How to Deploy Azure Active Directory (AD) Domain Services (AADDS) with Terraform
Azure Active Directory Domain Services (Azure AD Domain Services) or AADDS is a managed Active Directory service. It provides domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication.
When we create an Azure AD DS managed domain, we define a unique namespace. This namespace is the domain name, such as kopicloud.com. Two Windows Server domain controllers (DCs) are deployed into our selected Azure region.
We don’t need to manage, configure, or update these DCs. The Azure platform handles the DCs as part of the managed domain, including backups and encryption at rest using Azure Disk Encryption.
Active Directory in Cloud Environments
This story is part of my Active Directory in Cloud Environments series.
I have been deploying Active Directory in AWS, Azure, GCP, and OCI cloud environments for +10 years. I have been using AD since Microsoft launched the public beta in 1999, so this is one of my favorite subjects to write about.
- How to Deploy AWS Directory Service using Terraform
- How to Deploy Active Directory (AD) Domain Controller (DC) Virtual Machine (VM) in Azure with Terraform
- How to Deploy Azure Active Directory (AD) Domain Services with Terraform (this story)
- Automating Microsoft AD and DNS with Terraform & KopiCloud AD API
- How to Create and Manage AD Users with Terraform
1. Requirements
To deploy Azure AD Domain Services, we will need the following:
- Create the AADDS Service Principal
- Define the Azure Provider
- Create a Resource Group for AADDS
- Create a VNET for AADDS
- Create a Subnet for AADDS
- Create an NSG (Network Security Group) to AADDS and attach it to the AADDS Subnet
- Create AD Admin Group
- Create an AD Admin User and add it to the AD Admin Group
- Deploy Azure AD Domain…
