Home » Automation » Azure » Cloud » Build Domain Controller with AD Tenant in 60 minutes - Azure

Build Domain Controller with AD Tenant in 60 minutes - Azure

in , , - on Wednesday, November 02, 2016 - No comments
 “Infrastructure as code” true power of Microsoft Azure Cloud. Here I sketched a single file use to Install a domain controller in Microsoft Azure with provision of an Azure AD Tenant. You need to define all parameters first. All AD Groups, AD Test users, AD Members and AD OUs are present in attached .csv files. I passed the example parameters in script. Script will do following in sequence shown below based on your parameters
·        Storage Account
·        Virtual Network and Subnet
·        Cloud Service
·        Virtual Machine
·        Domain and Tenant

Since i am in New Zealand so, i mentioned my closest Microsoft data center location "Australia East" in script everywhere. Place all files in one folder for example in my case all files residing at location in folder C:\DC\
DC is folder name here, all files with given below names are attached
--------------------------------------------------------------------------------------
File to create domain controller: DomainController.ps1
File to create VNet and Subnet: CreateVNetSubNet.xml
File to create AD Groups: AD_Groups.csv
File to create AD members: AD_Members.csv
File to create AD OUs: AD_OUs.csv
File to create AD Users: AD_Users.csv
--------------------------------------------------------------------------------------

Click here to download all files.

