Share via

Azure VM - How can I join it to a domain via PowerShell?

kStropes 5 Reputation points
2023-10-03T18:48:14.06+00:00

Hello,

I'm working on a solution to automate the creation of Azure virtual machines and add them to my domain (Active Directory domain, not Azure AD). At this point, I can create the VM from a captured image and install the joindomain extension by using the Set-AzVMADDomainExtension cmdlet.

At first, I thought this cmdlet would also join the machine to the domain. Upon further reading, it seems like this cmdlet only gives me to ability to join a domain. So, how can I join a domain without having to log in locally to the machine? I've gone down the road of WinRM and I'm hoping that there's an easier solution.

Note: I'm attempting to run the script from my laptop, instead of Azure CLI. If I'm able to do this from the Azure CLI, then I would be more than happy to switch/figure out how to use that method.

-Kory

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,585 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,244 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,988 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,329 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. kStropes 5 Reputation points
    2023-10-05T19:51:09.36+00:00

    I used the following article to help configure the remote, stand-alone machine and my local, AD joined machine.

    https://4sysops.com/archives/enable-powershell-remoting-on-a-standalone-workgroup-computer/

    Once the machines have been configured as described in the article, I was then able to verify that I could remotely join the machine to the domain using the commands below.

    $s = New-PSSession -ComputerName $IPAddress -Credential $localCreds #$localCreds being a local admin account for the remote machine.

Invoke-Command -Session $s -ScriptBlock {Add-Computer -DomainName $using:domain -Credential $using:domainCred -OUPath $using:ouPath -Restart} #$domainCred being a domain account that has rights to join computers to the domain.

Remove-PSSession -Session $s
    1 person found this answer helpful.
  2. v-vvellanki-MSFT 4,915 Reputation points Microsoft Vendor
    2023-10-04T07:50:40.7733333+00:00

    Hi @kStropes ,

    Yes, you are correct that the Set-AzVMADDomainExtension cmdlet only installs the extension that allows the VM to join a domain. To actually join the VM to the domain, you will need to use the Add-Computer cmdlet.

    To join the VM to the domain without logging in locally, you can use PowerShell remoting. Here are the high-level steps:

    • Enable PowerShell remoting on the VM.
    • Use the Invoke-Command cmdlet to run the Add-Computer cmdlet on the remote VM.

    Here is an example command to join a VM to a domain using PowerShell remoting:

    $cred = Get-Credential

$vm = Get-AzVM -ResourceGroupName "myResourceGroup" -Name "myVM"

Invoke-Command -ComputerName $vm.Name -Credential $cred -ScriptBlock {
    param (
        $DomainName,
        $Credentials
    )

    Add-Computer -DomainName $DomainName -Credential $Credentials -Restart
} -ArgumentList "myDomain.com", $cred

    In this example, you will be prompted to enter the credentials for a user that has permission to join the VM to the domain. You will also need to replace "myResourceGroup", "myVM", and "myDomain.com" with the appropriate values for your environment.

    I hope this helps!