I have the latest version of the Azure Powershell installed (0.9.7). I have a new virtual machine that was created via the Preview Portal. It was created with the new Resource Group model.
I am trying to install a few extensions but I cannot figure out the correct Powershell commands. Most instructions say to use Get-AzureVM. This does not return my VMs. If I use Switch-AzureMode to AzureResourceManager, I can use Get-AzureVM to list my VM (v2 I assume).
It seems none of the Extension scripts are setup for Resource Manager mode. Most of the sample scripts say to use:
Get-AzureVM -ServiceName 'CLFeb19WS12R2A' -Name 'CLFeb19WS12R2A' | Set-AzureVMBGInfoExtension -Disable -ReferenceName 'BGInfo' | Update-AzureVM
I have tried all kinds of ways. The AzureVMBGInfoExtension cmdlet is not available in Resource Manager mode.
Any suggestions?
Create a VM
I created a new VM so that I could help you. I used portal.azure.com > New > Compute > Marketplace > Windows Server > Windows Server 2008 R2 SP1 and chose the Resource Manager deployment model.
Create an Active Directory User
Since we're using the Azure Resource Manager, I needed to create a new Active Directory user so that I could authenticate with Azure PowerShell. That is the only way that I could authenticate.
You can create one using the following steps.
Login to the Azure Portal, and select Active Directory.
If no directory exists, select Create your directory and provide the requested information.
Select your directory and add a new user. This new user is a work or school account.
During the creation of the user, you will be supplied with both an e-mail address for the user and a temporary password. Save this information as it is needed later.
From the Azure portal, select Settings and then select Administrators. Select Add, and add the new user as a co-administrator. This allows the work or school account to manage your Azure subscription.
Finally, log out of the Azure portal and then log back in using the new work or school account. If this is the first time logging in with this account, you will be prompted to change the password.
Make sure you see your subscriptions when you log in as the work or school account.
Oddly enough, Azure Resource Manager seems to work best (or only to work) with if we authenticate with one of those types of accounts.
Install the Most Recent Azure PowerShell Module
Since we need access to the Extension related commandlets, I installed the most recent version of Azure PowerShell. The link shows how to install it via the Web Platform Installer. Once done, you can find out whether you have the correct one by running this:
> (Get-Module azureresourcemanager).Version
Major Minor Build Revision
----- ----- ----- --------
0 9 7 -1
When we run the following, look at all the Extension related commandlets. Hooray!
> Switch-AzureMode -Name AzureResourceManager
> Get-Command *extension* -Module AzureResourceManager
Get-AzureVMAccessExtension
Get-AzureVMCustomScriptExtension
Get-AzureVMDiagnosticsExtension
Get-AzureVMDscExtension
Get-AzureVMExtension
Get-AzureVMExtensionImage
Get-AzureVMExtensionImageType
Remove-AzureVMAccessExtension
Remove-AzureVMCustomScriptExtension
Remove-AzureVMDiagnosticsExtension
Remove-AzureVMDscExtension
Remove-AzureVMExtension
Set-AzureVMAccessExtension
Set-AzureVMCustomScriptExtension
Set-AzureVMDiagnosticsExtension
Set-AzureVMDscExtension
Set-AzureVMExtension
We have access to these while being in Resource Manager mode. To learn how to use each of them, run Get-Help Set-AzureVMAccessExtension -example on each one that is of interest. Then play around with the example.
Authenticate Azure PowerShell & Set the Extensions for Your VM
When authenticating via Add-AzureAccount, use the Active Directory user that we created. Then you can query your virtual machines.
> Add-AzureAccount
> Get-AzureResource -ResourceType Microsoft.Compute/virtualMachines
Once you know the details of your VM, you can add an extensions. Here is one example that worked for me.
