Change password of Azure VM using PowerShell - azure

I have tried this approach to change a password of an Azure VM:
$resgroup = "rsource1"
$vmName = "virtualmachine1"
$VM = Get-AzVM -ResourceGroupName $resgroup -Name $vmName
$Credential = Get-Credential
$VM | Set-AzureVMAccessExtension –UserName $Credential.UserName `
–Password $Credential.GetNetworkCredential().Password
$VM | Update-AzVM
But I keep getting this error:
Object reference not set to an instance of an object.
When I console.log the values of $Credential.UserName and $Credential.GetNetworkCredential().Password I got the values of username and password that I have inputted.
What am I missing here?


I've never used Set-AzureVMAccessExtension, but I've used the Az PowerShell equivalant Set-AzVMAccessExtension. It needs you to pass -Credential $Credential instead of -UserName and -Password.
You can try this script I made a while ago to to reset passwords for Azure VMs:
# Replace these values with your own
$resourceGroupName = "Servers-RG"
$vmName = "server1"
# Get the VM into an object
$vm = Get-AzVM -ResourceGroupName $resourceGroupName -Name $vmName
# Store credentials you want to change
$credential = Get-Credential -Message "Enter your username and password for $vmName"
# Store parameters in a hashtable for splatting
# Have a look at https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_splatting?view=powershell-7
$extensionParams = #{
'VMName' = $vmName
'Credential' = $credential
'ResourceGroupName' = $resourceGroupName
'Name' = 'AdminPasswordReset'
'Location' = $vm.Location
}
# Pass splatted parameters and update password
Set-AzVMAccessExtension #extensionParams
# Restart VM
# Don't need to pass any switches since they are inferred ByPropertyName
# Have a look at https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_pipelines?view=powershell-7
$vm | Restart-AzVM
I found that the password update doesn't happen until you restart the VM, so Restart-VM is required.


If anyone interested in the Linux (KISS) version (no VM restart needed):
$settings = '{}'
$protectedSettings = '{
"username": "<yourusername, prefer using Credentials object>",
"password": "<yourpassword, prefer using Credentials object>"
}'
Set-AzVMExtension `
-VMName $vmName `
-ResourceGroupName $rgName `
-Location $location `
-Name "VMAccessForLinux" `
-Publisher "Microsoft.OSTCExtensions" `
-ExtensionType "VMAccessForLinux" `
-TypeHandlerVersion "1.4" `
-Settingstring $settings `
-ProtectedSettingString $protectedSettings

Related

Deploying multiple scripts with CustomScriptExtension on an Azure Windows VM

I'm trying to deploy multiple PowerShell scripts to an Azure Windows VM by using the CustomScriptExtension.
The scripts are independent from each other so the order of their deployment doesn't matter. Also the scripts are in same blob container.
I have already a working template as below for installing one script at the moment:
$resourceGroup = "myResourceGroup"
$vmName = "myVM"
$location = "easteurope"
$storageAcctName = "myStorageAcct"
$storageKey = $env:ARM_ACCESS_KEY
$fileUri = #("https://xxxxx.blob.core.windows.net/xxxx/01-installTools.ps1")
$protectedSettings = #{"storageAccountName" = $storageAcctName; "storageAccountKey" = $storageKey};
$settings = #{"fileUris" = $fileUri;"commandToExecute" ="powershell -ExecutionPolicy Unrestricted -File 01-installTools.ps1"};
#run command
Set-AzVMExtension -ResourceGroupName $resourceGroup `
-Location $location `
-ExtensionName "IIS" `
-VMName $vmName `
-Publisher "Microsoft.Compute" `
-ExtensionType "CustomScriptExtension" `
-TypeHandlerVersion "1.8" `
-Settings $settings `
-ProtectedSettings $protectedSettings;
Also is it possible to use 2 CustomScriptExtensions?
I get a TypeHandlerVersion error if i try to do that.

How to see logs for failure reason when creating VM

I am creating an Azure VM using the below PowerShell script
$username = 'xxxxxxx'
$password = ConvertTo-SecureString 'xxxxxxxx&Cx4cA' -AsPlainText -Force
$WindowsCred = New-Object System.Management.Automation.PSCredential ($username, $password)
New-AzVm `
-ResourceGroupName "1-83eb7c26-playground-sandbox" `
-Name "aznewvm23" `
-Location 'eastus' `
-VirtualNetworkName "mynewazvm23" `
-SubnetName "default" `
-SecurityGroupName "mynewvmNSG23" `
-PublicIpAddressName "mypublicip23" `
-Credential $WindowsCred `
-OpenPorts 80,3389 `
-AsJob
And when I see job status using Get-Job it's getting failed.
Id Name PSJobTypeName State HasMoreData Location Command
-- ---- ------------- ----- ----------- -------- -------
1 Long Running O… AzureLongRunni… Failed True localhost New-AzVM
I want to see the failure reason, How can I get job logs using PowerShell?
PS az204_prep> New-AzVM `
>> -ResourceGroupName 'psdemo-rg' `
>> -Name 'psdemo-win-az4' `
>> -Image 'Win2019Datacenter'`
>> -Credential $WindowsCred `
>> -OpenPorts 3389 `
>> -AsJob
Id Name PSJobTypeName State HasMoreData Location Command
-- ---- ------------- ----- ----------- -------- -------
1 Long Running O… AzureLongRunni… Running True localhost New-AzVM
PS az204_prep> Get-Job
Id Name PSJobTypeName State HasMoreData Location Command
-- ---- ------------- ----- ----------- -------- -------
1 Long Running O… AzureLongRunni… Failed True localhost New-AzVM
PS az204_prep> (Get-Job 1).JobStateInfo.State
Failed
PS az204_prep> (Get-Job 1).JobStateInfo.Reason
PS az204_prep>

To Get the Job Details, You can use Get-Job | Format-List -Property * , to get the Full details of the Job performed in Powershell.
The Operation is failing as you are creating a VM with Default Configuration and default command , So you don't have to use -As Job there. Please remove -As Job and it will successfully get created.
I tested it on my environment using the same command you are using (removing -As Job):
$username = 'xxxxxxx'
$password = ConvertTo-SecureString 'xxxxxxxx&Cx4cA' -AsPlainText -Force
$WindowsCred = New-Object System.Management.Automation.PSCredential ($username, $password)
New-AzVM -ResourceGroupName 'myresourcegroupname' -Name 'psdemo-win-az4' -Image 'Win2019Datacenter' -Credential $WindowsCred -OpenPorts 443
Outputs:
Reference:
New-AzVM (Az.Compute) | Microsoft Docs
Creating with -As Job :
$VMLocalAdminUser = "LocalAdminUser"
$VMLocalAdminSecurePassword = ConvertTo-SecureString "Password" -AsPlainText -Force
$LocationName = "westus"
$ResourceGroupName = "myresourcegroup"
$ComputerName = "mycomputername"
$VMName = "MYVMName"
$VMSize = "Standard_DS3"
$NetworkName = "Myvnet"
$NICName = "MyNIC"
$SubnetName = "MySubnet"
$SubnetAddressPrefix = "10.0.0.0/24"
$VnetAddressPrefix = "10.0.0.0/16"
$SingleSubnet = New-AzVirtualNetworkSubnetConfig -Name $SubnetName -AddressPrefix $SubnetAddressPrefix
$Vnet = New-AzVirtualNetwork -Name $NetworkName -ResourceGroupName $ResourceGroupName -Location $LocationName -AddressPrefix $VnetAddressPrefix -Subnet $SingleSubnet
$NIC = New-AzNetworkInterface -Name $NICName -ResourceGroupName $ResourceGroupName -Location $LocationName -SubnetId $Vnet.Subnets[0].Id
$Credential = New-Object System.Management.Automation.PSCredential ($VMLocalAdminUser, $VMLocalAdminSecurePassword);
$VirtualMachine = New-AzVMConfig -VMName $VMName -VMSize $VMSize
$VirtualMachine = Set-AzVMOperatingSystem -VM $VirtualMachine -Windows -ComputerName $ComputerName -Credential $Credential -ProvisionVMAgent -EnableAutoUpdate
$VirtualMachine = Add-AzVMNetworkInterface -VM $VirtualMachine -Id $NIC.Id
$VirtualMachine = Set-AzVMSourceImage -VM $VirtualMachine -PublisherName 'MicrosoftWindowsServer' -Offer 'WindowsServer' -Skus '2012-R2-Datacenter' -Version latest
New-AzVM -ResourceGroupName $ResourceGroupName -Location $LocationName -VM $VirtualMachine -Verbose -AsJob
I failed it by not satisfying the password Criteria, So, when I check the error message I can see why it failed.
After I change the Password satisfying the criteria the job succeeds.
In Portal:

Powershell Loop with two variables

I am looking for a way to pipe many (100 paired variables) items into this powershell script. Each single command has two variables ResourceGroup and AccountName. I can build an array, but not sure how to get the script to execute the paired variables.
EDIT: Would there be any way to import these variables from CSV , or pull them directly.
$rgName = "<resource-group>"
$accountName = "<storage-account>"
$location = "<location>"
# Create a storage account with MinimumTlsVersion set to TLS 1.1.
New-AzStorageAccount -ResourceGroupName $rgName `
-AccountName $accountName `
-Location $location `
-SkuName Standard_GRS `
-MinimumTlsVersion TLS1_1
# Read the MinimumTlsVersion property.
(Get-AzStorageAccount -ResourceGroupName $rgName -Name $accountName).MinimumTlsVersion
# Update the MinimumTlsVersion version for the storage account to TLS 1.2.
Set-AzStorageAccount -ResourceGroupName $rgName `
-AccountName $accountName `
-MinimumTlsVersion TLS1_2
# Read the MinimumTlsVersion property.
(Get-AzStorageAccount -ResourceGroupName $rgName -Name $accountName).MinimumTlsVersion

