This template will create an Active Directory forest with 1 Domain, with 2 Domain Controlers. Two other VMs are created, which can then be joined to that domain semi-manually. Both push and pull configuration are used to showcase the differences.
In total, the template creates the following Azure Resources:
- A resource group
- A VNET
- 2 Subnets (Azure Bastion and 1 for all other VMs)
- An availability set
- 4 Virtual machines
- Two domain controllers, configured with DSC Push
- Two VMs, configured with DSC Pull
- An automation account
- Two variables (dscDNSServer and dscDomainName)
- A shared credentail (dscDomainAdmin)
- 1 DSC Configuration (timezone, non compiled)
- 1 Node configuration (timezone.local, compiled file)
- 1 Public IP for the Bastion
- The Bastion itself
Installing Terraform
On Windows, Chocolatey is preferred to install Terraform and Git.
- Open your terminal and run
az login. If your account is related to multiple tenants, runaz login -t <tenantname> - Set your account context to the correct subscription
az account set -s <subscriptionid> - Run
terraform init - Run
terraform planto view the changes - Run
terraform applyif everything looks correct, then typeyesto confirm
-
Upload the
JoinDomain.ps1script to the DSC Configurations -
Compile the config In powershell execute the following
$ConfigData = @{ AllNodes = @( @{ NodeName = 'localhost' PSDscAllowPlainTextPassword = $True PSDscAllowDomainUser = $True } ) } Start-AzAutomationDscCompilationJob -ResourceGroupName 'dc-demo' -AutomationAccountName 'aa-demo' -ConfigurationName 'ComputerJoinDomain' -ConfigurationData $ConfigData
-
Assign Nodes to the compiled configuration
Terraform might complain that the module already exists, run the below command to import the existing module. (replace the 3 variables)
terraform import 'azurerm_automation_module.dsc_modules[\"ComputerManagementDsc\"]' /subscriptions/<sub-id>/resourceGroups/<rg-name>/providers/Microsoft.Automation/automationAccounts/<aa-name>/modules/ComputerManagementDsc