Forum Discussion
Solved
Azure CLI to join a domain
Hi, wich parameters should I add into my script to create Azure VM (Via CLI) in order to automatically join my domain?
Expect you are talking about AD DS join:
- Open the Azure CLI command prompt.
- Connect to your Azure account by running the following command:
az login3. Run the following command to enable PowerShell remoting on the VM:az vm run-command invoke -g <resource-group-name> -n <vm-name> --command-id enable-psremoting --scripts "yes" --parameters "skipNetworkProfile=false" --output json- Run the following command to join the VM to the AD DS managed domain:
az vm extension set --resource-group <resource-group-name> --vm-name <vm-name> --name DomainJoin --publisher Microsoft.Compute --version 1.0 --settings '{"name": "<domain-name>","user": "<domain-username>","restart": "true", "options": 3}'- Kidd, I should run this after the VM is created or while its creation?
- Guys, sorry If I got confused but, do I need to join the VM into the domain AFTER the VM is created, then I run a command via "Azure Run Command" via Portal, or can I join it into the domain while creating the machine?
Obviously, you cannot do it before it is created 🙂
If you deploy the VM using a template (e.g. ARM) you can add a JsonADDomainExtension resource to the template and the VM will be joined to AD Domain when it is created. You can also use Powershell or CLI to add the extension to the VM after creation.
You cannot do it using the Run Command feature in Azure portal as the script will run in Local System context and will (hopefully) not have permissions to join the domain.
- az vm extension set command with the following parameters to join the VM to your domain:
--vm-name: The name of the VM that you created in the previous step.
--resource-group: The name of the resource group where the VM is located.
--name: The name of the extension. For Azure AD join, you need to use AADLoginForWindows.
--publisher: The publisher of the extension. For Azure AD join, you need to use Microsoft.Azure.ActiveDirectory.
--version: The version of the extension. For Azure AD join, you need to use 1.0.
--settings: The settings for the extension. For Azure AD join, you need to provide a JSON object with the following property:
"mdmId": The ID of your Azure AD tenant. You can find it by using az account show --query tenantId.
Example:
# Create an Azure VM
az vm create \
--name myVM \
--resource-group myRG \
--image Win2019Datacenter \
--admin-username azureuser \
--admin-password P@ssw0rd1234 \
--authentication-type password \
--size Standard_D2s_v3 \
--location eastus
# Join the VM to your domain
az vm extension set \
--vm-name myVM \
--resource-group myRG \
--name AADLoginForWindows \
--publisher Microsoft.Azure.ActiveDirectory \
--version 1.0 \
--settings '{"mdmId": "0000000a-0000-0000-c000-000000000000"}' I suppose you are refering to a Windows VM image. You should add a Joindomain extension to the Windows VM, using az vm extension set. This, of course, requires domain credentials to allow a VM to join the domain.
You can help the community if you post your bash script (without domain info).
/Kenneth ML
Oh yes, sure.
This is the script that I am using right now as base of it (after using az login and after changing to the right subscription (where I do want to deploy the VM). But I do not know the right syntax in order to make the VM to join the domain, unfurtunately.
Let me show you in the screenshot.When I run this command, I receive this error: "argument --public-ip-address: expected one argument"
If you don't want to a assign a public IP address, you should remove the argument and not just assign an empty value otherwise put in a name for the PIP (or resource id for existing PIP).
/Kenneth ML
