diff --git a/Blueprint/Artifacts/Mgmtvm.json b/Blueprint/Artifacts/Mgmtvm.json index e7c2861..cc55e12 100644 --- a/Blueprint/Artifacts/Mgmtvm.json +++ b/Blueprint/Artifacts/Mgmtvm.json @@ -1,629 +1,639 @@ -{ - "kind": "template", - "type": "Microsoft.Blueprint/blueprints/artifacts", - "name": "Mgmtvm", - "properties": { - "displayName": "Management VM", - "description": "Management VM", - "dependsOn": [ - "avdDeploy", - "dnsSharedSvcs", - "addsDAUser", - "adds", - "avdUsers" - ], - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "resourcePrefix": { - "type": "string", - "metadata": { - "displayName": "Resource Prefix" - } - }, - "_artifactsLocationSasToken": { - "type": "securestring", - "metadata": { - "description": "Auto-generated token to access _artifactsLocation. Leave it blank unless you need to provide your own value." - }, - "defaultValue": "" - }, - "baseTime": { - "type": "string", - "defaultValue": "[utcNow('u')]" - }, - "managementVMOSSku": { - "type": "string", - }, - "CreateConfigureFileShareAndGPScriptURI": { - "type": "string" - }, - "ScriptURI": { - "type": "string" - }, - "avdHostpool_vmNamePrefix": { - "type": "string" - }, - "AzureEnvironmentName": { - "type": "string" - }, - "AzureStorageFQDN": { - "type": "string" - }, - "avdHostPool_vmNumberOfInstances": { - "type": "int" - }, - "mgmtvmNameStatic": { - "type": "string", - "defaultValue": "-mgmtvm" - }, - "dnsLabelPrefix": { - "type": "string", - "metadata": { - "description": "Unique public DNS prefix for the deployment. The fqdn will look something like '.westus.cloudapp.azure.com'. Up to 62 chars, digits or dashes, lowercase, should start with a letter: must conform to '^[a-z][a-z0-9-]{1,61}[a-z0-9]$'." - }, - "defaultValue": "[concat(toLower(parameters('resourcePrefix')), parameters('mgmtvmNameStatic'))]" - }, - "daUser_AdminUser": { - "type": "string", - "metadata": { - "description": "An admin account created and added to" - } - }, - "vaultName": { - "type": "string", - "metadata": { - "description": "The name of the keyvault that contains the secret." - }, - "defaultValue": "[concat(parameters('resourcePrefix'), '-sharedsvcs-kv')]" - }, - "KVsecretName": { - "type": "string", - "metadata": { - "description": "The name of the Key Vault secret." - }, - "defaultValue": "[first(split(parameters('daUser_AdminUser'), '@'))]" - }, - "vaultResourceGroupName": { - "type": "string", - "metadata": { - "description": "The name of the resource group that contains the keyvault." - }, - "defaultValue": "[resourceGroup().name]" - }, - "vaultSubscription": { - "type": "string", - "defaultValue": "[subscription().subscriptionId]", - "metadata": { - "description": "The name of the subscription that contains the keyvault." - } - }, - "adds_domainName": { - "type": "string", - "metadata": { - "displayName": "Azure ADDS Domain" - } - }, - "ouPath": { - "type": "string", - "metadata": { - "description": "OUPath for the domain join" - } - }, - "existingVnetName": { - "type": "string", - "metadata": { - "description": "The name of the virtual network the VMs will be connected to." - }, - "defaultValue": "" - }, - "existingSubnetName": { - "type": "string", - "metadata": { - "description": "The subnet the VMs will be placed in." - }, - "defaultValue": "" - }, - "vmSize": { - "type": "string", - "metadata": { - "description": "The size of the Azure VM." - }, - "defaultValue": "" - }, - "vmAdminUsername": { - "type": "string", - "defaultValue": "mgmtvm-admin", - "metadata": { - "description": "The name of the administrator of the management VM. Exclusion list: 'admin','administrator" - } - }, - "virtualNetworkResourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group containing the existing virtual