Azure Automation – Provision and Domain Join Azure ARM VM.

automation-930x620Automation has become a large part of any Ops team work stream. It reduces repetitive work and introduces a clear and effective method of ensuring consistency across your platforms, server estate and businesses.

In this article I will go through Azure Automation, especially automation of VM creation and joining the domain. This would lift some of the load of IT to provision and join those VM’s to the domain manually and allowing developers to take a much agile approach.

The automation process is based on Azure Runbook, utilising Powershell workflow and Runbook assets in fully automating the whole process.

You also should have a startup image (i.e. golden image) sysprep’ed and uploaded to a known and accessible storage account in that subscription. You need to ensure that the image was generalised and shutdown. This type of deployment will ensure all your applications and settings are packaged as part of that deployment – that’s if you don’t want to use Microsoft own images. You need to make sure you are covered by MSDN licenses if you are uploading client images and ensure your server image is appropriately licensed as well, plus any application you package as part of that image.

You are probably keen to get down to business …. few things you have to make sure of to ensure this whole process work for you. This automation task is based on creating an Azure ARM VM, you will need three credential assets created under your automation account which will be used with your script:

  1. Asset for local VM admin
  2. Asset with Azure co-admin rights – or at least VM creation rights
  3. Asset with domain admin rights

The vhd image of your packaged and generlised VM needs to be uploaded to a storage account. Make a note of that storage account, any VM created of that image will need to reside on same storage account. If you need to create  a VM on a different storage account then you will need to copy that image across first.

The script is split to two parts, the main body which is the Runbook – Powershell workflow

On Azure, create a Runbook called AzureVMDomainJoin and paste the code below:

workflow AzureVMDomainJoin
{
     param (
        [string] $subId,
        [string] $vmName,
        [string] $vmSize,
        [string] $domain,
        [string] $OU,
        [string] $vmRGName,
        [object] $vmNic,
        [string] $stgName,
        [string] $stgRGName,
        [string] $stgBlobstr,
        [string] $location


     )

     # Enable verbose logging
     $verbosePreference='Continue' 

     # Fetching credentials
     $LocalAdmin = Get-AutomationPSCredential -Name 'AzureLocalAdmin'
     $DomainAdmin = Get-AutomationPSCredential -Name 'AzureDomainJoin'
     $AZAutomationAccount = Get-AutomationPSCredential -Name 'AzureAutomationAccount'

     
     # Login to Azure and select Subscription
     Login-AzureRmAccount -Credential $AZAutomationAccount -SubscriptionId $subId

     $osDisk = $vmName + "-osDisk"
     $osDiskUri = $stgBlobstr + $vmName.ToLower() + '.vhd'
     $vmImageUri = 'https://replace-with-vmimage-storage-account.blob.core.windows.net/vhds/VM_OS.vhd'
     
     InlineScript {
        # Create a new VM config
        $vmConfig = New-AzureRmVMConfig -VMName $Using:vmName -VMSize $Using:vmSize

     	# Add the new created interface to the VM
	$vm = Add-AzureRmVMNetworkInterface -VM $vmConfig -NetworkInterfaceId $Using:vmNic.Id

	# Setting Operating System configurations
     	$vm = Set-AzureRmVMOperatingSystem -VM $vmConfig -Windows -ComputerName $Using:vmName -Credential $Using:LocalAdmin -ProvisionVMAgent -EnableAutoUpdate

     	# Setting properties for OS disk
	$vm = Set-AzureRmVMOSDisk -VM $vmConfig -Name $Using:osDisk -Windows -VhdUri $Using:osDiskUri -Caching ReadWrite -CreateOption FromImage -SourceImageUri $Using:vmImageUri
		
	# Creating the new VM
     	New-AzureRmVM -VM $vm -ResourceGroupName $Using:vmRGName -Location $Using:location
     }

     Checkpoint-Workflow

     # Set and enable LocalAdmin account 
     Set-AzureRmVMAccessExtension -ResourceGroupName $vmRGName -VMName $vmName -UserName $LocalAdmin.UserName -Password $LocalAdmin.GetNetworkCredential().Password -Name "Enable_LocalAdmin"

     # Join VM to domain   
     Set-AzureRmVMExtension -ResourceGroupName $vmRGName -VMName $vmName -Name "JoinADv1" -Publisher "Microsoft.Compute" -ExtensionType "JsonADDomainExtension" -TypeHandlerVersion "1.3" -Location $location -Settings @{ "Name" = $domain; "OUPath" = $OU; "User" = $DomainAdmin.UserName; "Restart" = "true"; "Options" = 3} -ProtectedSettings @{"Password" = $DomainAdmin.GetNetworkCredential().Password}

}

Note: Change $vmImageUri string in the above code to reflect your environment.

In order to run this Runbook, ensure it’s published on Azure. Then use the script below to activate the Runbook from your client machine – need to have AzureRm Powershell module installed to be able to run it.

# Login to Azure
Login-AzureRmAccount

# Select subscription
$select = Get-AzureRmSubscription | Out-GridView -Title "Select your Azure subscription" -OutputMode Single
Select-AzureRmSubscription -SubscriptionId $select.SubscriptionId

# Setting VM variables
$size = 'Standard_A2'
$domainName = "domain.local"
$vmOU = "OU=AzureOU,DC=domain,DC=local"
$vnet = 'vNet Name'
$vnetrg = 'vNet Resource Group Name'
$stgName = 'Storage Account Name'
$stgRG = 'Storage Account Resource Group Name'
$blobStgStr = "https://storageaccountname.blob.core.windows.net/vhds/"
$loc = 'westeurope'

# Taking VM name input
[void][System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic') 
$vm = [Microsoft.VisualBasic.Interaction]::InputBox("Enter VM Name", "VM Name", "VM Machine Name") 

# Get VM destination Resource Group
$rgname = Get-AzureRmResourceGroup | Select ResourcegroupName | Out-GridView -Title "Select destination resource Group" -OutputMode Single

# Get VM destination subnet information
$sub = Get-AzureRmVirtualNetwork -Name $vnet -ResourceGroupName $vnetrg | select -ExpandProperty Subnets |select Name, AddressPrefix, Id | Out-GridView -Title "Select VM subnet" -OutputMode Single

# Building a new VM network interface - this command wasn't recongnised to run as part of Azure runbook
[object] $nic = New-AzureRmNetworkInterface -Name $vm -ResourceGroupName $vnetrg -Location $loc -SubnetId $sub.Id -Force

# Forming parameters hash table 
$param = @{subId=$select.SubscriptionId; vmName=$vm; vmSize=$size; domain=$domainName; OU=$vmOU; vmRGName=$rgname.ResourceGroupName; vmNic=$nic; stgName=$stgName; stgRGName=$stgRG; stgBlobStr=$blobStgStr; location=$loc}

# Submitting VM configuration and starting the runbook
Start-AzureRmAutomationRunbook -Name AzureVMDomainJoinv1 -ResourceGroupName MRL-AzureAutomation-RG -AutomationAccountName DomainJoin -Parameters $param

Make sure you fill out all variables according to your environment. This script will only utilise what’s already created on Azure, like storage accounts, networks and subnets. If you want a new resource group created or a new network/subnet then pre-stage it on Azure first before you run this script.

Happy scripting ….. 🙂

Advertisements

, ,

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: