{"id":16202200,"url":"https://github.com/francedot/azure-devtestlab-activedirectoryjoin","last_synced_at":"2025-09-06T11:33:21.564Z","repository":{"id":51330248,"uuid":"267035454","full_name":"francedot/azure-devtestlab-activedirectoryjoin","owner":"francedot","description":null,"archived":false,"fork":false,"pushed_at":"2021-05-14T20:33:10.000Z","size":254,"stargazers_count":1,"open_issues_count":5,"forks_count":5,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-12-29T07:04:07.307Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://azure.microsoft.com/en-us/services/lab-services/","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/francedot.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-05-26T12:22:10.000Z","updated_at":"2020-10-16T18:07:40.000Z","dependencies_parsed_at":"2022-09-05T18:12:33.314Z","dependency_job_id":null,"html_url":"https://github.com/francedot/azure-devtestlab-activedirectoryjoin","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/francedot%2Fazure-devtestlab-activedirectoryjoin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/francedot%2Fazure-devtestlab-activedirectoryjoin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/francedot%2Fazure-devtestlab-activedirectoryjoin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/francedot%2Fazure-devtestlab-activedirectoryjoin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/francedot","download_url":"https://codeload.github.com/francedot/azure-devtestlab-activedirectoryjoin/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":232121442,"owners_count":18475558,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-10T09:46:12.818Z","updated_at":"2025-01-01T19:47:56.760Z","avatar_url":"https://github.com/francedot.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Azure Lab Services - Active Directory Domain Join\n\nThese scripts can be used to join Lab Services VMs to an Active Directory Domain.\nVMs can be joined to:\n- **On-premises AD Domains**\n- **Hybrid AD Domains**: An on-prem AD which is connected to an Azure Active Directory through [Azure AD Connect](https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-prerequisites). AD Domain Services is installed on a on-prem server. Applies also to federated domains.\n- **Azure AD DS Domains**: For full-cloud AD (Azure AD + Azure AD DS) or Hybrid AD with secondary Domain Services on Azure.\n\n## Prerequisites\n1) 2 options:\n    * Wire up your on-prem Domain Controller network to an Azure VNet, either with a [site-to-site VPN gateway](https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways) or [ExpressRoute](https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction).\n    * Create a secondary managed domain on top of your on-prem one with [Azure AD DS (PaaS)](https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-create-instance).\n2) [Peer the Lab Account](https://docs.microsoft.com/en-us/azure/lab-services/classroom-labs/how-to-connect-peer-virtual-network) with the connected VNet.\n3) Create a new Lab (Labs created prior to the VNet peering are not supported). Enable the option **Use same password for all virtual machines**.\n4) On the Template VM:\n    * Install the [Azure PowerShell Module](https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-2.8.0)\n    * Connect to your Azure Account: ```Connect-AzAccount```\n    * Set the default subscription to the one of the Lab Account: ```Select-AzSubscription -SubscriptionID \u003cSUB_ID\u003e```\n\n## Usage\n\nFrom the Template VM:\n\n```powershell\n$DomainServiceAddress = '\u003cPRIMARY_DS_IP\u003e','\u003cSECONDARY_DS_IP\u003e'\n$Domain = \"contosounilab.com\"\n$LocalUser = \"localuser\"\n$DomainUser = \"domainuser@contosounilab.com\"\n$LocalPassword = \"\u003cLOCAL_PASSWORD\u003e\"\n$DomainPassword = \"\u003cDOMAIN_PASSWORD\u003e\"\n\n. \".\\Join-AzLabADTemplate.ps1\" `\n    -DomainServiceAddress $DomainServiceAddress `\n    -Domain $Domain `\n    -LocalUser $LocalUser `\n    -DomainUser $DomainUser `\n    -LocalPassword $LocalPassword `\n    -DomainPassword $DomainPassword `\n    -EnrollMDM\n```\n\n### Parameters\n\n#### ***DomainServiceAddress***\n1 or more IP addresses of the Servers where AD DS is installed.\n\n*For on-prem AD DS Servers:*\n![On-prem AD DS](./img/On-prem%20AD%20DS%20Server.png)\n\n*For Azure AD DS (PaaS):*\n![Azure AD DS (PaaS)](./img/Azure%20AD%20DS.png)\n\n#### ***Domain***\nName of the AD domain (e.g. contoso.com).\n\n#### ***LocalUser***\nLocal Account name for the Template VM (the one specified at Lab creation).\n\n#### ***DomainUser***\nDomain Account name (e.g. CONTOSO\\frbona or frbona@contoso.com). The account must have permissions to add computers to the AD domain.\n\n#### ***LocalPassword***\nLocal Account password for the Template VM (the one specified at Lab creation).\n\n#### ***DomainPassword***\nDomain account password.\n\n#### ***EnrollMDM***\n(Optional) Whether to enroll the VMs to Intune (for Hybrid AD only).\n\n## Template VM\n### ***Join-AzLabADTemplate***\nMain script to be run from the Template VM. It gets details on the currently running Template VM and Lab. It then schedules the scripts chain starting with ***Join-AzLabADStudent_RenameVm.ps1*** and publishes the Lab.\n\n**Note**: Only the Student VMs are domain-joined. Template VM is used to run the ***Join-AzLabADTemplate.ps1*** script and trigger the next chain of scripts in the Student VMs.\n\n## Scripts Chain\n### ***Join-AzLabADStudent_RenameVm (step I)***\nGets the details on the currently running Student VM and renames the computer with a unique name. It then schedules the startup script ***Join-AzLabADStudent_JoinVm.ps1*** to run at next boot.\n\n### ***Join-AzLabADStudent_JoinVm (step II)***\nUpdates the DNS settings based on the Domain Services address/es and performs the actual join of the computer to the domain. It then schedules the startup script ***Join-AzLabADStudent_AddStudent.ps1*** to run at next boot.\n\n### ***Join-AzLabADStudent_AddStudent (step III)***\nChecks whether the VM has been claimed by a student and eventually adds the student to the local RDP group.\n\n### ***Join-AzLabADStudent_EnrollMDM (step IV)***\nChecks the device is Azure AD joined. If so, it enrolls the VM to Intune using the user AAD credentials.\n\n**Note**: Applies only to Hybrid AD joined devices. Student must be assigned a valid Intune license. Other requirements for Intune can be found [here](https://docs.microsoft.com/en-us/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy#verify-auto-enrollment-requirements-and-settings). \n\n### ***Set-AzLabADVms (optional)***\nOptional script to be run from the Template VM. It spins up all the VMs leaving enough time for the domain join scripts to be executed before shutting down the VMs.\n\n### ***Utils.ps1***\nUtility functions and extensions to the Az.LabServices module.\n\n## Notes\n- The script currently supports only Windows 10.\n- The domain join happens at the first boot of the Student VM. Approximately 2-3 minutes are required for the scripts to execute.\n- Both unclaimed and claimed VMs are joined to the AD domain. For claimed VMs, students can use their university credentials. They can still use the local account credentials if professors provide those credentials.\n- At Lab creation, enabling the option **Use same password for all virtual machines** is preferable. This way, students are not prompted to pick a new password and can use straightaway their university credentials.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffrancedot%2Fazure-devtestlab-activedirectoryjoin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffrancedot%2Fazure-devtestlab-activedirectoryjoin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffrancedot%2Fazure-devtestlab-activedirectoryjoin/lists"}