network." - }, - "defaultValue": "[resourceGroup().name]" - }, - "createNetworkSecurityGroup": { - "type": "bool", - "metadata": { - "description": "Whether to create a new network security group or use an existing one" - }, - "defaultValue": false - }, - "usePublicIP": { - "type": "bool", - "metadata": { - "description": "Whether to use a Public IP" - }, - "defaultValue": true - }, - "publicIpAddressSku": { - "type": "string", - "metadata": { - "description": "The sku name of the Public IP" - }, - "allowedValues": [ - "Basic", - "Standard" - ], - "defaultValue": "Basic" - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Location for all resources." - } - }, - "VMUserAssignedIdentity":{ - "type": "string" - } - }, - "variables": { - "storageAccountName": "[concat(uniquestring(resourceGroup().id, deployment().name))]", - "deployment-prefix": "[concat(parameters('resourcePrefix'), '-sharedsvcs')]", - "resourcegroup-name": "[concat(parameters('resourcePrefix'), '-sharedsvcs-rg')]", - "key-vault-name": "[concat(variables('deployment-prefix'), '-kv')]", - "key-vault-resourceID": "[resourceId('Microsoft.KeyVault/vaults', variables('key-vault-name'))]", - "CustomScriptExtensionName": "CreateProfileStoreAndFSLogixPolicy", - "ServerImageOffer": "WindowsServer", - "ServerImagePublisher": "MicrosoftWindowsServer", - "ServerOSVersion": "[parameters('managementVMOSSku')]", - "existingDomainUsername": "[first(split(parameters('daUser_AdminUser'), '@'))]", - "managedDomaintoJoin": "[parameters('adds_domainName')]", - "resourceGroup": "[resourceGroup().name]", - "nicName": "[concat(parameters('resourcePrefix'),parameters('mgmtvmNameStatic'),string('-nic'))]", - "publicIPName": "[concat(parameters('resourcePrefix'),parameters('mgmtvmNameStatic'),string('-pip'))]", - "location": "[parameters('location')]", - "subnetId": "[resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets', parameters('existingVnetName'), parameters('existingSubnetName'))]" - }, - "resources": [ - { - "apiVersion": "2015-06-15", - "type": "Microsoft.Network/publicIPAddresses", - "name": "[variables('publicIPName')]", - "location": "[parameters('location')]", - "properties": { - "publicIPAllocationMethod": "Dynamic", - "dnsSettings": { - "domainNameLabel": "[parameters('dnsLabelPrefix')]" - } - } - }, - { - "apiVersion": "2015-06-15", - "type": "Microsoft.Network/networkInterfaces", - "name": "[variables('nicName')]", - "location": "[parameters('location')]", - "dependsOn": [ - "[concat('Microsoft.Network/publicIPAddresses/', variables('publicIPName'))]" - ], - "properties": { - "ipConfigurations": [ - { - "name": "ipconfig", - "properties": { - "privateIPAllocationMethod": "Dynamic", - "publicIPAddress": { - "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPName'))]" - }, - "subnet": { - "id": "[variables('subnetId')]" - } - } - } - ] - } - }, - { - "type": "Microsoft.Storage/storageAccounts", - "apiVersion": "2019-06-01", - "name": "[variables('storageAccountName')]", - "location": "[parameters('location')]", - "sku": { - "name": "Standard_LRS" - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "MGMTVMdeploy", - "dependsOn": [ - "[resourceId('Microsoft.Storage/storageAccounts',variables('storageAccountName'))]", - "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]" - ], - "properties": { - "mode": "Incremental", - "expressionEvaluationOptions": { - "scope": "inner" - }, - "parameters": { - "resourcePrefix": { - "value": "[parameters('resourcePrefix')]" - }, - "managementVMOSSku": { - "value": "[parameters('managementVMOSSku')]" - }, - "vmname": { - "value": "[parameters('dnsLabelPrefix')]" - }, - "vmSize": { - "value": "[parameters('vmSize')]" - }, - "vaultName": { - "value": "[parameters('vaultName')]" - }, - "KVsecretName": { - "value": "[parameters('KVsecretName')]" - }, - "VMUserAssignedIdentity": { - "value": "[parameters('VMUserAssignedIdentity')]" - }, - "vmAdminUsername": { - "value": "[parameters('vmAdminUsername')]" - }, - "vmAdminPassword": { - "reference": { - "keyVault": { - "id": "[resourceId('Microsoft.KeyVault/vaults', parameters('vaultName'))]" - }, - "secretName": "[parameters('KVsecretName')]" - } - }, - "vmStorageAccountName": { - "value": "[variables('storageAccountName')]" - }, - "mgmtvmNameStatic": { - "value": "[parameters('mgmtvmNameStatic')]" - }, - "dnsLabelPrefix": { - "value": "[parameters('dnsLabelPrefix')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "resourcePrefix": { - "type": "string" - }, - "managementVMOSSku": { - "type": "string" - }, - "vmname": { - "type": "string" - }, - "vmSize": { - "type": "string" - }, - "vaultName": { - "type": "string" - }, - "KVsecretName": { - "type": "string" - }, - "VMUserAssignedIdentity": { - "type": "string" - }, - "vmAdminUsername": { - "type": "string" - }, - "vmAdminPassword": { - "type": "securestring" - }, - "vmStorageAccountName": { - "type": "string" - }, - "mgmtvmNameStatic": { - "type": "string" - }, - "dnsLabelPrefix": { - "type": "string" - } - }, - "variables": { - "imagePublisher": "MicrosoftWindowsServer", - "imageOffer": "WindowsServer", - "windowsOSVersion": "[parameters('managementVMOSSku')]", - "nicName": "[concat(parameters('resourcePrefix'),parameters('mgmtvmNameStatic'),string('-nic'))]" - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2019-07-01", - "name": "[parameters('vmname')]", - "location": "[resourceGroup().location]", - "dependsOn": [], - "identity": { - "type": "userAssigned", - "userAssignedIdentities": { - "[parameters('VMUserAssignedIdentity')]": {} - } - }, - "properties": { - "hardwareProfile": { - "vmSize": "[parameters('vmSize')]" - }, - "osProfile": { - "computerName": "[parameters('dnsLabelPrefix')]", - "adminUsername": "[parameters('vmAdminUsername')]", - "adminPassword": "[parameters('vmAdminPassword')]", - "windowsConfiguration": { - "enableAutomaticUpdates": true - } - }, - "storageProfile": { - "imageReference": { - "publisher": "[variables('imagePublisher')]", - "offer": "[variables('imageOffer')]", - "sku": "[variables('windowsOSVersion')]", - "version": "latest" - }, - "osDisk": { - "createOption": "FromImage", - "name": "[concat(parameters('dnsLabelPrefix'), '-OsDisk')]", - "managedDisk": { - "storageAccountType": "StandardSSD_LRS" - } - }, - "dataDisks": [ - { - "name": "[concat(parameters('dnsLabelPrefix'),'-DataDisk1')]", - "diskSizeGB": 1023, - "lun": 0, - "createOption": "Empty" - } - ] - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]" - } - ] - }, - "diagnosticsProfile": { - "bootDiagnostics": { - "enabled": false, - "storageUri": "[reference(concat('Microsoft.Storage/storageAccounts/', parameters('vmStorageAccountName')), '2015-06-15').primaryEndpoints.blob]" - } - - }, - "licenseType": "Windows_Server" - } - } - ] - } - } - }, - { - "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2019-07-01", - "name": "[concat(parameters('dnsLabelPrefix'),'/', variables('CustomScriptExtensionName'))]", - "location": "[variables('location')]", - "dependsOn": [ - "MGMTVMjoindomain" - ], - "properties": { - "publisher": "Microsoft.Compute", - "type": "CustomScriptExtension", - "typeHandlerVersion": "1.7", - "autoUpgradeMinorVersion": true, - "settings": { - "fileUris": [ - "[parameters('CreateConfigureFileShareAndGPScriptURI')]" - ], - "commandToExecute": "[concat('powershell.exe -ExecutionPolicy Unrestricted -File CreateAADDSFileShare_ConfigureGP.ps1 -ResourceGroupName ', resourceGroup().name , ' -ScriptURI ',parameters('ScriptURI'), ' -AzureStorageFQDN ',parameters('AzureStorageFQDN'), ' -AzureEnvironmentName ',parameters('AzureEnvironmentName'), ' -vmNumberOfInstances ',parameters('avdHostPool_vmNumberOfInstances'), ' -evdvm_name_prefix ',parameters('avdHostPool_vmNamePrefix'), ' -StorageAccountName ',toLower(substring(concat(parameters('resourcePrefix'),uniqueString(subscription().id)), 0, 14)),' -Verbose')]" - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "MGMTVMjoindomain", - "dependsOn": [ - "MGMTVMdeploy" - ], - "properties": { - "mode": "Incremental", - "expressionEvaluationOptions": { - "scope": "inner" - }, - "parameters": { - "location": { - "value": "[parameters('location')]" - }, - "vmname": { - "value": "[parameters('dnsLabelPrefix')]" - }, - "domainToJoin": { - "value": "[variables('managedDomaintoJoin')]" - }, - "mvOUPath": { - "value": "[parameters('ouPath')]" - }, - "mvUser": { - "value": "[parameters('daUser_AdminUser')]" - }, - "kvSub": { - "value": "[parameters('vaultSubscription')]" - }, - "kvRG": { - "value": "[resourceGroup().name]" - }, - "kvName": { - "value": "[parameters('vaultName')]" - }, - "domainadminPassword": { - "reference": { - "keyVault": { - "id": "[resourceId('Microsoft.KeyVault/vaults', parameters('vaultName'))]" - }, - "secretName": "[parameters('KVsecretName')]" - } - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "domainadminPassword": { - "type": "string" - }, - "location": { - "type": "string" - }, - "vmname": { - "type": "string" - }, - "mvOUPath": { - "type": "string" - }, - "mvUser": { - "type": "string" - }, - "kvSub": { - "type": "string" - }, - "kvRG": { - "type": "string" - }, - "kvName": { - "type": "string" - }, - "domainToJoin": { - "type": "string" - } - }, - "variables": {}, - "resources": [ - { - "apiVersion": "2018-10-01", - "type": "Microsoft.Compute/virtualMachines/extensions", - "name": "[concat(parameters('vmname'),'/joindomain')]", - "location": "[parameters('location')]", - "dependsOn": [], - "properties": { - "publisher": "Microsoft.Compute", - "type": "JsonADDomainExtension", - "typeHandlerVersion": "1.3", - "autoUpgradeMinorVersion": true, - "settings": { - "name": "[parameters('domainToJoin')]", - "ouPath": "[parameters('mvOUPath')]", - "user": "[parameters('mvUser')]", - "Restart": "true", - "Options": "3" - - }, - "protectedSettings": { - "password": "[parameters('domainadminPassword')]" - } - } - } - ] - } - } - } - ], - "outputs": { - "Name": { - "type": "string", - "value": "[variables('managedDomaintoJoin')]" - }, - "User": { - "type": "string", - "value": "[variables('existingDomainUsername')]" - }, - "KeyVaultID": { - "type": "string", - "value": "[resourceId('Microsoft.KeyVault/vaults', parameters('vaultName'))]" - } - } -}, - "resourceGroup": "ResourceGroup", - "parameters": { - "adds_domainName": { - "value": "[parameters('adds_domainName')]" - }, - "ouPath": { - "value": "" - }, - "managementVMOSSku": { - "value": "[parameters('managementVMOSSku')]" - }, - "daUser_AdminUser": { - "value": "[parameters('daUser_AdminUser')]" - }, - "resourcePrefix": { - "value": "[parameters('resourcePrefix')]" - }, - "location": { - "value": "[resourceGroup().location]" - }, - "createNetworkSecurityGroup": { - "value": false - }, - "CreateConfigureFileShareAndGPScriptURI": { - "value": "[concat(parameters('ScriptURI'),'/CreateAADDSFileShare_ConfigureGP.ps1')]" - }, - "ScriptURI": { - "value": "[parameters('ScriptURI')]" - }, - "avdHostPool_vmNamePrefix": { - "value": "[parameters('avdHostPool_vmNamePrefix')]" - }, - "AzureEnvironmentName": { - "value": "[parameters('AzureEnvironmentName')]" - }, - "AzureStorageFQDN": { - "value": "[parameters('AzureStorageFQDN')]" - }, - "avdHostPool_vmNumberOfInstances": { - "value": "[parameters('avdHostPool_vmNumberOfInstances')]" - }, - "vmSize": { - "value": "Standard_D2s_v3" - }, - "existingVnetName": { - "value": "[parameters('adds_vnetName')]" - }, - "existingSubnetName": { - "value": "sharedsvcs" - }, - "virtualNetworkResourceGroupName": { - "value": "[resourceGroup().name]" - }, - "usePublicIP": { - "value": true - }, - "VMUserAssignedIdentity":{ - "value": "[parameters('script_executionUserResourceID')]" - } - - } - } -} +{ + "kind": "template", + "type": "Microsoft.Blueprint/blueprints/artifacts", + "name": "Mgmtvm", + "properties": { + "displayName": "Management VM", + "description": "Management VM", + "dependsOn": [ + "avdDeploy", + "dnsSharedSvcs", + "addsDAUser", + "adds", + "avdUsers" + ], + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "resourcePrefix": { + "type": "string", + "metadata": { + "displayName": "Resource Prefix" + } + }, + "key-vault-name": { + "type": "string" + }, + "_artifactsLocationSasToken": { + "type": "securestring", + "metadata": { + "description": "Auto-generated token to access _artifactsLocation. Leave it blank unless you need to provide your own value." + }, + "defaultValue": "" + }, + "baseTime": { + "type": "string", + "defaultValue": "[utcNow('u')]" + }, + "managementVMOSSku": { + "type": "string" + }, + "CreateConfigureFileShareAndGPScriptURI": { + "type": "string" + }, + "ScriptURI": { + "type": "string" + }, + "avdHostpool_vmNamePrefix": { + "type": "string" + }, + "AzureEnvironmentName": { + "type": "string" + }, + "AzureStorageFQDN": { + "type": "string" + }, + "avdHostPool_vmNumberOfInstances": { + "type": "int" + }, + "mgmtvmNameStatic": { + "type": "string", + "defaultValue": "-mgmtvm" + }, + "dnsLabelPrefix": { + "type": "string", + "metadata": { + "description": "Unique public DNS prefix for the deployment. The fqdn will look something like '.westus.cloudapp.azure.com'. Up to 62 chars, digits or dashes, lowercase, should start with a letter: must conform to '^[a-z][a-z0-9-]{1,61}[a-z0-9]$'." + }, + "defaultValue": "[concat(toLower(parameters('resourcePrefix')), parameters('mgmtvmNameStatic'))]" + }, + "daUser_AdminUser": { + "type": "string", + "metadata": { + "description": "An admin account created and added to" + } + }, + "vaultName": { + "type": "string", + "metadata": { + "description": "The name of the keyvault that contains the secret." + }, + "defaultValue": "[concat(parameters('resourcePrefix'),uniqueString(subscription().id))]" + }, + "KVsecretName": { + "type": "string", + "metadata": { + "description": "The name of the Key Vault secret." + }, + "defaultValue": "[first(split(parameters('daUser_AdminUser'), '@'))]" + }, + "vaultResourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group that contains the keyvault." + }, + "defaultValue": "[resourceGroup().name]" + }, + "vaultSubscription": { + "type": "string", + "defaultValue": "[subscription().subscriptionId]", + "metadata": { + "description": "The name of the subscription that contains the keyvault." + } + }, + "adds_domainName": { + "type": "string", + "metadata": { + "displayName": "Azure ADDS Domain" + } + }, + "ouPath": { + "type": "string", + "metadata": { + "description": "OUPath for the domain join" + } + }, + "existingVnetName": { + "type": "string", + "metadata": { + "description": "The name of the virtual network the VMs will be connected to." + }, + "defaultValue": "" + }, + "existingSubnetName": { + "type": "string", + "metadata": { + "description": "The subnet the VMs will be placed in." + }, + "defaultValue": "" + }, + "vmSize": { + "type": "string", + "metadata": { + "description": "The size of the Azure VM." + }, + "defaultValue": "" + }, + "vmAdminUsername": { + "type": "string", + "defaultValue": "mgmtvm-admin", + "metadata": { + "description": "The