> Set-AzureVMAccessExtension -ResourceGroupName "mvp1" -Location "West US" -VMName "mvp1" -Name "mvp1test" -TypeHandlerVersion "2.0" -UserName "shaunluttin" -Password "Password
EndTime : 9/1/2015 9:35:57 PM -07:00
Error :
Output :
StartTime : 9/1/2015 9:35:20 PM -07:00
Status : Succeeded
TrackingOperationId : f03210e0-e67e-40d7-aad7-d9acef64bebe
RequestId : 95f42767-edcf-443a-8977-4c9f6d0eafef
StatusCode : OK
Best of luck with that. Let me know if you have any questions.
Related
I am trying to put some auto start policy on my VM on Azure.
So, I used automation account and power shell script to do this from this link: https://adamtheautomator.com/azure-vm-schedule/
But on testing it give me error of Run Login-AzureRmAccount to login
Please suggest how to fix this?
## Get the Azure Automation Acount Information
$azConn = Get-AutomationConnection -Name 'AzureRunAsConnection'
## Add the automation account context to the session
Add-AzureRMAccount -ServicePrincipal -Tenant $azConn.TenantID -ApplicationId $azConn.ApplicationId -CertificateThumbprint $azConn.CertificateThumbprint
## Get the Azure VMs with tags matching the value '10am'
$azVMs = Get-AzureRMVM | Where-Object {$_.Tags.StartTime -eq '10am'}
## Start VMs
$azVMS | Start-AzureRMVM
Regards
ESNGSRJ
This can happen when the Run As account isn't configured appropriately. You will need to create one to provide authentication for managing resources on the Azure Resource Manager using Automation runbooks.
When you create a Run As account, it performs the following tasks:
Creates an Azure AD application with a self-signed certificate, creates a service principal account for the application in Azure AD, and assigns the Contributor role for the account in your current subscription.
Creates an Automation certificate asset named AzureRunAsCertificate in the specified Automation account.
Creates an Automation connection asset named AzureRunAsConnection in the specified Automation account.
Please note the following requirements from the referenced link:
You must have an Azure Automation Account with an Azure Run As account already prepared. If you don’t have this yet, learn how to create one when you go to Create a new Automation account in the Azure portal.
The Azure PowerShell module must be installed. If you don’t have this yet, please go to the Install the Azure PowerShell module page for more information.
Note: You can configure your Runbook to use managed identities as well and it has added benefits as compared to using Run As accounts. You can get started with this tutorial to use managed identity.
While trying to create Azure Virtual Desktop, I have created one resource group with Azure AD Domain Service to bind Active Directory with Virtual Network.
At the cleanup time, I tried to delete the resource group which contains the Azure AD Domain service.
I tried to delete the resource group from Portal as well as from Powershell. Using the following command -
Get-AzureRmResourceGroup -Name AADS | Remove-AzureRmResourceGroup -Verbose -Force
But I am receiving following error.
Cannot modify resource with id '/subscriptions//resourceGroups/AADS/providers/Microsoft.AAD/domainServices/' because the resource entity provisioning state is not terminal. Please wait for the provisioning state to become terminal and then retry the request.
I attempted delete operation multiple times with an interval of around 2-3 hours but still getting the same error.
This issue belongs to troubleshooting and was fixed by the Microsoft support team.
You can raise a support ticket on azure portal by following this link: https://learn.microsoft.com/en-us/azure/azure-supportability/how-to-create-azure-support-request
I have a load of Azure Powershell deployment scripts that are triggered by the build server after the completion of a build which work perfectly - I use the Import-AzurePublishSettingsFile (which is securely stored locally) to log into Azure unattended.
I now need to extend these to include management of Sql Azure Servers, Elastic Pools and Databases.
These, however, are part of the Azure Resource Manager cmdlets which have a different method of authentication.
I've found these articles:
Authenticating a Service Principal with Azure Resource Manager
Using Azure PowerShell with Azure Resource Manager
Using Windows Azure Active Directory to Authenticate the Management Libraries)
but all appear to require you to enter your credentials at some stage at the process. The second link above explicitly states:
The AzureResourceManager module requires Add-AzureAccount. A Publish Settings file is not sufficient.
