Best Way to Un-Domain Join Azure VMs from AD on Deletion?

Question

Hi,

This question is AD related vs. Azure AD. If I should ask somewhere else please let me know. I have an Azure JSON template that uses the JsonADDomainExtension extension to automatically domain join VMs as new VMs are created. We have a Service Account that is used to perform the domain join. My question is - what is the best way to remove (un-domain join) the VMs from AD when a VM needs to be deleted. Should I write a PowerShell script to un-domain join a VM and then delete it? If so, can someone point me to the appropriate PowerShell commands - unfortunately I am no AD expert.

Thanks,

Jonathan

Answer 1

If you are running Windows versions on the Azure VM, you may refer to the steps mentioned here - https://cloudpuzzles.net/2015/03/disconnecting-a-windows-10-device-from-azure-ad/

---------------------------------------------------------------------------------------------------
Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

Answer 2

Hi Neelesh, Thanks for the response. However, I am looking for an automated way of doing this so that my users only have to run a script and the VM is automatically removed from AD.

Thanks,

Jonathan

Answer 3

There's not really a way to trigger something on deletion of a VM if you just do it straight from the portal or the CLI. You would need to script your own deletion process that deleted the VM and then removed it from AD, and have your users run this. Obviously this script needs to be able to talk to to teh domain controller to remove it, so maybe have this run via Azure Automation using a hybrid worker on your vnet.

The other option is just not bother deleting the computer object at VM deletion time and instead run regular clean up against AD to remove old objects.

---

Sam Cogan Microsoft Azure MVP
Blog | Twitter