Share via

Azure VM - How can I join it to a domain via PowerShell?

kStropes 5 Reputation points
2023-10-03T18:48:14.06+00:00

Hello,

I'm working on a solution to automate the creation of Azure virtual machines and add them to my domain (Active Directory domain, not Azure AD). At this point, I can create the VM from a captured image and install the joindomain extension by using the Set-AzVMADDomainExtension cmdlet.

At first, I thought this cmdlet would also join the machine to the domain. Upon further reading, it seems like this cmdlet only gives me to ability to join a domain. So, how can I join a domain without having to log in locally to the machine? I've gone down the road of WinRM and I'm hoping that there's an easier solution.

Note: I'm attempting to run the script from my laptop, instead of Azure CLI. If I'm able to do this from the Azure CLI, then I would be more than happy to switch/figure out how to use that method.

-Kory

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
9,013 questions
Windows for business Windows Client for IT Pros Directory services Active Directory
Windows for business Windows Server User experience PowerShell
Windows for business Windows Client for IT Pros User experience Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. kStropes 5 Reputation points
    2023-10-05T19:51:09.36+00:00

    I used the following article to help configure the remote, stand-alone machine and my local, AD joined machine.

    https://4sysops.com/archives/enable-powershell-remoting-on-a-standalone-workgroup-computer/

    Once the machines have been configured as described in the article, I was then able to verify that I could remotely join the machine to the domain using the commands below.

    $s = New-PSSession -ComputerName $IPAddress -Credential $localCreds #$localCreds being a local admin account for the remote machine.

Invoke-Command -Session $s -ScriptBlock {Add-Computer -DomainName $using:domain -Credential $using:domainCred -OUPath $using:ouPath -Restart} #$domainCred being a domain account that has rights to join computers to the domain.

Remove-PSSession -Session $s
    1 person found this answer helpful.
  2. v-vvellanki-MSFT 4,920 Reputation points Microsoft External Staff
    2023-10-04T07:50:40.7733333+00:00

    Hi @kStropes ,

    Yes, you are correct that the Set-AzVMADDomainExtension cmdlet only installs the extension that allows the VM to join a domain. To actually join the VM to the domain, you will need to use the Add-Computer cmdlet.

    To join the VM to the domain without logging in locally, you can use PowerShell remoting. Here are the high-level steps:

    • Enable PowerShell remoting on the VM.
    • Use the Invoke-Command cmdlet to run the Add-Computer cmdlet on the remote VM.

    Here is an example command to join a VM to a domain using PowerShell remoting:

    $cred = Get-Credential

$vm = Get-AzVM -ResourceGroupName "myResourceGroup" -Name "myVM"

Invoke-Command -ComputerName $vm.Name -Credential $cred -ScriptBlock {
    param (
        $DomainName,
        $Credentials
    )

    Add-Computer -DomainName $DomainName -Credential $Credentials -Restart
} -ArgumentList "myDomain.com", $cred

    In this example, you will be prompted to enter the credentials for a user that has permission to join the VM to the domain. You will also need to replace "myResourceGroup", "myVM", and "myDomain.com" with the appropriate values for your environment.

    I hope this helps!

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.