How to configure cloud lab with Azure DevOps agent and domain controller in Terraform

Posted by Nikos Tsirmirakis on

In my previous post, I have described how to use Azure VM extensions. In this post, we will install and configure Azure DevOps agent and the domain controller for our cloud lab.

We will install our own Azure DevOps agent (aka VSTS agent) on Windows 2019 core. Microsoft is providing a cloud-based build agent which you can use for building your software however it will not meet our requirements in this case. We will need this agent to connect to our servers which are not available from the Internet and we won’t be able to achieve it with a cloud-based agent. All scripts are available in the DBAinTheCloud GitHub repository.

Installing the domain controller

This step is very similar to the script from my previous post with only a few changes. We will be installing the domain controller on Windows 2019 core edition on a smaller VM to reduce the footprint and decrease creation time. After creating the domain we will also create an additional user which we will use to run Azure DevOps agent service. Details you can see in a script below.

$password = $args[0]
$ado_password = $args[1]

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

Install-ADDSForest -DomainName winopsdba-demo7.local -InstallDNS -SafeModeAdministratorPassword (Convertto-SecureString -AsPlainText $password -Force) -Force

# add user to run service

New-ADUser ado_srv -AccountPassword (ConvertTo-SecureString $ado_password -AsPlainText -force) -PasswordNeverExpires $true -Enabled $true -passThru 

installing Azure DevOps agent

We will be installing Azure DevOps agent on Windows 2019 core edition To install it and register it with Azure DevOps we have to create an Agent pool and generate an authentication token. To generate a token and assign correct permissions please follow Microsoft documentation. We will be running our agent in a domain environment and we will be running it as a service with a domain account. More details and sample scripts can be found in Microsoft agent repository.

$hostname = $env:COMPUTERNAME

$service_password = $args[0]
$token = $args[1]

New-Item -Path "c:\maintenance" -ItemType Directory

Invoke-WebRequest -URI -OutFile c:\maintenance\

Expand-Archive -Path c:\maintenance\ -DestinationPath c:\maintenance\agent

$command = ".\config.cmd --unattended --pool 'dm7' --url '' --auth pat --token $($token) --agent $($hostname) --replace --runAsService --windowsLogonAccount 'winopsdba-demo7\ado_srv' --windowsLogonPassword '$($service_password)' --noRestart --acceptTeeEula"

Start-Process -FilePath "powershell" -WorkingDirectory "C:\maintenance\agent" -Verb RunAs -ArgumentList $command -Wait


After successfully running the scripts, you have created your own lab in the cloud with a domain controller and Azure DevOps agent. You will be able to see a new agent with an online status under the agent pool in Azure DevOps.

Coming next …

We will create VM with SQL server 2019 on Windows 2019, add it to the domain, customise SQL server and test it as a part of the deployment pipeline.