Add Azure Server 2016 Nano to your Active Directory

Ok, so adding a Nano server to your on premise active directory is not as straight forward as you might like, but of course there’s no GUI so what did you expect? The process is not the same as adding server core to your domain, as it can only be managed remotely, you must first connect to the machine using winRM / PowerShell, and perform a three stage operation to join the Azure Nano machine to your domain.

Of course, you’ve already set up your site to site VPN with Azure? No – I haven’t blogged about it yet! Of course, because you’ve read my blog post about that too! It is straight forward enough though, follow the instructions provided, and check your NAT, but other than that it’s a breeze.

First you must deploy your Nano from the azure portal, I’m not going to go through this part here, most of the blogs I’ve seen on the azure portal are out of date or relate to the classic portal, and with a major server OS release having just happened I expect there will probably be more changes to the azure portal, so I’m going to leave that but for now.

Stage one: Connect to the Azure Nano Server using powershell

Open PowerShell locally and start winRM

PS C:\WINDOWS\system32> net start winrm

The Windows Remote Management (WS-Management) service is starting.

The Windows Remote Management (WS-Management) service was started successfully.

You then need to configure your trusted hosts list for winRM (more info on this here).

Set-Item WSMan:\localhost\Client\TrustedHosts -Value ""

You’ll then get a warning telling you that you are modifying the Trusted Host list – you want to click yes:

Yes, I'm using ISEYou can then actually connect to your Nano with Enter-PSSession, using the credentials you used to create the machine in Azure

Enter-PSSession -ComputerName "" -Credential WAN02ADC01PV\svradmin

And You’re IN!

Stage two: Setting things up

So you now need to change the DNS server to be one of your own domains:

netsh interface ip set dnsservers name="Ethernet" static primary

Microsoft have turned the firewall on the Nano on by default, and you will need to enable the firewall ports for file and print services to be able to transfer the file you will create in the next stage: adding it to your domain.

netsh advfirewall firewall set rule group=”File and Printer Sharing” new enable=yes

Stage thee: Joining to the domain

Ok, we’re done here for now. Over to your domain joined server, you need to use djoin , which will put the machine into AD and spit out a file for you to import into the Nano, run this command from your desktop to make your life easy, as it the file is generated in the directory it is run from! it looks a little something like this:

C:\Users\madmin\Desktop>djoin.exe /provision /domain WEARENOTHING.COM /machine WAN02ADC01PV /savefile .\WAN02ADC01PV-DOMAIN

Of course, you’ve figure out by now you’re supposed to change the red values to your own, and that is the Nano’s IP, you

Ok, now map a drive to the c$ share on the Nano,

NET USE x: "\\\c$"

create a folder on the Nano called temp, and copy the file you generated into it, then in the remote PS session, finish it off:

djoin /requestodj /loadfile c:\temp\WAN02ADC01PV-DOMAIN /windowspath c:\windows /localos

You will then see:

Loading provisioning data from the following file: [c:\temp\WAN02ADC01PV-DOMAIN].
The provisioning request completed successfully.
A reboot is required for changes to be applied.

The operation completed successfully.

You will then need to seal the deal with a remote reboot:

shutdown /r

You’re done, it is added, you can now manage it using your domain credentials, and it can be added to server manager, although I don’t believe you will be able to add role and features to it this way, but this may change, who knows.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.