Using PowerShell to create a Windows VM Hosted AD and join VM's to that Domain - in Windows Azure

There seem to be numerous PowerShell snippits of scripts out there to create an AD and to join VM's to that domain. However this Microsoft article ( to suggest that people are still having difficulties doing so, myself included and it took hours of trial and error to get the scripts correct.

So I thought that I would document exactly what I have got that now works every time (for me at least). My intention is that there would be nothing missing to get this to work.

So we are going to use two PowerShell scripts, one to create a VM that will have AD installed on it, and a second to create a VM that is automatically joined to that domain all hosted in Azure.

There are numerous prerequisites that are still needed in order to get this script to work. I.e. the script depends on you having an Azure subscription with the following items already created: Storage Account, Certificate, Publish settings file, Affinity Group, Virtual Network and subnet. These can all be created by following the link above.

You also need to have Azure Powershell installed, and use the PowerShell ISE (Integrated scripting environment). Microsoft have released the October version  with new features. One of those new features is the ability to use Azure AD support to configure Powershell to integrate with your Azure subscription (see, which is great as it prevents having to download and specify a .publishsetings file and creating, uploading and installing a certificate and specifying it  in your scripts. 

However this version (0.7.0) of the Azure PowerShell cmdlets also has a bug that prevents the  function that joins VM's to a domain, as per ( This means that you need an older version of the Azure PowerShell cmdlets, namely June's version which is 0.6.19. This should get resolved in early November. 

*Update according to the post from Steven Schneider the 0.7.1 release has this fixed.

You can get this from the Microsoft download site or from here.

So the scripts are also here. You need two. The first creates a base VM that you will then need to deploy AD on. The second creates a VM that is joined to the domain created by running the first script. You will need some basic scripting knowledge and knowledge of the values that are required in relation to your subscription - only you will know these!

The brief overall instructions are:
1. Install Powershell 0.6.19 (until the issue mentioned above is fixed).
2. Create, upload to your Azure subscription and install locally a suitable certificate (not required if the above issue is resolved)
3. Get your Azure publish.settings file by following this link:

Once you have all of this you are ready to configure your PowerShell scripts. The first script is split into three sections. The first is where you will need to configure:
1. The path to the Azurepsd1 file (if its not as per the default location).
2. Your certificate and its thumbprint (you get this from the Azure portal in SETTINGS>MANAGEMENT CERTIFICATES. You also need to have installed the certificate locally in the local personal certificate store.
3. The path to your publish.settings file you got in step 3 above.
4. Define your subscription name and storage account using the $Storage variable

The second section is where you will define all of the variables related to your Azure subscription and the VM your are creating, these include:
1. DNS Service name
2. VMName
3. Azure Windows OS Image (these change frequently and a current list can be retrieved by running Get-AzueVMImage, then paste into the scrip the image you want.
4. Affinity Group
5. Virtual Network and Subnet
6. Cloud Service
7. Password for a local user account
8. VMSize

The third section has the PowerShell commands used in conjunction with the variable settings to build your VM.

Once you have specified all of these variables then you can paste the scrip into the PowerShell ISE and press enter. If the text turns white it is all good to go, and you will be prompted to enter a username. This username is for a local account on the VM that you will use to connect over RDP, with the password specified in the script. PowerShell will then connect to the Azure API and configure your VM. You then need to follow the instructions in to configure AD.

Once you have done this then you are ready to add VM's to that domain as part of the provisioning process. This requires the second script.

This script requires many of the same variable as script one, so just copy them in where appropriate. The one different variable that you need to set is $myDNS, this needs to be the AD and DNS server that you have created using the first script and have manually deployed AD and DNS.

Once you have the variables configured correctly, again just copy and paste it into the PowerShell ISE and it will create you a VM that is automatically joined to your Windows VM hosted Active Directory. If you want to deploy additional Domain joined VM's just change the variable that need to be unique such as VMName and run it again, saving you alot of time.


Popular posts from this blog

Reassign a WVD Personal Session Host

AVD and Azure Active Directory Domain Join public preview

How to deploy a Windows Virtual Desktop host pool using Infrastructure as code from Azure DevOps