name of the administrator of the management VM. Exclusion list: 'admin','administrator" + } + }, + "virtualNetworkResourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group containing the existing virtual network." + }, + "defaultValue": "[resourceGroup().name]" + }, + "createNetworkSecurityGroup": { + "type": "bool", + "metadata": { + "description": "Whether to create a new network security group or use an existing one" + }, + "defaultValue": false + }, + "usePublicIP": { + "type": "bool", + "metadata": { + "description": "Whether to use a Public IP" + }, + "defaultValue": true + }, + "publicIpAddressSku": { + "type": "string", + "metadata": { + "description": "The sku name of the Public IP" + }, + "allowedValues": [ + "Basic", + "Standard" + ], + "defaultValue": "Basic" + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Location for all resources." + } + }, + "VMUserAssignedIdentity":{ + "type": "string" + } + }, + "variables": { + "storageAccountName": "[concat(uniquestring(resourceGroup().id, deployment().name))]", + "deployment-prefix": "[concat(parameters('resourcePrefix'), '-sharedsvcs')]", + "resourcegroup-name": "[concat(parameters('resourcePrefix'), '-sharedsvcs-rg')]", + "key-vault-name": "[parameters('key-vault-name')]", + "key-vault-resourceID": "[resourceId('Microsoft.KeyVault/vaults', variables('key-vault-name'))]", + "CustomScriptExtensionName": "CreateProfileStoreAndFSLogixPolicy", + "ServerImageOffer": "WindowsServer", + "ServerImagePublisher": "MicrosoftWindowsServer", + "ServerOSVersion": "[parameters('managementVMOSSku')]", + "existingDomainUsername": "[first(split(parameters('daUser_AdminUser'), '@'))]", + "managedDomaintoJoin": "[parameters('adds_domainName')]", + "windowsOSVersion": "[parameters('managementVMOSSku')]", + "resourceGroup": "[resourceGroup().name]", + "nicName": "[concat(parameters('resourcePrefix'),parameters('mgmtvmNameStatic'),string('-nic'))]", + "publicIPName": "[concat(parameters('resourcePrefix'),parameters('mgmtvmNameStatic'),string('-pip'))]", + "location": "[parameters('location')]", + "subnetId": "[resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets', parameters('existingVnetName'), parameters('existingSubnetName'))]" + }, + "resources": [ + { + "apiVersion": "2015-06-15", + "type": "Microsoft.Network/publicIPAddresses", + "name": "[variables('publicIPName')]", + "location": "[parameters('location')]", + "properties": { + "publicIPAllocationMethod": "Dynamic", + "dnsSettings": { + "domainNameLabel": "[parameters('dnsLabelPrefix')]" + } + } + }, + { + "apiVersion": "2015-06-15", + "type": "Microsoft.Network/networkInterfaces", + "name": "[variables('nicName')]", + "location": "[parameters('location')]", + "dependsOn": [ + "[concat('Microsoft.Network/publicIPAddresses/', variables('publicIPName'))]" + ], + "properties": { + "ipConfigurations": [ + { + "name": "ipconfig", + "properties": { + "privateIPAllocationMethod": "Dynamic", + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPName'))]" + }, + "subnet": { + "id": "[variables('subnetId')]" + } + } + } + ] + } + }, + { + "type": "Microsoft.Storage/storageAccounts", + "apiVersion": "2019-06-01", + "name": "[variables('storageAccountName')]", + "location": "[parameters('location')]", + "sku": { + "name": "Standard_LRS" + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "MGMTVMdeploy", + "dependsOn": [ + "[resourceId('Microsoft.Storage/storageAccounts',variables('storageAccountName'))]", + "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]" + ], + "properties": { + "mode": "Incremental", + "expressionEvaluationOptions": { + "scope": "inner" + }, + "parameters": { + "resourcePrefix": { + "value": "[parameters('resourcePrefix')]" + }, + "managementVMOSSku": { + "value": "[parameters('managementVMOSSku')]" + }, + "vmname": { + "value": "[parameters('dnsLabelPrefix')]" + }, + "vmSize": { + "value": "[parameters('vmSize')]" + }, + "vaultName": { + "value": "[parameters('vaultName')]" + }, + "KVsecretName": { + "value": "[parameters('KVsecretName')]" + }, + "VMUserAssignedIdentity": { + "value": "[parameters('VMUserAssignedIdentity')]" + }, + "vmAdminUsername": { + "value": "[parameters('vmAdminUsername')]" + }, + "vmAdminPassword": { + "reference": { + "keyVault": { + "id": "[resourceId('Microsoft.KeyVault/vaults', parameters('vaultName'))]" + }, + "secretName": "[parameters('KVsecretName')]" + } + }, + "vmStorageAccountName": { + "value": "[variables('storageAccountName')]" + }, + "mgmtvmNameStatic": { + "value": "[parameters('mgmtvmNameStatic')]" + }, + "dnsLabelPrefix": { + "value": "[parameters('dnsLabelPrefix')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "resourcePrefix": { + "type": "string" + }, + "managementVMOSSku": { + "type": "string" + }, + "vmname": { + "type": "string" + }, + "vmSize": { + "type": "string" + }, + "vaultName": { + "type": "string" + }, + "KVsecretName": { + "type": "string" + }, + "VMUserAssignedIdentity": { + "type": "string" + }, + "vmAdminUsername": { + "type": "string" + }, + "vmAdminPassword": { + "type": "securestring" + }, + "vmStorageAccountName": { + "type": "string" + }, + "mgmtvmNameStatic": { + "type": "string" + }, + "dnsLabelPrefix": { + "type": "string" + } + }, + "variables": { + "imagePublisher": "MicrosoftWindowsServer", + "imageOffer": "WindowsServer", + "windowsOSVersion": "[parameters('managementVMOSSku')]", + "nicName": "[concat(parameters('resourcePrefix'),parameters('mgmtvmNameStatic'),string('-nic'))]" + }, + "resources": [ + { + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "2019-07-01", + "name": "[parameters('vmname')]", + "location": "[resourceGroup().location]", + "dependsOn": [], + "identity": { + "type": "userAssigned", + "userAssignedIdentities": { + "[parameters('VMUserAssignedIdentity')]": {} + } + }, + "properties": { + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "osProfile": { + "computerName": "[parameters('dnsLabelPrefix')]", + "adminUsername": "[parameters('vmAdminUsername')]", + "adminPassword": "[parameters('vmAdminPassword')]", + "windowsConfiguration": { + "enableAutomaticUpdates": true + } + }, + "storageProfile": { + "imageReference": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "[parameters('managementVMOSSku')]", + "version": "latest" + }, + "osDisk": { + "createOption": "FromImage", + "name": "[concat(parameters('dnsLabelPrefix'), '-OsDisk')]", + "managedDisk": { + "storageAccountType": "StandardSSD_LRS" + } + }, + "dataDisks": [ + { + "name": "[concat(parameters('dnsLabelPrefix'),'-DataDisk1')]", + "diskSizeGB": 1023, + "lun": 0, + "createOption": "Empty" + } + ] + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]" + } + ] + }, + "diagnosticsProfile": { + "bootDiagnostics": { + "enabled": false, + "storageUri": "[reference(concat('Microsoft.Storage/storageAccounts/', parameters('vmStorageAccountName')), '2015-06-15').primaryEndpoints.blob]" + } + + }, + "licenseType": "Windows_Server" + } + } + ] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2019-07-01", + "name": "[concat(parameters('dnsLabelPrefix'),'/', variables('CustomScriptExtensionName'))]", + "location": "[variables('location')]", + "dependsOn": [ + "MGMTVMjoindomain" + ], + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.7", + "autoUpgradeMinorVersion": true, + "settings": { + "fileUris": [ + "[parameters('CreateConfigureFileShareAndGPScriptURI')]" + ], + "commandToExecute": "[concat('powershell.exe -ExecutionPolicy Unrestricted -File