I've tried (just to see what happens) switching to the Resource Manager with Switch-AzureMode -Name AzureResourceManager and then just executing one of the cmdlets, such as Get-AzureResourceGroup -Name "blah" but I just get an error of
Get-AzureResourceGroup : AuthenticationFailed: Authentication failed. The 'Authorization' header is not present or provided in an invalid format.
I am quite happy to set up an AD Application, manually, once, through the portal and then provide my scripts with the relevant Application ID or whatever is required. I just need it to be unattended so that my build can deploy!
Can anyone tell me how I go about making an unattended script to use these Azure Resource Manager cmdlets through Powershell?
This post gives full details of how to do this. Basically you embed your powershell scripts with the username and password of your AD user.
Unattended authentication to Azure Management APIs with Azure Active Directory
But be aware that if, like me, you wish to combine calls to the AzureResourceManager and AzureServiceManagement modes (using Switch-AzureMode) then you must use Add-AzureAccount -Credential <credentials> and also Remove-AzureAccount -Name <username> otherwise some of the AzureServiceManagement mode cmdlets cease to work.
I'm using Microsoft Azure VM and have reset the Administrator password using:
Computer Management - > User and Groups - > Right click and Reset
But once I try to RDP as Administrator,the new password didn't work out.
I tried to reset the password using powershell ISE with below explanation .
Resetting Admin Passwords on Microsoft Azure VM’s
And I found that VM Agent is not installed.
How can I install the VM Agent using Powershell ISE and then reset Admin password ?
Thanks
You need to be able to connect via RDP to be able to install the agent via executing a msi in the VM. You can download the msi for agent on Microsoft site.
The to let VM know that agent is installed you can execute below cmdlets via Azure PowerShell:
$vm = Get-AzureVM –ServiceName [Name]
$vm.VM.ProvisionGuestAgent = $true
Update-AzureVM –VM $vm.VM -ServiceName
If the agent is not installed this usually means that the VM image was not properly preped / generalized for Azure. I have had this situation(it was quite weird as I will use an image to deploy few VMs then about a week later new VM provisioning will start to fail stating agent was missing. When I called support and worked with them it got traced to bad provision process on my end)
I have an existing VM Azure it seems the password of my XXX user has EXPIRED.
a) I know I have an Administrator user somewhere but how can I ask Azure for its password?
b) I think I read somewhere I could add more admins from the Azure Dashboard, but it was not clear if that was for the VM or for the Subscription. (I surely need for the VM).
I've been on Google for the past 4 hours looking at how can I fix this problem.
I really don't want to believe that MS does NOT offer a way to fix this issue.
At least the Remote Desktop should display a "Change Password" form....
Seriously, did I really lose control of this VM?
There is an option now in https://portal.azure.com/
You need to log in with your Azure credentials.
Browse -> Virtual Machines -> Select Your Virtual Machine
-> Select Setting on top -> Password Reset
It works... :)
Using the new Azure VM Agent you can do this (as long as the agent is installed, which it is by default on all new VMs you spin up).
You need the Azure PowerShell module for this, which can be downloaded from here:
http://t.co/2hQP6qsGeM
After its installed, fire up PowerShell, connect to your subscription (which is described here: PowerShell for Azure Documentation) and issue the following command after replacing the values:
Get-AzureVM -ServiceName MyService -Name MyVM | Set-AzureVMAccessExtension -UserName MyUserName -Password "MyComplexPassword123" | Update-AzureVM
This is the fastest solution:
Create a script called “ResetPassword.ps1” e.g. with Notepad
Add the following line and replace your credentials
net user <YourExistingAdminUserName> <YourNewPassword>
Go to the VM in the azure portal
Go into the extensions menu for that VM
In the top menu pick “Add”
Choose the Custom Script extension, create and pick your "ResetPassword.ps1" script file
The file will now be pushed to your VM and deployed. Once it is successfully executed, you can login with the new credentials.
Source: http://www.chrisjohnson.io/2018/02/15/domain-controller-in-azure-vm-with-expired-password/#comment-6825733