Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Using PowerShell to Provision Member Servers in Microsoft Azure

In this Ask the Admin, I’ll show you how to provision member servers to an existing domain in Microsoft Azure using PowerShell.

In my Petri IT Knowledgebase article, “Provisioning of Domain Controllers in Azure using PowerShell,” I showed you how to use PowerShell to provision domain controllers in Azure with a single click. Now that you can quickly create a new Active Directory domain in Azure, I’ll show you how to provision a new member server using a couple of simple commands.

Windows PowerShell Script Pre-Requisites

Before you can use the code included in this article, you will need to have an Azure subscription, install the PowerShell tools for Azure and set up a secure connection to your subscription as described in “Setup Windows Azure PowerShell Management.”

Before diving in, there are several other considerations:

The script assumes that you will deploy each new VM to a unique cloud service.
The script has been tested on Windows 8.1 Update 1, so it may not work with earlier versions of PowerShell.
The script should be run as a local administrator.

Running the script in Windows PowerShell ISE. (Image: Russell Smith)

Running the PowerShell Script

In this script we are going to provision a new VM that will be a member server of the ad.contoso.com domain, which is already running in Azure. I have a virtual network (Contoso) and subnet (Subnet-1) pre-configured. Domain controllers (DCs) already set up must be running in Azure.

Setting up variables

After specifying the Azure subscription and storage account, there are two sections that define variables. Custom variables need to be changed every time you run the script to determine the name of the new VM and cloud service name. All other variables should be changed to reflect your domain and Azure environment.

 Set-AzureSubscription “Pay-As-You-Go” -CurrentStorageAccount portalvhdsxgwgzn2ml54p5

# Set custom variables

$vmName = "CONTOSOSRV1"
$serviceName = "contosoSRV1"

# Set static variables

$domainadmin = "contosodc1admin"
$password = "Passw0rd!"
$username = $vmName + "admin"
$vnetName = "CONTOSO"
$subNet = "Subnet-1"
$location = "North Europe"
$domain = "ad.contoso.com"
$netBios = "AD"
$imageFamily = "Windows Server 2012 R2 Datacenter"
$instanceSize = "Medium"

Before provisioning the new VM, we need to check using the Test-AzureName cmdlet that the cloud service name specified in the variables section is available. If the name is unavailable, then an error is thrown and the script exits.

 # Check availability of cloud service name

$cservices = Test-AzureName -service -name $serviceName

If ($cservices -eq $true) {
Write-Host "The cloud service name already exists" -foregroundcolor yellow -backgroundcolor red
throw "An error occurred" }

The script then determines the Azure gallery image that will be used to provision the new VM. Here we use the Get-AzureVMImage cmdlet to retrieve and sort the available Windows Server 2012 R2 Datacenter edition images, with the latest at the top of the list.

 # Get the name of the latest image
$imageName = Get-AzureVMImage | where { $_.ImageFamily -eq $imageFamily } | sort PublishedDate -Descending | select -ExpandProperty ImageName -First 1

Provision the New Virtual Machine

Now we are ready to provision the VM. Using the Add-AzureProvisioningConfig cmdlet, we can specify all the necessary domain join details so that we don’t have to remotely connect to the VM after it’s provisioned to join it to our domain.

 # Create a new VM with a static IP address

$newVM = New-AzureVMConfig -Name $vmName -InstanceSize $instanceSize -ImageName $imageName -DiskLabel "OS"
$newVM | Add-AzureProvisioningConfig -WindowsDomain -AdminUsername $username -Password $password -DomainUserName $domainadmin -DomainPassword $password -Domain $netBios -JoinDomain $domain -DisableAutomaticUpdates
$newVM | Set-AzureSubnet -SubnetNames $subNet

New-AzureVM -ServiceName $serviceName -VMs $newVM -VNetName $vnetName -Location $location -WaitForBoot

Finally, the script determines the RDP port that is randomly assigned by Azure when the VM is provisioned, and displays the full URL so that we can connect to the VM using Remote Desktop.

 # Display the RDP connection string
$rdpPort = $myVM | Get-AzureEndpoint | where { $_.Name -eq “RDP” }
$rdpString = $servicename + ".cloudapp.net:" + $rdpPort.Port
write-host "Make a Remote Desktop connection to the VM using the URL below:" -foregroundcolor yellow -backgroundcolor red 
write-host $rdpString

by Russell Smith
Jul 29, 2014

Editorial Director at Petri IT Knowledgebase. Russell has more than 20 years' experience working in IT. From small business to large government IT infrastructure projects. Russell started his writing career for Windows IT Pro magazine in the early...

Top Azure Cloud Security Controls to Understand

Oct 31, 2023
Jan 08, 2024
Making Microsoft Azure Penetration Testing Work to Combat Threats

Nov 21, 2023
Azure VMware Solution – Maximizing Security and Control with Customer-Managed Keys

Oct 3, 2023
Oct 10, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.