We've been experimenting with Virtual Machine Scalesets (VMSS) within Azure. These allow you to dynamically add multiple copies of the 'same' machine to a 'group' so you can scale up to address peaks in load and then scale back down again. The simple use case always being the ecommerce site where you want more webservers running on black friday for example.
Now if you were doing a greenfield setup i doubt you would use scalesets there a better approaches when you are not constrained by legacy code, but VMSS addresses the cases where you have an IaaS installed application that you want to easily scale on demand.
We've now built a few and a key thing i wanted to share was how you can auto domain join windows machines when the VMSS is scaled up - this needs to be handled automatically as the machine does not exist beforehand its dynamically built from a previously created image.
I couldn't find an example online that actually worked - i ended up finding one that nearly worked and then 'fixed' it - the main issue being the password and the fact it seems to require a simple string format and not a securestring one - or perhaps it's my lack of powershell understanding at fault here.
To enable the domain join we can just add an extension (much like you would for a normal VM), as with a normal VM this particular one is not accessible via the web portal and has to instead be implemented using powershell.
The code below can be run in cloud shell - just update the appropriate settings for user/domain/oupath/password and it will work fine. In this case using managed AADDS rather than traditional AD - so I'm sure normal AD would also work fine.
$Settings = @{ "Name" = "yourdomain.onmicrosoft.com"; "User" = "DOMAIN\USERNAME"; "Restart" = "true"; "Options" = 3; "OUPath" = "OU=TEST,OU=My Computers,DC=yourdomain,DC=onmicrosoft,DC=com" } $password = 'SomeReallyComplexPassword' $ProtectedSettings = @{ "Password" = $password } $rgName = "yourgname" $scaleSetName = "yourvmssname" $vmss = Get-AzureRmVmss -ResourceGroupName $rgName -VMScaleSetName $scaleSetName $vmss = Add-AzureRmVmssExtension -VirtualMachineScaleSet $vmss -Publisher "Microsoft.Compute" -Type "JsonADDomainExtension" -TypeHandlerVersion 1.3 -Name "vmssjoindomain" -Setting $Settings -ProtectedSetting $ProtectedSettings -AutoUpgradeMinorVersion $true Update-AzureRmVmss -ResourceGroupName $rgName -Verbose -Name $scaleSetName -VirtualMachineScaleSet $vmss
After that extension is added any existing servers will need to have the model upgraded to activate the extension - but any new servers will instantly pick it up.
(small addition in here - while the above method works fine - any further extensions will ot add until the following is explicitly run
az vmss update-instances --resource-group yourrgname --name yourvmssname --instance-ids *
)
In the portal the extension looks like this:
You can see a little more info by drilling in to each instance where it shows this
The new servers all then get put in the right OU automatically, all domain services are available and group policies etc can flow down to the scaleset machines - all very neat.
Good Day!
ReplyDeleteSuperb Explanation.
have few questions
1. i have deployed 2 win server as vmss
- i have already manually joined domain the 2 instances , but now when i want it to scale out i wanted it to automatically join domain. how can i achieve this. please guide me.
2. i have another 2 machines to deploy as vmss , havent done this, wanted to use an extention when it deployed it should auto domain join.
* thanks in advance
regards
Ram
tincaconi Donald Langford https://wakelet.com/wake/z3B9QVJz3xmn8WTbLO-R8
ReplyDeletetokaridreels