Step-by-Step: Auto-join a Member Server VM to Active Directory Domain in the Azure Cloud with VM Agent Custom Script Extension

In a prior article, we walked through the process of auto-provisioning a new Windows Server Active Directory domain in the Cloud using a custom script that was processed via the Microsoft Azure VM Agent Custom Script Extension.  In this article, we’ll build upon this scenario by auto-joining a new Windows Server VM as a member server to this Active Directory domain.

Task 1: Getting Started

You can leverage the Custom Script Extension when provisioning Virtual Machines from the Azure Management Portal as well as from within the Azure PowerShell Module. But first, you’ll need an active Azure subscription …

• SIGN-UP: Free Microsoft Azure Subscription

Once you have an active Azure subscription, you can head over to the Microsoft Azure Management Portal to provision and manage Azure cloud resources.

• LAUNCH: Microsoft Azure Management Portal

If you’ve not yet followed the steps in my prior article to auto-provision a new Windows Server Active Directory domain within your Microsoft Azure subscription, be sure to perform those steps first and then come back here to continue after your Active Directory domain is up and running.

• DO IT: Auto-Provision a New Active Directory Domain in the Azure Cloud

The Virtual Network and Active Directory domain that you built in this first article will be leveraged in the steps below to join a new Windows Server VM as a member server in this domain.

Task 2: Create a Custom Script to Auto-Join to an Active Directory Domain

When provisioning a new Windows Server VM via the Azure Management Portal, we’ll supply a custom script that will be downloaded and executed inside the VM as part of its post-provisioning process by the VM Agent Custom Script Extension.  We’ll create this script and save it locally as a PowerShell script named joindomain.ps1.

$domainName = $args[0]

$username = $args[1]

$password = $args[2]

Set-DnsClient `
-InterfaceAlias "Ethernet*" `
-ConnectionSpecificSuffix $domainName

$securePassword = ConvertTo-SecureString $password `
-AsPlainText `
-Force

$cred = New-Object System.Management.Automation.PSCredential($username, $securePassword)

Add-Computer -DomainName $domainName -Credential $cred -Restart –Force

joindomain.ps1 – Sample Script to Auto-Join to Windows Server AD domain

Note that we’re supplying the following three variable values as parameters in the script above:

• $domainName – the name of the Windows Server AD domain to which we will join this new member server.
   
• $username – the name of an AD domain user account in DOMAIN\Username format that has permissions in AD to join new computers.
   
• $password – the password associated with the AD domain user account specified above.

By specifying these values as parameters, we can leverage this script as a general script for joining member servers to any domain and also avoid setting any hard-coded domain user account security credentials within the script file.

Task 3: Provision an Azure Virtual Machine

Using the Microsoft Azure Management Portal, we’ll provision a new Azure VM with a new unique Virtual Machine Name. This will be the Azure VM that we’ll auto-join as a member server to the Active Directory domain we previously built on our Azure Virtual Network.  When provisioning this VM, you can use the same general steps as listed in Task 4 in my prior article. 

Tip! When provisioning this new virtual machine, be sure to select the same Azure Virtual Network when prompted.  This will permit the new VM to properly find and communicate with the Active Directory domain controller previously provisioned.

On the last page of the Virtual Machine Configuration wizard, follow these steps:

1. Check the Custom Script checkbox option.
    
2. In the Script field, click the From Local button and browse to the joindomain.ps1 script file saved in Task 2 above.
    
3. In the Arguments field, specify the Active Directory domain name, Domain credentials in DOMAIN\username format for a user account that has permissions to add new computers to this domain, and the Password for that user account.
    
   
   Azure Management Portal – Specify joindomain.ps1 Custom Script
    
4. Click    to begin the virtual machine provisioning process.

After the Virtual Machine is up and in a Running state, the custom script will be downloaded into the VM and executed via the VM Agent Custom Script Extension.  A few minutes later, the script will complete, and the VM will be automatically restarted as a new member server in the Active Directory domain.

Continue your Hybrid Cloud learning!

In this article, we’ve used the Azure VM Agent Custom Script Extension to quickly provision a new member server in an Active Directory domain.  In future articles, we’ll look at leveraging the Custom Script Extension to provision other workloads as well.

To continue your learning on Microsoft Azure and Hybrid Cloud, be sure to join our FREE Hybrid Cloud study track in our online Early Experts study group!

• JOIN US! Become an Early Expert on Hybrid Cloud