avdaccelerator icon indicating copy to clipboard operation
avdaccelerator copied to clipboard
verified publisher icon Azure

Automatically Domain Join Azure Files for AD DS

Open edm-ms opened this issue 4 years ago • 4 comments

It may be possible for us to automatically domain join an Azure Files storage account using a deployment script and Azure Image Builder.

We could prompt for domain credentials, and then pass parameters to the deployment script that AIB will inject into the VM. The VM can be domain joined, download the PowerShell cmdlets, run the commands, and then delete the VM.

We would likely use a service principal or potentially a managed identity attached to the VM (need to test) so that we could authenticate to Azure. This tends to be a challenging step in the deployment so if we could automate this it would be very beneficial.

edm-ms avatar Jan 13 '22 14:01 edm-ms

Thinking more about this we don't need AIB. We can deploy any marketplace Windows VM, use the domain join extension, and then use a custom script extension to domain join the storage account.

  1. Create Windows x VM
  2. Assign managed identity with access to authenticate to Azure
  3. Domain join VM
  4. Run custom script extension to join storage account to domain
  5. Delete VM

edm-ms avatar Jan 15 '22 13:01 edm-ms

Investigating available options

danycontre avatar Mar 01 '22 19:03 danycontre

Missing VM deletion

cc: @nataliakon

danycontre avatar Jun 06 '22 14:06 danycontre

@nataliakon created/tested the code to deliver this feature.

We still need to build the code to delete the VM.

danycontre avatar Jul 20 '22 11:07 danycontre

VM role changed to a management VM that will be used for additional workflows, no need to be deleted for now

danycontre avatar Nov 01 '22 20:11 danycontre