azure, using an ARM template from the quick-start gallery.