VMSS registration in Custom DNS

Question

We’re creating a VMSS and we use a custom DNS with extending AD from on-premises, but we are not sure how to register the VMs as the scale set scales out, in azure DNS we can create a private zone and use auto registration but not with our custom DNS.

Answer 1

• Considering that you have registered your custom DNS in Azure successfully, and now you want to replicate your on-premises infrastructure in Azure given the options of continuous availability and scalability, you are deploying VMSS (Virtual Machine Scale Set) for that purpose. Thus, to service your applications deployed on them and better security, I would suggest you deploy AADDS (Azure Active Directory Domain Services) in your tenant in Azure and synchronize the domain data from on-premises to the AADDS by extending it in here.

Hence, once the ADDS service and its roles are setup successfully using the custom DNS that you have setup in Azure, you should be able to Azure AD domain join the VMSS deployed. Thus, after domain joining the VMSS, its DNS records will be automatically managed by the AADDS role internally in your Azure AD tenant.

To enable domain joining for the VMSS successfully, you will have to add an extension like a normal VM through powershell as below. You will have to replace the ‘user, domain, ou path and password’ and it should work fine: -

   $Settings = @{
    "Name" = "yourdomain.onmicrosoft.com";
    "User" = "DOMAIN\USERNAME";
    "Restart" = "true";
    "Options" = 3;
    "OUPath" = "OU=TEST,OU=My Computers,DC=yourdomain,DC=onmicrosoft,DC=com"
}

$password = 'SomeReallyComplexPassword'

$ProtectedSettings =  @{
        "Password" = $password
}

$rgName = "yourgname"
$scaleSetName = "yourvmssname"
$vmss = Get-AzureRmVmss -ResourceGroupName $rgName -VMScaleSetName $scaleSetName
$vmss = Add-AzureRmVmssExtension -VirtualMachineScaleSet $vmss -Publisher "Microsoft.Compute" -Type "JsonADDomainExtension"  -TypeHandlerVersion 1.3  -Name "vmssjoindomain" -Setting $Settings -ProtectedSetting $ProtectedSettings -AutoUpgradeMinorVersion $true
Update-AzureRmVmss -ResourceGroupName $rgName  -Verbose -Name $scaleSetName -VirtualMachineScaleSet $vmss

After adding this extension, any existing servers deployed in the VMSS will have to upgrade their model to use this extension while the new ones will use it when they are deployed with it. You will need to execute the below powershell command to ensure that further extensions can be added to the VMSS: -

 az vmss update-instances --resource-group yourrgname --name yourvmssname --instance-ids *

Thus, in this way, you can ensure that your VMs in the VMSS get registered with the custom DNS that you have setup in your Azure tenant.