If you want to group variables together, you could use an array of System.Management.Automation.PSCustomObject, then iterate this array and run your code:
param (
[Parameter(Mandatory = $true)]
[PSCustomObject[]]
$StorageAccountData
)
foreach ($obj in $StorageAccountData) {
$rgName = $obj.ResourceGroupName
$accountName = $obj.AccountName
$location = $obj.Location
# Create a storage account with MinimumTlsVersion set to TLS 1.1.
New-AzStorageAccount -ResourceGroupName $rgName `
-AccountName $accountName `
-Location $location `
-SkuName Standard_GRS `
-MinimumTlsVersion TLS1_1
# Read the MinimumTlsVersion property.
(Get-AzStorageAccount `
-ResourceGroupName $rgName `
-Name $accountName).MinimumTlsVersion
# Update the MinimumTlsVersion version for the storage account to TLS 1.2.
Set-AzStorageAccount `
-ResourceGroupName $rgName `
-AccountName $accountName `
-MinimumTlsVersion TLS1_2
# Read the MinimumTlsVersion property.
(Get-AzStorageAccount `
-ResourceGroupName $rgName `
-Name $accountName).MinimumTlsVersion
}
Then you could run this script like so:
PS C:\Users\user> $storageAccountData = #(
>> [PSCustomObject]#{
>> ResourceGroupName = 'storageRG'
>> AccountName = 'storage1'
>> Location = 'australiaeast'
>> }
>> [PSCustomObject]#{
>> ResourceGroupName = 'storageRG'
>> AccountName = 'storage2'
>> Location = 'australiaeast'
>> }
>> )
PS C:\Users\user> script.ps1 -StorageAccountData $storageAccountData
If you want to pipe this into the script, you can create a function and use ValueFromPipeline:
function MyFunction {
[CmdletBinding()]
param (
[Parameter(
Mandatory = $true,
ValueFromPipeline = $true
)]
[PSCustomObject[]]
$StorageAccountData
)
# rest of your code
}
Then pass the array of PSCustomObject down then pipeline to this function with $storageAccountData | MyFunction. Make sure to dot source the script to load the function into your preferred scope before calling the function.
Update
If you wanted to read from a CSV file(e.g. storage-accounts.csv):
AccountName,ResourceGroupName,Location
storage1,storageRG,australiaeast
storage2,storageRG,australiaeast
You just need use Import-Csv:
$storageAccountData = Import-Csv -Path .\storage-accounts.csv
foreach ($obj in $storageAccountData) {
# rest of your code
}

Create VM in Azure with powershell with no public IP

I'm creating VM on Azure from an Image using powershell.
This is the script I'm using .
$UserName = "username"
$Password = ConvertTo-SecureString "password#123" -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($UserName, $Password)
New-AzureRmVm `
-ResourceGroupName "RSG" `
-Name "VMName" `
-ImageName "ImageName" `
-Location "West US" `
-VirtualNetworkName "VNName" `
-SubnetName "default" `
-Credential $psCred
-PublicIpAddressName "None" `
-OpenPorts 3389
But, when I got into the Azure portal and see, some Public Ip is getting assigned by default. I have also tried without giving PublicIpAddressName property assuming , it wont assign any IP, but still it is assigning.
I want the Public IP to be none.Can anyone help me achieve this.Thanks!

Currently this an issue which is still in Open state on official azure-powershell github. You can refer it here . Incase if you still want to bypass this you can try using New-AzureReservedIP or after the deployment command try to remove the public ip by yourself Remove-AzureRmPublicIpAddress.
Note : I have'nt tested it yet. Just an idea.
Refer : Docs

To set no public ip address you have can just define it as "" , in powershell you will need to quote that again so it will be """" .

If you are using PowerShell, then you will need to escape all empty parameters by changing "" to '""' to properly pass an empty string into the command. Without this, PowerShell will not pass the empty string, and you will get an error from the command indicating it's missing a parameter.

