部署 Azure Arm 模板时以域用户身份运行 powershell 命令

问题描述 投票:0回答:1

我有一个 Azure Arm 模板部署,创建以下资源 -

  1. 'N' 个虚拟机
  2. 将每个虚拟机加入现有的 AD
  3. 在每个虚拟机上运行自定义脚本扩展 (CSE) - 本质上是一个 PS 脚本,用于使用“Get-ADComputer”从 AD 将计算机信息获取到 CSV 中。类似于这个

如果我跳过步骤 3 并在虚拟机上手动运行脚本,即使我使用任何用户(域或管理员)登录,它也会以 CSV 形式返回所有计算机。 不幸的是,当我将 CSE 添加到模板时,它不起作用。

{
        "type": "Microsoft.Compute/virtualMachines",
        ...
},
{
        "type": "Microsoft.Compute/virtualMachines/extensions",
        ...
        "properties": {
            "type": "JsonADDomainExtension"
            ...
        }
},
{
        "type": "Microsoft.Compute/virtualMachines/extensions",
        ...
        "properties": {
            "type": "CustomScriptExtension",
            ...
            "protectedSettings": {
                "commandToExecute": "powershell RunPythonScript.ps1"
            }
        }
 }
azure azure-resource-manager azure-bicep
1个回答
0
投票

尝试在 Azure 存储帐户 > 生成 SAS 令牌 url 中上传您的 powershell 脚本,并使用它作为自定义脚本扩展运行您的 PS 脚本。

我的存储帐户以及 Powershell 脚本和生成的 SAS URL:-

enter image description here在 Windows Server 内运行的 Powershell 脚本:-

# Import the Active Directory module Install-WindowsFeature -Name RSAT-AD-PowerShell Import-Module ActiveDirectory # Get computer information and export it to a CSV file Get-ADComputer -Filter * -Property * | Export-Csv -Path "C:\output.csv" -NoTypeInformation 

我的
main.bicep文件:-

// VM with availability set

param resourceLocation string ='North Europe'
@secure()
param adminPassword string = 'silicon@123'

resource appnetwork 'Microsoft.Network/virtualNetworks@2022-07-01' = {
  name: 'silic6netk'
  location: resourceLocation
  properties: {
    addressSpace: {
      addressPrefixes: [
        '10.0.0.0/16'
      ]
    }
    subnets: [
      {
        name: 'SubnetA'
        properties: {
          addressPrefix: '10.0.0.0/24'
        }
      }
      {
        name: 'SubnetB'
        properties: {
          addressPrefix: '10.0.1.0/24'
        }
      }
    ]    }
}

resource app_ip 'Microsoft.Network/publicIPAddresses@2022-07-01' = {
  name: 'sili-ip'
  location: resourceLocation
  sku: {
    name: 'Basic'
  }
  properties: {
    publicIPAllocationMethod: 'Dynamic'
  }
}

resource app_interface 'Microsoft.Network/networkInterfaces@2022-07-01' = {
  name: 'sili-interface'
  location: resourceLocation
  properties: {
    ipConfigurations: [
      {
        name: 'ipConfig1'
        properties: {
          privateIPAllocationMethod: 'Dynamic'
          subnet: {            
            id: resourceId('Microsoft.Network/virtualNetworks/subnets', 'silic6netk', 'SubnetA')
          }
          publicIPAddress: {
            id: app_ip.id
          }
        }
      }
    ]
    networkSecurityGroup: {
      id: app_nsg.id
    }
  }
}


resource vmstore55434434 'Microsoft.Storage/storageAccounts@2022-09-01' = {
  name: 'silicon74'
  location: resourceLocation
  kind: 'StorageV2'
  sku: {
    name: 'Standard_LRS'
  }
}

resource app_nsg 'Microsoft.Network/networkSecurityGroups@2022-07-01' = {
  name: 'silic-nsg'
  location: resourceLocation
  properties: {
    securityRules: [
      {
        name: 'Allow-RDP'
        properties: {
          description: 'Allow Remote Desktop'
          protocol: 'Tcp'
          sourcePortRange: '*'
          destinationPortRange: '3389'
          sourceAddressPrefix: '*'
          destinationAddressPrefix: '*'
          access: 'Allow'
          priority: 110
          direction: 'Inbound'
        }
      }
      {
        name: 'Allow-HTTP'
        properties: {
          description: 'Allow HTTP'
          protocol: 'Tcp'
          sourcePortRange: '*'
          destinationPortRange: '80'
          sourceAddressPrefix: '*'
          destinationAddressPrefix: '*'
          access: 'Allow'
          priority: 120
          direction: 'Inbound'
        }
      }
    ]
  }
}

resource appvmconfigapp 'Microsoft.Compute/virtualMachines/extensions@2022-11-01' = {
  parent: appvm
  name: 'appvmconfigapp'
  location: 'North Europe'
  properties: {
    publisher: 'Microsoft.Compute'
    type: 'CustomScriptExtension'
    typeHandlerVersion: '1.10'
    autoUpgradeMinorVersion: true
    settings: {
      fileUris: [
        'https://xxxxnstrg6.blob.core.windows.net/test/GetAd.ps1?sp=xxxxxxxx'
      ]
    }
    protectedSettings: {
      commandToExecute: 'powershell -ExecutionPolicy Unrestricted -File GetAd.ps1'
    }
  }
}

resource appvm 'Microsoft.Compute/virtualMachines@2022-11-01' = {
  name: 'silicon74vm'
  location: resourceLocation
  properties: {
    hardwareProfile: {
      vmSize: 'Standard_D2s_v3'
    }
    osProfile: {
      computerName: 'appvm'
      adminUsername: 'siliconuser'
      adminPassword: adminPassword
    }
    storageProfile: {
      imageReference: {
        publisher: 'MicrosoftWindowsServer'
        offer: 'WindowsServer'
        sku: '2022-Datacenter'
        version: 'latest'
      }
      osDisk: {
        name: 'windowsVM1OSDisk'
        caching: 'ReadWrite'
        createOption: 'FromImage'
      }            
    }
    networkProfile: {
      networkInterfaces: [
        {
          id: app_interface.id
        }
      ]
    }
    diagnosticsProfile: {
      bootDiagnostics: {
        enabled: true
        storageUri: reference(resourceId('Microsoft.Storage/storageAccounts/', toLower('silicon74'))).primaryEndpoints.blob
      }
    }
    
  }
}




输出:-



enter image description here要使
Get-ADComputer
命令起作用
您需要安装> ActiveDirectory模块,在Windows客户端和服务器中安装模块的步骤在此博客中给出
    


      

      
    

  

  

    
最新问题


  





  

    © www.soinside.com 2019 - 2024. All rights reserved.