Forum Discussion

experi18's avatar
experi18
Brass Contributor
Oct 04, 2023
Solved

Azure CLI to join a domain

Hi, wich parameters should I add into my script to create Azure VM (Via CLI) in order to automatically join my domain?
  • KennethML's avatar
    KennethML
    Apr 24, 2024

    experi18 

    It works the same way whether you use Bash (Az CLI) or Powershell. I don't use Az CLI a lot, so I don't know the commands and parameters.

     

    The OUPath parameter is doing exactly that.

KennethML's avatar
KennethML
MCT
Apr 24, 2024

Hi experi18 

2: If you use Powershell script to create the VM, like New-AzVm, you can add the Set-AzVMADDomainExtension cmdlet to the script (https://learn.microsoft.com/en-us/powershell/module/az.compute/set-azvmaddomainextension?view=azps-11.5.0). You need to add a credential object that has the ability to join a computer to the domain, I often use a service account with a secret in a Key Vault, which I can use from deployment API, you can also get the secret from a Key Vault with Powershell and use that.

 

1: ARM template for domain joining a VM named "vm-name" is this:

 

{
  "type": "Microsoft.Compute/virtualMachines/extensions",
  "apiVersion": "2022-08-01",
  "name": "[concat('vm-name', '/joindomain')]",
  "location": "[resourceGroup().location]",
  "dependsOn": [
    "[resourceId('Microsoft.Compute/virtualMachines', 'vm-name')]"
  ],
  "properties": {
    "publisher": "Microsoft.Compute",
    "type": "JsonADDomainExtension",
    "typeHandlerVersion": "1.3",
    "autoUpgradeMinorVersion": true,
    "settings": {
      "Name": "[parameters('domainToJoin')]", // contoso.com
      "OUPath": "[parameters('ouPath')]", // OU=servers,DC=contoso,DC=com
      "User": "[concat(parameters('domainToJoin'),'\\',parameters('adminUsername'))]", // contoso.com\\svc-vm-ad-join-account
      "Restart": "true",
      "Options": "3"
    },
    "protectedSettings": {
      "Password": "[parameters('adminPassword')]"
    }
  }
}

 

3: It doesn't seem to be possible to add the AdDomainJoin extension from the portal.       
 
Hope it makes sense.
 
experi18's avatar
experi18
Brass Contributor
Apr 24, 2024
Hi Kenneth, thanks a lot for your time and help on this. Actually, I create the VM with the command "az vm create -g xxx -n xxx"

Do you think this will work the same?

I'll take a look at the link you provided to me to better understand, but that's basically what I need.
And yes, I would use a service account with the password on a KeyVault.

I have another question for you (if I may)

Is there a way as well to as soon as the machine is created / joined into the domain, it is moved to the correct OU (organizational unit) as well?
  • KennethML's avatar
    KennethML
    MCT
    Apr 24, 2024

    experi18 

    It works the same way whether you use Bash (Az CLI) or Powershell. I don't use Az CLI a lot, so I don't know the commands and parameters.

     

    The OUPath parameter is doing exactly that.

Resources