Friday, July 23, 2021

Domain joining a VMSS (virtual machine scaleset)

 This article will provide a automatic solution to domain join of VMSS in Azure. Virtual machine scale set allow you to dynamically add multiple copies of the 'same' machine to a 'group' so you can scale up to address peaks in load and then scale back down again. The simple use case is increased load due to month end processing of salary on systems.

I tried domain join on windows machine when VMSS is scaled up. This needs to be handled automatically as the machine does not exist beforehand its dynamically built from a previously created image.

There is no option in portal, so we can run below powershell command.

$Settings = @{

        "Name" = "";

        "User" = "DOMAIN\USERNAME";

        "Restart" = "true";

        "Options" = 3;

        "OUPath" = "OU=TEST,OU=My Computers,DC=yourdomain,DC=onmicrosoft,DC=com"


    $password = 'SomeReallyComplexPassword'

    $ProtectedSettings =  @{

            "Password" = $password


    $rgName = "yourgname"

    $scaleSetName = "yourvmssname"

    $vmss = Get-AzureRmVmss -ResourceGroupName $rgName -VMScaleSetName $scaleSetName

    $vmss = Add-AzureRmVmssExtension -VirtualMachineScaleSet $vmss -Publisher "Microsoft.Compute" -Type "JsonADDomainExtension"  -TypeHandlerVersion 1.3  -Name "vmssjoindomain" -Setting $Settings -ProtectedSetting $ProtectedSettings -AutoUpgradeMinorVersion $true

After that extension is added any existing servers will need to have the model upgraded to activate the extension - but any new servers will instantly pick it up.

(small addition in here - while the above method works fine - any further extensions will not  be  added until the following is explicitly run

az vmss update-instances --resource-group yourrgname --name yourvmssname --instance-ids *


The new servers all then get put in the right OU automatically, all domain services are available and group policies etc can flow down to the scaleset machines - all very neat.