$winVmCred = Get-Credential `
-Message "Enter username and password for the Windows management virtual machine."
# Create a NIC for the VM.
$winVmNic = New-AzNetworkInterface -Name "winVMNIC01" `
-ResourceGroupName $resourceGroup.ResourceGroupName `
-Location $location `
-SubnetId $targetVMSubnet.Id `
-PrivateIpAddress "10.10.12.10"
# Configure the Windows management VM.
$winVmConfig = New-AzVMConfig -VMName $winVmName -VMSize $winVmSize | `
Set-AzVMOperatingSystem -Windows -ComputerName $winVmName -Credential $winVmCred | `
Set-AzVMSourceImage -PublisherName $winVmPublisher `
-Offer $winVmOffer `
-Skus $winVmSku `
-Version $winVmVersion | `
Add-AzVMNetworkInterface -Id $winVmNic.Id
# Create the VM.
$winVM = New-AzVM -ResourceGroupName $resourceGroup.ResourceGroupName `
-Location $location `
-VM $winVmConfig `
-ErrorAction Stop

Multiple VM Creation by ARM Powershell approach

I have a ps workflow(.psm file) where I am trying to create 5 vms in parallel. I am using ARM cmdlets.I am getting an error-
Error- Cannot validate argument on parameter 'SubnetId'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command
again.
Here is my challange-
Even if I remove -parallel parameter from foreach even then its not making any difference.
If I run the same code NOT inside a workflow(ps1 file) removing -parralel parameter I am able to
create 5 vms
Code-
workflow Create-VMs
{
$UserName = "abc#cde.onmicrosoft.com"
$pwd = ConvertTo-SecureString "xxxxxxxx" -AsPlainText -Force
$AzureCredential = New-Object System.Management.Automation.PSCredential($UserName, $pwd)
login-azurermaccount -credential $AzureCredential
Add-AzureRmAccount -Credential $AzureCredential
Select-AzureRmSubscription -SubscriptionName "xxxxx"
$virtualNetworkName = "myvpn"
$locationName = "East US"
$ResourceGroupName = "myrg"
$user = "adminuser"
$password = "AdminPass123"
$VMSize = "Standard_D2"
$sourcevhd = "https://abc.blob.core.windows.net/vhds/windowsserver2008.vhd"
$virtualNetwork = Get-AzureRmVirtualNetwork -ResourceGroupName $ResourceGroupName -Name $virtualNetworkName
foreach -parallel($i in 1..5)
{
$VMName = "myname" + $i
$destinationVhd = "https://abc.blob.core.windows.net/vhds/windowsserver2008" + $i + ".vhd"
$staticip = "dynamicip" + $i
$virtualNetwork = Get-AzureRmVirtualNetwork -ResourceGroupName $ResourceGroupName -Name $virtualNetworkName
$publicIp = New-AzureRmPublicIpAddress -Name $staticip -ResourceGroupName $ResourceGroupName -Location $locationName -AllocationMethod Dynamic
$networkInterface = New-AzureRmNetworkInterface -ResourceGroupName $ResourceGroupName -Name $VMName -Location $locationName -SubnetId $virtualNetwork.Subnets[0].Id -PublicIpAddressId $publicIp.Id
$vmConfig = New-AzureRmVMConfig -VMName $VMName -VMSize $VMSize
$vmConfig = Set-AzureRmVMOSDisk -VM $vmConfig -Name $VMName -VhdUri $destinationVhd -CreateOption FromImage -Windows -SourceImageUri $sourcevhd
$vmConfig = Add-AzureRmVMNetworkInterface -VM $vmConfig -Id $networkInterface.Id
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ($user, $securePassword)
Set-AzureRmVMOperatingSystem -VM $vmConfig -Windows -Credential $cred -ProvisionVMAgent -ComputerName $VMName
New-AzureRmVM -VM $vmConfig -Location $locationName -ResourceGroupName $ResourceGroupName
}
}
Not able to find out what is the actual problem. Any other approach for creating multiple vms in parallel using ARM ?

I've not had much luck with -parallel and the Azure cmdlets, but I can think of two options for you:
1) use PowerShell jobs - this would require you to login for each job, here's a snippet of how I do it - the "job" in this case is removing a resource group.
foreach ($AzureResourceGroup in $AzureResourceGroups) {
Start-Job -Name $AzureResourceGroup {
Param($AzureResourceGroup, $creds, $tenantID, $subscriptionName)
Login-AzureRmAccount -ServicePrincipal -Credential $creds -TenantId $tenantId
Select-AzureRmSubscription -SubscriptionName $subscriptionName
Remove-AzureRMResourceGroup -Force -Verbose -Name $AzureResourceGroup
} -ArgumentList $AzureResourceGroup, $creds, $tenantId, $subscriptionName
}
Get-Job | Wait-Job | Receive-Job
2) I think better way would be to use a JSON template, and have Azure orchestrate the deployment. There's a sample of how of the template and how to do it here: https://github.com/bmoore-msft/AzureRM-Samples/tree/master/VMFromImageMulti - there's a readme in the root to show how to deploy it.

Resources