CoreWeave
Search…
Provision an Active Directory Domain Controller
Objective: Spin up a Windows Server and Active Directory Domain on CoreWeave Cloud. Overview: This process consists of deploying a Windows Server 2019 Virtual Server in your namespace with a static, internal only IP. We will also highlight creating a domain with the appropriate DNS configurations, and the attributes needed to join additional Virtual Servers in your namespace, to your Active Directory domain.

Create Primary Domain Controller Virtual Server

Be sure to review Getting Started and the kubectl Virtual Server deployment method before starting this guide.
We'll start out using this Virtual Server manifest to create a Windows Server 2019 Virtual Server in our Chicago datacenter:
k create -f virtual-server-windows-internal-ip-only.yaml
YAML
virtual-server-windows-internal-ip-only.yaml
1
apiVersion: virtualservers.coreweave.com/v1alpha1
2
kind: VirtualServer
3
metadata:
4
name: vs-pdc
5
spec:
6
region: ORD1
7
os:
8
type: windows
9
resources:
10
cpu:
11
# Reference CPU instance label selectors here:
12
# https://docs.coreweave.com/resources/resource-based-pricing#cpu-only-instance-resource-pricing
13
type: amd-epyc-rome
14
count: 4
15
memory: 16Gi
16
storage:
17
root:
18
size: 80Gi
19
storageClassName: block-nvme-ord1
20
source:
21
pvc:
22
namespace: vd-images
23
# Reference querying source image here:
24
# https://docs.coreweave.com/virtual-servers/root-disk-lifecycle-management/exporting-coreweave-images-to-a-writable-pvc#identifying-source-image
25
name: winserver2019std-master-20210819-ord1
26
# Change user name and pasword
27
users:
28
- username:
29
password:
30
network:
31
directAttachLoadBalancerIP: true
32
public: false
33
initializeRunning: true
Copied!
This configuration creates a CPU only instance with a static internal IP - no public facing address, as we typically do not want Domain Controllers exposed publicly.
We can monitor the Virtual Server spinning up with k get pods --watch
Output of k get pods --watch
Once our VS has reached "Running" status, we can get an External IP to connect to it with k get vs
Output of k get vs
Allow ~5 minutes after "Running" status for the Virtual Server to complete initial start procedures.

Install and Configure Domain Services

Once our Virtual Server is up and running, we'll connect using SSH with the Internal IP provided by k get vs. One can also connect using RDP if a graphical interface is preferred.
Using the below PowerShell script, we'll install and configure the Domain Services role:
PowerShell
cw_adds_setup.ps1
1
$DomainName = Read-Host -Prompt "Enter desired Domain Name"
2
$Tenant = Read-Host -Prompt "Enter CoreWeave tenant name"
3
4
winrm quickconfig -q
5
6
Add-WindowsFeature AD-Domain-Services -IncludeManagementTools
7
8
Import-Module ADDSDeployment
9
Install-ADDSForest `
10
-CreateDnsDelegation:$false `
11
-DatabasePath "C:\Windows\NTDS" `
12
-DomainMode "WinThreshold" `
13
-DomainName "$($DomainName).$($Tenant).svc.tenant.chi.local" `
14
-DomainNetbiosName $($DomainName) `
15
-ForestMode "WinThreshold" `
16
-InstallDns:$true `
17
-LogPath "C:\Windows\NTDS" `
18
-NoRebootOnCompletion:$false `
19
-SysvolPath "C:\Windows\SYSVOL" `
20
-Force:$true
21
Copied!
We'll add the script to our server:
Pasting cw_adds_setup.ps1 in over SSH
Once executed, follow the prompts. You'll be asked to provide:
  • Domain Name
    • This will be the name of your Active Directory Domain
  • CoreWeave Tenant Name
    • This is your CoreWeave tenant - usually tenant-<orgname>-<namespace>
    • This will be used to integrate your DNS Suffix with Kubernetes Core DNS
  • SafeModeAdministratorPassword
    • Used for Directory Services Restore Mode
After executing the script, the server will automatically reboot as part of the ADDS deployment.
Note the relevant details from this example:
  • Domain Name: AD
  • Search Realm: ad.tenant-orgname-namespace.svc.tenant.chi.local
  • PDC/DNS Server IP: 10.135.123.123
  • PDC FQDN: vs-pdc.ad.tenant-orgname-namespace.svc.tenant.chi.local

Join a Windows Virtual Server

After provisioning another Windows Virtual Server in our namespace, we need to set its DNS server to point to our PDC:
PowerShell
1
Set-DnsClientServerAddress -InterfaceAlias 'Ethernet' -ServerAddresses 10.135.123.123
Copied!
We can then join the domain:
PowerShell
1
Add-Computer -DomainName ad.tenant-orgname-namespace.svc.tenant.chi.local
Copied!
You will be prompted for credentials - the user account will need to have domain join permissions on your domain.
After rebooting, your Windows Virtual Server will now be joined to your Active Directory Domain.
Confirm connectivity by performing a policy update:
Group Policy update

Adding a secondary Domain Controller

To create an additional domain controller, spin up a new Virtual Server as an additional DC, and join it to your existing domain.
Ensure you reboot after joining your Virtual Server to the domain, as well as perform a policy update.
Using the below PowerShell script, we'll install the Domain Services role and configure the DC:
PowerShell
cw_addc_setup.ps1
1
$DomainName = Read-Host -Prompt "Enter Domain Name"
2
$Tenant = Read-Host -Prompt "Enter CoreWeave tenant name"
3
Write-Host "Ensure to precede username with $($domainname+'\')" -ForegroundColor Red -BackgroundColor Black
4
$usr = Read-Host "Domain Admin UserName"
5
$passwd= Read-Host "Domain Admin Password" -AsSecureString
6
$cred = new-object System.Management.Automation.PSCredential($usr,$passwd)
7
8
winrm quickconfig -q
9
10
Add-WindowsFeature AD-Domain-Services -IncludeManagementTools
11
12
Import-Module ADDSDeployment
13
Install-ADDSDomainController `
14
-NoGlobalCatalog:$false `
15
-CreateDnsDelegation:$false `
16
-Credential $cred `
17
-CriticalReplicationOnly:$false `
18
-DatabasePath "C:\Windows\NTDS" `
19
-DomainName "$($DomainName).$($Tenant).svc.tenant.chi.local" `
20
-InstallDns:$true `
21
-LogPath "C:\Windows\NTDS" `
22
-NoRebootOnCompletion:$false `
23
-SiteName "Default-First-Site-Name" `
24
-SysvolPath "C:\Windows\SYSVOL" `
25
-Force:$true
Copied!
Add the script to your VS:
Pasting cw_addc_setup.ps1 in over SSH
Once executed, follow the prompts. You'll be asked to provide:‌
  • Domain Name
    • The name of your existing Active Directory Domain
  • CoreWeave Tenant Name
    • This is your CoreWeave tenant - usually tenant-<orgname>-<namespace>
  • Domain Admin UserName and Password
    • An account on your domain in the "Domain Administrators" group
    • Be sure to enter this account with your domain name preceding, e.g. AD\Admin
  • SafeModeAdministratorPassword
    • Used for Directory Services Restore Mode
After executing the script, the server will automatically reboot as part of the ADDS deployment.
After rebooting, confirm your Domain Controller status with Get-ADDomainController:
Output of Get-AdDomainController
Last modified 2mo ago