Write-Host "*****************************************************************"
#Define your all Parameters below "
Write-Host "*****************************************************************"
Write-Host "****************** Start of Parameters **************************"
$subscription = "mention your subscription"
Write-Host "subscription:"$subscription
$Location= "Australia East"
Write-Host "Location:"$Location
$CloudServiceName ="mytestdomaincontrollercloudservice001"
Write-Host "Cloud Service Name:"$CloudServiceName
$Label="mytestdomaincontrollercloudservice001"
Write-Host "Label:"$Label
$storage = "mystrgacc8807"
Write-Host "Storage Account Name:"$storage
$VirtualNetworkName = "mytestvnet"
Write-Host "Virtual Network Name:"$VirtualNetworkName
$SubnetName = "subnet1"
Write-Host "Subnet Name:" $SubnetName
$VirtualMachineName = "MyTestVMforAD1"
Write-Host "Virtual Machine Name:" $VirtualMachineName
$VirtualMachineAdminstrator = "tariqyounasadmin"
Write-Host "Virtual Machine Admin:" $VirtualMachineAdminstrator
$VMPassword = 'MyTestPa$$word123'
Write-Host "VM Password:" $VMPassword
$NetBIOSDomainName = "TARIQDomain"
Write-Host "Net BIOS Name:"$NetBIOSDomainName
$DomainName = "TARIQYOUNAS.com"
Write-Host "Domain Name:"$DomainName
$size = "Medium"
Write-Host "Size:"$size
Write-Host "****************** End of Parameters ***************************"
$secPwd = (ConvertTo-SecureString $VMPassword -AsPlainText -Force)
$VirtualMachineCredentials = new-object pscredential($VirtualMachineAdminstrator, $secPwd)
$ADsyncToolSource = "https://go.microsoft.com/fwLink/?LinkID=278924"
#Note: Do not mention D:\ as its temporary drive in Azure VM
$ToolDownloadLocationAtVM = "F:\dirsync.exe"
$PowerShellSessionForDC = $null
$SessionOption = New-PSSessionOption -SkipCACheck -SkipCNCheck
Write-Host "*****************************************************************"
Write-Host "************ Creating Virutal Network and Subnets ***************"
Set-AzureVNetConfig -ConfigurationPath "C:\DC\CreateVNetSubNet.xml"
Write-Host "***************** Creating Cloud Service ************************"
New-AzureService -ServiceName $CloudServiceName -Location $Location -Label $Label
Write-Host "***************** Creating Storage Account **********************"
New-AzureStorageAccount -StorageAccountName $storage -Location $Location
Write-Host "*****************************************************************"
Import-Module -Name "C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ServiceManagement\Azure\Azure.psd1"
Set-AzureSubscription -SubscriptionName $subscription -CurrentStorageAccountName $storage
Select-AzureSubscription -SubscriptionName $subscription
$AzureVMImage = (Get-AzureVMImage | where ImageFamily -eq "Windows Server 2012 R2 Datacenter" | Sort-Object PublishedDate -Descending)[0].ImageName
Write-Host "***************** Creating new VM **********************"
New-AzureVMConfig -Name $VirtualMachineName -InstanceSize $size -ImageName $AzureVMImage |
Add-AzureProvisioningConfig -AdminUserName $VirtualMachineAdminstrator -Windows -Password $VMPassword |
Set-AzureSubnet -SubnetNames $SubnetName |
Add-AzureDataDisk -CreateNew -HostCaching None -DiskLabel 'NTDS' -DiskSizeInGB 10 -LUN 0 | New-AzureVM -ServiceName $CloudServiceName -VNetName $VirtualNetworkName -WaitForBoot
$AzureVMImageURI = Get-AzureWinRMUri -ServiceName $CloudServiceName -Name $VirtualMachineName
$PowerShellSessionForDC = New-PSSession -ErrorAction SilentlyContinue -SessionOption $SessionOption -ComputerName $AzureVMImageURI.DnsSafeHost -Credential $VirtualMachineCredentials -Port $AzureVMImageURI.Port -UseSSL
Write-Host "-- Promoting VM to Domain Controller --."
Invoke-Command -Session $PowerShellSessionForDC -ScriptBlock {
param($DomainName, $NetBIOSDomainName, $secPwd)
Write-Host " Initializing and formatting raw disk."
Get-Disk |
Where PartitionStyle -eq 'raw' |
Initialize-Disk -PartitionStyle MBR -PassThru |
New-Partition -UseMaximumSize -DriveLetter F |
Format-Volume -FileSystem NTFS -NewFileSystemLabel 'NTDS' -Confirm:$false -Force
Write-Host "-- Installing AD Domain Services --"
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
Write-Host " Creating new AD Forest."
Import-Module ADDSDeployment
Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath "F:\NTDS" -DomainMode "Win2012R2" -DomainName $DomainName -DomainNetbiosName $NetBIOSDomainName -ForestMode "Win2012R2" `
-SafeModeAdministratorPassword $secPwd -InstallDns:$true -LogPath "F:\NTDS" -NoRebootOnCompletion:$false -SysvolPath "F:\SYSVOL" -Force:$true -WarningAction SilentlyContinue
} -ArgumentList @($DomainName, $NetBIOSDomainName, $secPwd)
Write-Host "-- VM will reboot now --"
Remove-PSSession $PowerShellSessionForDC
$PowerShellSessionForDC = $null
Write-Host "-- Importing CSV files from your location --"
$OUsFile = Import-CSV -Path "C:\DC\AD_OUs.csv"
$UsersFile = Import-CSV -Path "C:\DC\AD_Users.csv"
$GroupsFile = Import-CSV -Path "C:\DC\AD_Groups.csv"
$MembersFile = Import-CSV -Path "C:\DC\AD_Members.csv"
Write-Host "Trying to re-establish the PowerShell session to the Domain Controller."
do {
$PowerShellSessionForDC = New-PSSession -ErrorAction SilentlyContinue -SessionOption $SessionOption -ComputerName $AzureVMImageURI.DnsSafeHost -Credential $VirtualMachineCredentials -Port $AzureVMImageURI.Port -UseSSL
if ($PowerShellSessionForDC -eq $null) {
Start-Sleep -Seconds 15
}
} until ($PowerShellSessionForDC -ne $null)
Invoke-Command -Session $PowerShellSessionForDC -ScriptBlock {
param($ADsyncToolSource, $ToolDownloadLocationAtVM)
Install-WindowsFeature -Name Net-Framework-Core
Write-Host " Downloading DirSync."
Invoke-WebRequest -Uri $ADsyncToolSource -OutFile $ToolDownloadLocationAtVM
} -ArgumentList @($ADsyncToolSource, $ToolDownloadLocationAtVM)
Invoke-Command -Session $PowerShellSessionForDC -ScriptBlock {
param($OUsFile, $UsersFile, $GroupsFile, $MembersFile)
Write-Host "-- Importing OU's --"
$OUsFile | New-ADOrganizationalUnit
Write-Host "-- Importing Users --"
Foreach ($user in $UsersFile) {
New-ADUser -GivenName $user.GivenName -Surname $user.Surname -Initials $user.Initials -DisplayName $user.DisplayName -Name $user.Name -SamAccountName $user.SamAccountName -UserPrincipalName $user.UserPrincipalName -AccountPassword (ConvertTo-SecureString $user.AccountPassword -AsPlainText -Force) -PasswordNeverExpires $True -ChangePasswordAtLogon $False -Enabled $True -Path $user.Path
}
Write-Host "-- Importing Groups --"
$GroupsFile | New-ADGroup
Write-Host "-- Adding Users --"
Foreach ($member in $MembersFile) {
Add-ADGroupMember -Identity $member.Identity -Members (Get-ADUser $member.Members)
}
} -ArgumentList @($OUsFile, $UsersFile, $GroupsFile, $MembersFile)
Write-Host "WOW, its Completed!"
view raw CreateDomainController.ps1 hosted with ❤ by GitHub

Here are steps to execute scrip with mentioned files.

1. Open PowerShell ISE with Administrator Account 
2. Add-Azure Account as shown below




3. Pass Azure Account Credentials in prompt window
4. Run command Get-AzureSubscription in order to see subscription is valid or not



5. Select the DomainController.ps1 from location C:\DC\ and open in PowerShell


  

6. Run the script and it will look like below, note script is start executing in sequence



7. Here you can see the progress

8. After completion of above following will be created



9. Click on VM i.e "MyTestVMforAD"

10. Press "Connect" to take session




11. After log-in, go to server administrative tools and click "Active Directory Users and Computers"




12. WOW, domain controller has been provisioned and users imported :)





Labels: , ,