Is it possible to add Active Directory to a windows container?
At my company we're currently developing a product which will eventually support authentication via OpenLDAP and Active Directory. We have configured a Windows Server 2016 and would like to create an isolated environment via windows containers to test our app in.
Unfortunately I am hitting a wall when it comes to installing/enabling the AD feature in the container. The error I'm receiving is:
Add-WindowsFeature : The request to add or remove features on the specified server failed.
The operation cannot be completed, because the server that you specified requires a restart.
At line:1 char:1
+ Add-WindowsFeature AD-Domain-Services
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : DeviceError: (@{Vhd=; Credent...Name=localhost}:PSObject) [Install-WindowsFeature], Exception
+ FullyQualifiedErrorId : DISMAPI_Error__Failed_Reboot_Required,Microsoft.Windows.ServerManager.Commands.AddWindowsFeatureCommand
Am I missing something or is this just not working?
This is my Dockerfile
FROM microsoft/windowsservercore
RUN powershell Get-WindowsFeature
RUN powershell -Command Add-WindowsFeature AD-Domain-Services
Full build log:
PS C:\windows-ad> docker build --no-cache -t win-test .
Sending build context to Docker daemon 2.56kB
Step 1/3 : FROM microsoft/windowsservercore
---> be84290c2315
Step 2/3 : RUN powershell Get-WindowsFeature
---> Running in 5e5f83bb2c86
Display Name Name
------------ ----
[ ] Active Directory Certificate Services AD-Certificate
[ ] Certification Authority ADCS-Cert-Authority
[ ] Certificate Enrollment Policy Web Service ADCS-Enroll-Web-Pol
[ ] Certificate Enrollment Web Service ADCS-Enroll-Web-Svc
[ ] Certification Authority Web Enrollment ADCS-Web-Enrollment
[ ] Network Device Enrollment Service ADCS-Device-Enrollment
[ ] Online Responder ADCS-Online-Cert
[ ] Active Directory Domain Services AD-Domain-Services
[ ] Active Directory Federation Services ADFS-Federation
[ ] Active Directory Lightweight Directory Services ADLDS
[ ] Active Directory Rights Management Services ADRMS
[ ] Active Directory Rights Management Server ADRMS-Server
[ ] Identity Federation Support ADRMS-Identity
[ ] Device Health Attestation DeviceHealthAttestat...
[ ] DHCP Server DHCP
[ ] DNS Server DNS
[X] File and Storage Services FileAndStorage-Services
[ ] File and iSCSI Services File-Services
[ ] File Server FS-FileServer
[ ] BranchCache for Network Files FS-BranchCache
[ ] Data Deduplication FS-Data-Deduplication
[ ] DFS Namespaces FS-DFS-Namespace
[ ] DFS Replication FS-DFS-Replication
[ ] File Server Resource Manager FS-Resource-Manager
[ ] File Server VSS Agent Service FS-VSS-Agent
[ ] iSCSI Target Server FS-iSCSITarget-Server
[ ] iSCSI Target Storage Provider (VDS and V... iSCSITarget-VSS-VDS
[ ] Server for NFS FS-NFS-Service
[ ] Work Folders FS-SyncShareService
[X] Storage Services Storage-Services
[ ] Host Guardian Service HostGuardianServiceRole
[ ] Hyper-V Hyper-V
[ ] Network Controller NetworkController
[ ] Print and Document Services Print-Services
[ ] Print Server Print-Server
[ ] LPD Service Print-LPD-Service
[ ] Remote Access RemoteAccess
[ ] DirectAccess and VPN (RAS) DirectAccess-VPN
[ ] Routing Routing
[ ] Web Application Proxy Web-Application-Proxy
[ ] Remote Desktop Services Remote-Desktop-Services
[ ] Remote Desktop Connection Broker RDS-Connection-Broker
[ ] Remote Desktop Licensing RDS-Licensing
[ ] Remote Desktop Virtualization Host RDS-Virtualization
[ ] Volume Activation Services VolumeActivation
[ ] Web Server (IIS) Web-Server
[ ] Web Server Web-WebServer
[ ] Common HTTP Features Web-Common-Http
[ ] Default Document Web-Default-Doc
[ ] Directory Browsing Web-Dir-Browsing
[ ] HTTP Errors Web-Http-Errors
