Share via


Using an Azure Resource Manager Template to domain join an existing Windows VM to an Existing Domain

Hello everyone,

 

In this quick article I show how we can use custom template deployment to domain join a Windows virtual machine on Azure to an existing domain that the virtual machine has access without the need to logon to the VM.

 

For this template to work we do have some prerequisites that must be met:

  1. Virtual machine to join to a domain must exist beforehand
  2. An Active Directory Forest must exist and a Domain Controller must be accessible by the virtual machine either on-premises or in Azure
  3. The user that is required in this template must have the necessary rights to join computers to an Active Directory Domain
  4. Domain DNS Name must be resolved by the virtual machine

 

Details about some of the parameters that will be presented to us when using this template:

  1. location - current location of the exising virtual machine. E.g. West US.
  2. dominJoinUserName - this parameter must be in domain\username notation, where domain is the NetBios name of the domain. E.g. contoso\myAdmin
  3. ouPath - This is an optional parameter that allows you to join this virtual machine into a specific OU instead of the default Computers container. E.g. OU=MyCorpComputers,DC=Contoso,DC=com

 

This deployment uses the “Deploy to Azure” button of the Azure Quickstart Templates that brings the custom template deployment blade on Azure Portal (https://portal.azure.com).

 

In order to domain join a virtual machine, please follow these steps:

image

image

 

  1. Go to the following Azure quick start template (201-vm-domain-join-existing)
    https://azure.microsoft.com/en-us/documentation/templates/201-vm-domain-join-existing/
  2. Click “Deploy to Azure” button
  3. Type the virtual machine name in “VM (string)” field on “Parameters blade”
  4. Type the location name (e.g. “East US”) in “LOCATION (string)” field
  5. Type “domain\username” in “DOMAINJOINUSERNAME (string)”, this is a user that has rights to domain join a computer on Active Directory domain, make sure you match the domain name and username with a valid user in the domain that has rights to perform computer domain join operation.
  6. Type the user’s password in “DOMAINJOINUSERPASSWOD (securestring)”
  7. Type domain FQDN in “DOMAINFQDN (string)”
  8. Click “OK”
  9. Back to “Custom deployment” blade, make sure you select “Use existing” at Resource group section and select the resource group where the virtual machines is located in the combo box
  10. Click “Review legal terms” on “Purchase” blade
  11. Click “Purchase”
  12. Click “Create” on “Custom deployment”

 

That’s it for this post, simple and fast, we don’t even need to logon to the computers in order to domain join them Smile.

 

Regards

 

Paulo