Azure - Deploy and automatically domain join a VM with Azure Automation Runbooks
Contents
I was looking for a way to deploy and automatically domain join a VM in Azure. The solution was quite simple: Azure Automation. I found the blog post of DexterPOSH very useful, but the script doesn’t work for me. Follow the steps on his blog and use this script below. I’ll update this post if I find some improvements. Don’t forget to update the domain in the Add-Computer part. To-Do list: - Custom static IP as variable. - Custom domain as variable.
workflow Deploy-Joined-VM {
param(
[parameter(Mandatory)]
[String]
$VMName,
[parameter(Mandatory)]
[String]
$ServiceName = "VM-<Insert name>",
[parameter(Mandatory)]
[String]
$InstanceSize = "Small",
[parameter(Mandatory)]
[String]
$VMImageName = "Specify custom or default image name",
[parameter(Mandatory)]
[String]
$AzureSubscriptionName = "Subscription-1",
[parameter(Mandatory)]
[String]
$StorageAccountName = "contoso",
[parameter(Mandatory)]
[String]
$VMSubnetName = "subnet-1",
[parameter(Mandatory)]
[String]
$VMVnetName = "CORP.contoso.com",
[parameter(Mandatory)]
[String]
$VMAffinityGroup = "West-Europe"
)
$verbosepreference = 'continue'
#Change this to your needs
$DomainJoinAccount = "Domain Join Account"
$LocalAccount = "LocalAdmin"
$AutomationAccount = "Azure Automation Account"
#Get the Credentials to authenticate agains Azure
Write-Verbose -Message "Getting the Credentials"
$Cred = Get-AutomationPSCredential -Name $AutomationAccount
$LocalCred = Get-AutomationPSCredential -Name $LocalAccount
$DomainCred = Get-AutomationPSCredential -Name $DomainJoinAccount
#Add the Account to the Workflow
Write-Verbose -Message "Adding the Azure Automation Account to Authenticate"
Add-AzureAccount -Credential $Cred
#select the Subscription
Write-Verbose -Message "Selecting the $AzureSubscriptionName Subscription"
Select-AzureSubscription -SubscriptionName $AzureSubscriptionName
#Set the Storage for the Subscrption
Write-Verbose -Message "Setting the Storage Account for the Subscription"
Set-AzureSubscription -SubscriptionName $AzureSubscriptionName -CurrentStorageAccountName $StorageAccountName
#Select the most recent Server 2012 R2 Image
Write-Verbose -Message "Getting the Image details"
$imagename = Get-AzureVMImage |
where-object -filterscript { $_.ImageName -eq $VMImageName } |
Sort-Object -Descending -Property PublishedDate |
Select-Object -First 1 |
select -ExpandProperty ImageName
#use the above Image selected to build a new VM and wait for it to Boot
$Username = $LocalCred.UserName
$Password = $LocalCred.GetNetworkCredential().Password
New-AzureQuickVM -Windows -ServiceName $ServiceName -Name $VMName -ImageName $imagename -Password $Password -AdminUsername $Username -SubnetNames $VMSubnetName -VNetName $VMVnetName -InstanceSize $InstanceSize -AffinityGroup $VMAffinityGroup -WaitForBoot
Write-Verbose -Message "The VM is created and booted up now.. Doing a checkpoint"
#CheckPoint the workflow
CheckPoint-WorkFlow
Write-Verbose -Message "Reached CheckPoint"
#Call the Function Connect-VM to import the Certificate and give back the WinRM uri
$WinRMURi = Get-AzureWinRMUri -ServiceName $ServiceName -Name $VMName | Select-Object -ExpandProperty AbsoluteUri
InlineScript
{
do {
#open a PSSession to the VM
$Session = New-PSSession -ConnectionUri $Using:WinRMURi -Credential $Using:LocalCred -Name $using:VMName -SessionOption (New-PSSessionOption -SkipCACheck ) -ErrorAction SilentlyContinue
Write-Verbose -Message "Trying to open a PSSession to the VM $Using:VMName "
} While (! $Session)
#Once the Session is opened, first step is to join the new VM to the domain
if ($Session) {
Write-Verbose -Message "Found a Session opened to VM $using:VMname. Now will try to add it to the domain"
Invoke-command -Session $Session -ArgumentList $Using:DomainCred -ScriptBlock {
param($cred)
Add-Computer -DomainName "corp.contoso.com" -DomainCredential $cred
Restart-Computer -Force
}
}
}
} #Workflow end