[ ] Static Content Web-Static-Content
[ ] HTTP Redirection Web-Http-Redirect
[ ] WebDAV Publishing Web-DAV-Publishing
[ ] Health and Diagnostics Web-Health
[ ] HTTP Logging Web-Http-Logging
[ ] Custom Logging Web-Custom-Logging
[ ] Logging Tools Web-Log-Libraries
[ ] ODBC Logging Web-ODBC-Logging
[ ] Request Monitor Web-Request-Monitor
[ ] Tracing Web-Http-Tracing
[ ] Performance Web-Performance
[ ] Static Content Compression Web-Stat-Compression
[ ] Dynamic Content Compression Web-Dyn-Compression
[ ] Security Web-Security
[ ] Request Filtering Web-Filtering
[ ] Basic Authentication Web-Basic-Auth
[ ] Centralized SSL Certificate Support Web-CertProvider
[ ] Client Certificate Mapping Authentic... Web-Client-Auth
[ ] Digest Authentication Web-Digest-Auth
[ ] IIS Client Certificate Mapping Authe... Web-Cert-Auth
[ ] IP and Domain Restrictions Web-IP-Security
[ ] URL Authorization Web-Url-Auth
[ ] Windows Authentication Web-Windows-Auth
[ ] Application Development Web-App-Dev
[ ] .NET Extensibility 3.5 Web-Net-Ext
[ ] .NET Extensibility 4.6 Web-Net-Ext45
[ ] Application Initialization Web-AppInit
[ ] ASP Web-ASP
[ ] ASP.NET 3.5 Web-Asp-Net
[ ] ASP.NET 4.6 Web-Asp-Net45
[ ] CGI Web-CGI
[ ] ISAPI Extensions Web-ISAPI-Ext
[ ] ISAPI Filters Web-ISAPI-Filter
[ ] Server Side Includes Web-Includes
[ ] WebSocket Protocol Web-WebSockets
[ ] FTP Server Web-Ftp-Server
[ ] FTP Service Web-Ftp-Service
[ ] FTP Extensibility Web-Ftp-Ext
[ ] Management Tools Web-Mgmt-Tools
[ ] IIS 6 Management Compatibility Web-Mgmt-Compat
[ ] IIS 6 Metabase Compatibility Web-Metabase
[ ] IIS 6 Scripting Tools Web-Lgcy-Scripting
[ ] IIS 6 WMI Compatibility Web-WMI
[ ] IIS Management Scripts and Tools Web-Scripting-Tools
[ ] Management Service Web-Mgmt-Service
[ ] Windows Server Essentials Experience ServerEssentialsRole
[ ] Windows Server Update Services UpdateServices
[ ] WID Connectivity UpdateServices-WidDB
[ ] WSUS Services UpdateServices-Services
[ ] SQL Server Connectivity UpdateServices-DB
[ ] .NET Framework 3.5 Features NET-Framework-Features
[ ] .NET Framework 3.5 (includes .NET 2.0 and 3.0) NET-Framework-Core
[ ] HTTP Activation NET-HTTP-Activation
[ ] Non-HTTP Activation NET-Non-HTTP-Activ
[X] .NET Framework 4.6 Features NET-Framework-45-Fea...
[X] .NET Framework 4.6 NET-Framework-45-Core
[ ] ASP.NET 4.6 NET-Framework-45-ASPNET
[X] WCF Services NET-WCF-Services45
[ ] HTTP Activation NET-WCF-HTTP-Activat...
[ ] Message Queuing (MSMQ) Activation NET-WCF-MSMQ-Activat...
[ ] Named Pipe Activation NET-WCF-Pipe-Activat...
[ ] TCP Activation NET-WCF-TCP-Activati...
[X] TCP Port Sharing NET-WCF-TCP-PortShar...
[ ] Background Intelligent Transfer Service (BITS) BITS
[ ] Compact Server BITS-Compact-Server
[ ] BitLocker Drive Encryption BitLocker
[ ] BranchCache BranchCache
[ ] Client for NFS NFS-Client
[ ] Containers Containers
[ ] Data Center Bridging Data-Center-Bridging
[ ] Enhanced Storage EnhancedStorage
[ ] Failover Clustering Failover-Clustering
[ ] Group Policy Management GPMC
[ ] Host Guardian Hyper-V Support HostGuardian
[ ] I/O Quality of Service DiskIo-QoS
[ ] IIS Hostable Web Core Web-WHC
[ ] IP Address Management (IPAM) Server IPAM
[ ] iSNS Server service ISNS
[ ] Management OData IIS Extension ManagementOdata
[ ] Media Foundation Server-Media-Foundation
[ ] Message Queuing MSMQ
[ ] Message Queuing Services MSMQ-Services
[ ] Message Queuing Server MSMQ-Server
[ ] Directory Service Integration MSMQ-Directory
[ ] HTTP Support MSMQ-HTTP-Support
[ ] Message Queuing Triggers MSMQ-Triggers
[ ] Routing Service MSMQ-Routing
[ ] Message Queuing DCOM Proxy MSMQ-DCOM
[ ] Multipath I/O Multipath-IO
[ ] MultiPoint Connector MultiPoint-Connector
[ ] MultiPoint Connector Services MultiPoint-Connector...
[ ] MultiPoint Manager and MultiPoint Dashboard MultiPoint-Tools
[ ] Network Load Balancing NLB
[ ] Peer Name Resolution Protocol PNRP
[ ] Quality Windows Audio Video Experience qWave
[ ] Remote Differential Compression RDC
[ ] Remote Server Administration Tools RSAT
[ ] Feature Administration Tools RSAT-Feature-Tools
[ ] BitLocker Drive Encryption Administratio... RSAT-Feature-Tools-B...
[ ] DataCenterBridging LLDP Tools RSAT-DataCenterBridg...
[ ] Failover Clustering Tools RSAT-Clustering
[ ] Failover Cluster Module for Windows ... RSAT-Clustering-Powe...
[ ] Failover Cluster Automation Server RSAT-Clustering-Auto...
[ ] Failover Cluster Command Interface RSAT-Clustering-CmdI...
[ ] IP Address Management (IPAM) Client IPAM-Client-Feature
[ ] Shielded VM Tools RSAT-Shielded-VM-Tools
[ ] Storage Replica Module for Windows Power... RSAT-Storage-Replica
[ ] Role Administration Tools RSAT-Role-Tools
[ ] AD DS and AD LDS Tools RSAT-AD-Tools
[ ] Active Directory module for Windows ... RSAT-AD-PowerShell
[ ] AD DS Tools RSAT-ADDS
[ ] Active Directory Administrative ... RSAT-AD-AdminCenter
[ ] AD DS Snap-Ins and Command-Line ... RSAT-ADDS-Tools
[ ] AD LDS Snap-Ins and Command-Line Tools RSAT-ADLDS
[ ] Hyper-V Management Tools RSAT-Hyper-V-Tools
[ ] Hyper-V Module for Windows PowerShell Hyper-V-PowerShell
[ ] Windows Server Update Services Tools UpdateServices-RSAT
[ ] API and PowerShell cmdlets UpdateServices-API
[ ] DHCP Server Tools RSAT-DHCP
[ ] DNS Server Tools RSAT-DNS-Server
[ ] Network Controller Management Tools RSAT-NetworkController
[ ] Remote Access Management Tools RSAT-RemoteAccess
[ ] Remote Access module for Windows Pow... RSAT-RemoteAccess-Po...
[ ] RPC over HTTP Proxy RPC-over-HTTP-Proxy
[ ] Setup and Boot Event Collection Setup-and-Boot-Event...
[ ] Simple TCP/IP Services Simple-TCPIP
[X] SMB 1.0/CIFS File Sharing Support FS-SMB1
[ ] SMB Bandwidth Limit FS-SMBBW
[ ] SNMP Service SNMP-Service
[ ] SNMP WMI Provider SNMP-WMI-Provider
[ ] Software Load Balancer SoftwareLoadBalancer
[ ] Storage Replica Storage-Replica
[ ] Telnet Client Telnet-Client
[ ] VM Shielding Tools for Fabric Management FabricShieldedTools
[X] Windows Defender Features Windows-Defender-Fea...
[X] Windows Defender Windows-Defender
[ ] Windows Internal Database Windows-Internal-Dat...
[X] Windows PowerShell PowerShellRoot
[X] Windows PowerShell 5.1 PowerShell
[ ] Windows PowerShell 2.0 Engine PowerShell-V2
[ ] Windows PowerShell Desired State Configurati... DSC-Service
[ ] Windows PowerShell Web Access WindowsPowerShellWeb...
[ ] Windows Process Activation Service WAS
[ ] Process Model WAS-Process-Model
[ ] .NET Environment 3.5 WAS-NET-Environment
[ ] Configuration APIs WAS-Config-APIs
[ ] Windows Server Backup Windows-Server-Backup
[ ] Windows Server Migration Tools Migration
[ ] Windows Standards-Based Storage Management WindowsStorageManage...
[ ] WinRM IIS Extension WinRM-IIS-Ext
[ ] WINS Server WINS
[X] WoW64 Support WoW64-Support
---> b891a0f5b277
Removing intermediate container 5e5f83bb2c86
Step 3/3 : RUN powershell -Command Add-WindowsFeature AD-Domain-Services
---> Running in 22724bfb2ee4
Add-WindowsFeature : The request to add or remove features on the specified
server failed.
The operation cannot be completed, because the server that you specified
requires a restart.
At line:1 char:1
+ Add-WindowsFeature AD-Domain-Services
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : DeviceError: (@{Vhd=; Credent...Name=localhost}:
PSObject) [Install-WindowsFeature], Exception
+ FullyQualifiedErrorId : DISMAPI_Error__Failed_Reboot_Required,Microsoft.
Windows.ServerManager.Commands.AddWindowsFeatureCommand
Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
False No Failed {}
The command 'cmd /S /C powershell -Command Add-WindowsFeature AD-Domain-Services' returned a non-zero code: 1
Windows Containers do not ship with Active Directory support and due to their nature can’t (yet) act as a full-fledged domain joined objects, but a certain level of Active Directory functionality can be supported through the use of 'group Managed Service Accounts' (gMSA).
https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/manage-serviceaccounts