ARM Template: Mass deploy domain controllers in Azure with Automation DSC

Automate, automate, AUTOMATE! Azure Resource Manager (ARM) Template gives us any possibility to automate in Azure. And I just love it!

In this post we will mass deploy three domain controllers (choose between 1 to 5) in Azure with managed disks and in an Availability Set, put them in a seperate Active Directory Site with it’s own subnet, install Active Directory and give the IaaS VM’s static IP address in an existing vNet in Azure.

Are you new to create or even read ARM Templates, then take a look at Microsoft Docs: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authoring-templates

Basically the structure is as follow:

I personally use Visual Studio Code to write all my ARM Templates and even PowerShell scripts. I highly recommend that!

Let’s begin to deploy some domain controllers!

Pre-Reqs:

  • vNet and a subnet, with correct DNS setting (pointing to existing domain controller).
  • S2S VPN between on-premise and Azure
  • Create a new site in Active Directory with correct subnet
  • Files that I’ve uploaded on my GitHub – https://github.com/pthoor/AzureARMTemplates 

The files will create:

  • AutomationAccount – ARM Template for creating Automation Account and add credentials, variables and modules (xPendingReboot, xActiveDirectory). Don’t forget to save your KEYS (RegistrationKey and RegistrationUrl) from your Automation Account!
  • Azure Automation DSC – ARM Template for deploying Iaas VM’s with managed disk and static IP address in an existing vNet. Then registers the VM’s to Azure Automation DSC with the DSC configuration ‘ADDSExistingDomain.localhost’. Choose between 1-5 VM’s to deploy.

OK. But how do we actually do it??

  1. Start PowerShell or even Visual Studio Code and connect to your Azure tenant
  2. Create a resource group for our Automation Account and one for our VM’s
  3. Create the Automation Account with the ARM Template in the AutomationAccount folder, see the PowerShell one liner below.
    The Desired State Configuration modules xPendingReboot and  xActiveDirectory will be imported to Azure Automation DSC.
    NOTE! The parameters file have to reflect your environment. You can run the script, just remove the parameter -TemplateParametersUri, then PowerShell will ask you for the correct information.
  4. Now we need to upload the DSC configuration via PowerShell and then compile it.
    1. These files need to exist on your local computer, download it from my GitHub:
      https://github.com/pthoor/AzureARMTemplates/blob/master/AutomationAccount/Import-DscConfiguration.ps1
      https://github.com/pthoor/AzureARMTemplates/blob/master/Azure%20Automation%20DSC/ADDSExistingDomain%20DSC/ADDSExistingDomain.ps1
    2. The config contains variables, domain credentials etc. that will be added to the Automation Account so they need to exist and been imported with the help of the ARM template.
    3. Then run:
  5. Now we need to grab the URL and key to our Automation Account, and put them in our Parameters File before we run the main template. I the Azure Portal, go to the Automation Account and find the Keys menu. Save these to later. 

  6. Now we reached to our main template. The VM’s will be created and connected to the DSC configuration.
    NOTE! We need to change our Parameters file due that it will ask for local admin account, existing vNet, existing subnet in that vNet, existing resource group where the vNet exists, DSC registration key and DSC registration url (that we saved in previous step).

  7. After about 30-35 minutes everything will be installed.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: