Provisioning Active Directory environment on Azure VMs using PowerShell
2 min readApr 19, 2020
In this blog, I will review a fully automated process using Powershell, that installs and configures 2 Virtual Machines (VMs) as domain controllers in a new forest including DNS services.
The environment:
The script process:
- The main script AD2016.PS1 create the resource group, networking, and security group.
- Create the first VM (DC01).
- Run a subscript (SETDC01.PS1) using the Invoke-AzVMRunCommand which installs and configures a new forest named Contoso and promotes DC01 to the first domain controller.
In addition, the script disables the Internet Explorer enhanced security configuration, sets the firewall to off, and sets the DNS to 10.0.0.10 (local IP address) as primary and 10.0.0.20 (DC02) as the secondary DNS. - Create a second VM (DC02).
- Run a subscript (SETDC02.PS1) using the Invoke-AzVMRunCommand which installs and promotes DC02 to the second domain controller at the Contoso forest.
In addition, the script disables the Internet Explorer enhanced security configuration, sets the firewall to off, and sets the DNS to 10.0.0.10 (local IP address) as primary and 10.0.0.20 (DC02) as the secondary DNS.
Running the script :
Before running the script, verify that you have installed the AZ Powershell module: https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-3.7.0
- Since the primary script runs 2 additional scripts (SETDC01.PS1 & SETDC02.PS1) for Active directory installation and configuration, you HAVE to set the scripts at the correct location as it configured in the primary script which is at C:\Temp.
For example, the primary script as default configured to run the SETDC PowerShell scripts from C:\Temp (for example):
Invoke-AzVMRunCommand -ResourceGroupName $rgname -VMName DC01 -CommandId RunPowerShellScript -ScriptPath C:\Temp\SETDC01.PS1
This means that the only thing you should verify is that both scripts, SETDC01.PS1 & SETDC02.PS1 will be located at C:\Temp, or just point the primary script to the location of the scripts. - After both scripts location in sync with the location path of the primary script and the AZ, PowerShell module was installed on the machine which runs the script, you can start it and build the AD environment.
- It will take about 5 minutes to get the replication fully work and configured between the 2 domain controllers:
- Please do NOT log in to the VMs during the configuration process, since a user logon might interrupt the scripts process and will not reboot the VMs as needed.
- The total time takes to build the whole environment is about 40 minutes.
