Use Terraform to join a new Azure Virtual Machine to a Domain

Published by Pixel Robots. on

Reading Time: < 1 minute

As I continue using terraform with Microsoft Azure, I keep finding cool stuff. In this short blog post, I am going to show you how to join an Azure Virtual Machine to an Active Directory Domain using a VM Extension. The below example can be added to your existing VM creation Terraform files.

The code

resource "azurerm_virtual_machine_extension" "domjoin" {
name = "domjoin"
location = "${var.location}"
resource_group_name = "${var.image_resource_group}"
virtual_machine_name = "${var.prefix}"
publisher = "Microsoft.Compute"
type = "JsonADDomainExtension"
type_handler_version = "1.3"
# What the settings mean: https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netjoindomain
settings = <<SETTINGS
{
"Name": "pixelrobots.co.uk",
"OUPath": "OU=Servers,DC=pixelrobots,DC=co,DC=uk",
"User": "pixelrobots.co.uk\\pr_admin",
"Restart": "true",
"Options": "3"
}
SETTINGS
protected_settings = <<PROTECTED_SETTINGS
{
"Password": "${var.admin_password}"
}
PROTECTED_SETTINGS
depends_on = ["azurerm_virtual_machine.vm"]
}
view raw domjoin.tf hosted with ❤ by GitHub

So, what I do is save this code to a new Terraform file called domjoin.tf

As you can see from the code, I am using a lot of variables. They are all stored in my variables.tf file. Then under the settings section I enter the details of the Domain Name, OU Path and the User that has the correct permissions to join to the domain.

Under the Protected_Settings section I reference the password variable from my variables.tf file. This password is the password for the user we used above.

Now the last bit Depends_on. Here we need to enter the resource ID from a Terraform file that creates the VM. For this example I am using azurerm_virtual_machine.vm. You will only ever need to change the vm bit.

Once you have finished updating the code with your settings. Save it into the same folder as your other Terraform files. Now when you craete a VM using Terraform, it will also join it to the Domain.

I hope you found this article helpful. If you have any questions please reach out.

Categories: AutomationAzureTerraform
Tags:

Pixel Robots.

I’m Richard Hooper aka Pixel Robots. I started this blog in 2016 for a couple reasons. The first reason was basically just a place for me to store my step by step guides, troubleshooting guides and just plain ideas about being a sysadmin. The second reason was to share what I have learned and found out with other people like me. Hopefully, you can find something useful on the site.

6 Comments

mo · April 22, 2020 at 8:00 pm

I’ve been unable to get this to work, could you published a worked example with all your files and variable settings?

Reply

    Pixel Robots. · April 29, 2020 at 11:41 am

    Hello, What error are you geting?

    Reply

Len · July 14, 2020 at 4:23 am

My repo https://github.com/lenvolk/apa_vm_extension_enable/blob/master/domjoin.tf

Error: Missing required argument

on domjoin.tf line 1, in resource “azurerm_virtual_machine_extension” “domjoin”:
1: resource “azurerm_virtual_machine_extension” “domjoin” {

The argument “virtual_machine_id” is required, but no definition was found.

Error: Unsupported argument

on domjoin.tf line 3, in resource “azurerm_virtual_machine_extension” “domjoin”:
3: location = “eastus2” #azurerm_resource_group.this.location

An argument named “location” is not expected here.

Error: Unsupported argument

on domjoin.tf line 4, in resource “azurerm_virtual_machine_extension” “domjoin”:
4: resource_group_name = “ADOTeamServicesAgent” #var.name

An argument named “resource_group_name” is not expected here.

Error: Unsupported argument

on domjoin.tf line 5, in resource “azurerm_virtual_machine_extension” “domjoin”:
5: virtual_machine_name = “vm01” #data.azurerm_virtual_machine.this.id

An argument named “virtual_machine_name” is not expected here.

Error: Reference to undeclared resource

on domjoin.tf line 24, in resource “azurerm_virtual_machine_extension” “domjoin”:
24: depends_on = [“azurerm_windows_virtual_machine.this”]

Reply

Ashish · September 29, 2020 at 4:27 pm

Thanks for the article, when i tried execution i got the error
“settings” contains an invalid JSON: invalid character ‘\r’ in string literal
“User”: “xyx.local\\user”,

Reply

    Pixel Robots. · September 29, 2020 at 5:07 pm

    Have you tried with one \ and not two? the provider may have been updated since this post.

    Reply

Ashish · October 1, 2020 at 7:09 pm

Thank you, I used to back slash as {\\} as usual, am also a bit confused little here,
The os profile block in terraform requires
computer_name = “${var.computer_name}”
admin_username = “${var.admin_username}”
admin_password = “${var.admin_password}”
How do i pass the user mentioned in the domjoin.tf file as

Reply

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

AKS

AKS VMSS node pools: 3 config models and real-world lessons with deallocated nodes

Reading Time: 2 minutesIntro I recently ran into capacity issues in Azure and saw firsthand how AKS VMSS node pools behave when you use deallocated nodes to speed up start-times. I’ll walk through the three node-pool zone models Read more

AKS

Cost-Optimised Add-on Scaling in AKS: Right-Size Your System Add-ons (Preview)

Reading Time: 6 minutesRecently, while catching up on the latest AKS release notes, I spotted a brand-new preview feature that promises to trim unnecessary CPU and memory usage from system add-ons: cost optimised add-on scaling.In a nutshell, Microsoft Read more

AKS

AKS Managed Namespaces Now in Preview

Reading Time: 4 minutesRecently while testing out the latest version of the aks-preview Azure CLI extension, I stumbled across a new preview feature: Managed Namespaces in Azure Kubernetes Service (AKS). At the time of writing, this feature hasn’t Read more