Reading Time: 1 minute
Share:
Twitter
LinkedIn
Facebook
Reddit
Whatsapp
Follow by Email

As I continue using terraform with Microsoft Azure, I keep finding cool stuff. In this short blog post, I am going to show you how to join an Azure Virtual Machine to an Active Directory Domain using a VM Extension. The below example can be added to your existing VM creation Terraform files.

The code

resource "azurerm_virtual_machine_extension" "domjoin" {
name = "domjoin"
location = "${var.location}"
resource_group_name = "${var.image_resource_group}"
virtual_machine_name = "${var.prefix}"
publisher = "Microsoft.Compute"
type = "JsonADDomainExtension"
type_handler_version = "1.3"
# What the settings mean: https://docs.microsoft.com/en-us/windows/desktop/api/lmjoin/nf-lmjoin-netjoindomain
settings = <<SETTINGS
{
"Name": "pixelrobots.co.uk",
"OUPath": "OU=Servers,DC=pixelrobots,DC=co,DC=uk",
"User": "pixelrobots.co.uk\\pr_admin",
"Restart": "true",
"Options": "3"
}
SETTINGS
protected_settings = <<PROTECTED_SETTINGS
{
"Password": "${var.admin_password}"
}
PROTECTED_SETTINGS
depends_on = ["azurerm_virtual_machine.vm"]
}
view raw domjoin.tf hosted with ❤ by GitHub

So, what I do is save this code to a new Terraform file called domjoin.tf

As you can see from the code, I am using a lot of variables. They are all stored in my variables.tf file. Then under the settings section I enter the details of the Domain Name, OU Path and the User that has the correct permissions to join to the domain.

Under the Protected_Settings section I reference the password variable from my variables.tf file. This password is the password for the user we used above.

Now the last bit Depends_on. Here we need to enter the resource ID from a Terraform file that creates the VM. For this example I am using azurerm_virtual_machine.vm. You will only ever need to change the vm bit.

Once you have finished updating the code with your settings. Save it into the same folder as your other Terraform files. Now when you craete a VM using Terraform, it will also join it to the Domain.

I hope you found this article helpful. If you have any questions please reach out.

Share:
Twitter
LinkedIn
Facebook
Reddit
Whatsapp
Follow by Email

Pixel Robots.

I’m Richard Hooper aka Pixel Robots. I started this blog in 2016 for a couple reasons. The first reason was basically just a place for me to store my step by step guides, troubleshooting guides and just plain ideas about being a sysadmin. The second reason was to share what I have learned and found out with other people like me. Hopefully, you can find something useful on the site.

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

*

I agree