CreateAADDSFileShare_ConfigureGP.ps1 -ResourceGroupName ', resourceGroup().name , ' -ScriptURI ',parameters('ScriptURI'), ' -keyvaultname ',parameters('key-vault-name'), ' -AzureStorageFQDN ',parameters('AzureStorageFQDN'), ' -AzureEnvironmentName ',parameters('AzureEnvironmentName'), ' -vmNumberOfInstances ',parameters('avdHostPool_vmNumberOfInstances'), ' -evdvm_name_prefix ',parameters('avdHostPool_vmNamePrefix'), ' -StorageAccountName ',toLower(substring(concat(parameters('resourcePrefix'),uniqueString(subscription().id)), 0, 14)),' -Verbose')]" + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "MGMTVMjoindomain", + "dependsOn": [ + "MGMTVMdeploy" + ], + "properties": { + "mode": "Incremental", + "expressionEvaluationOptions": { + "scope": "inner" + }, + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "vmname": { + "value": "[parameters('dnsLabelPrefix')]" + }, + "domainToJoin": { + "value": "[variables('managedDomaintoJoin')]" + }, + "mvOUPath": { + "value": "[parameters('ouPath')]" + }, + "mvUser": { + "value": "[parameters('daUser_AdminUser')]" + }, + "kvSub": { + "value": "[parameters('vaultSubscription')]" + }, + "kvRG": { + "value": "[resourceGroup().name]" + }, + "kvName": { + "value": "[parameters('vaultName')]" + }, + "domainadminPassword": { + "reference": { + "keyVault": { + "id": "[resourceId('Microsoft.KeyVault/vaults', parameters('vaultName'))]" + }, + "secretName": "[parameters('KVsecretName')]" + } + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "domainadminPassword": { + "type": "string" + }, + "location": { + "type": "string" + }, + "vmname": { + "type": "string" + }, + "mvOUPath": { + "type": "string" + }, + "mvUser": { + "type": "string" + }, + "kvSub": { + "type": "string" + }, + "kvRG": { + "type": "string" + }, + "kvName": { + "type": "string" + }, + "domainToJoin": { + "type": "string" + } + }, + "variables": {}, + "resources": [ + { + "apiVersion": "2018-10-01", + "type": "Microsoft.Compute/virtualMachines/extensions", + "name": "[concat(parameters('vmname'),'/joindomain')]", + "location": "[parameters('location')]", + "dependsOn": [], + "properties": { + "publisher": "Microsoft.Compute", + "type": "JsonADDomainExtension", + "typeHandlerVersion": "1.3", + "autoUpgradeMinorVersion": true, + "settings": { + "name": "[parameters('domainToJoin')]", + "ouPath": "[parameters('mvOUPath')]", + "user": "[parameters('mvUser')]", + "Restart": "true", + "Options": "3" + + }, + "protectedSettings": { + "password": "[parameters('domainadminPassword')]" + } + } + } + ] + } + } + } + ], + "outputs": { + "Name": { + "type": "string", + "value": "[variables('managedDomaintoJoin')]" + }, + "User": { + "type": "string", + "value": "[variables('existingDomainUsername')]" + }, + "KeyVaultID": { + "type": "string", + "value": "[resourceId('Microsoft.KeyVault/vaults', parameters('vaultName'))]" + } + } +}, + "resourceGroup": "ResourceGroup", + "parameters": { + "adds_domainName": { + "value": "[parameters('adds_domainName')]" + }, + "key-vault-name": { + "value": "[parameters('key-vault-name')]" + }, + "ouPath": { + "value": "" + }, + "managementVMOSSku": { + "value": "[parameters('managementVMOSSku')]" + }, + "daUser_AdminUser": { + "value": "[parameters('daUser_AdminUser')]" + }, + "resourcePrefix": { + "value": "[parameters('resourcePrefix')]" + }, + "location": { + "value": "[resourceGroup().location]" + }, + "createNetworkSecurityGroup": { + "value": false + }, + "CreateConfigureFileShareAndGPScriptURI": { + "value": "[concat(parameters('ScriptURI'),'/CreateAADDSFileShare_ConfigureGP.ps1')]" + }, + "ScriptURI": { + "value": "[parameters('ScriptURI')]" + }, + "avdHostPool_vmNamePrefix": { + "value": "[parameters('avdHostPool_vmNamePrefix')]" + }, + "AzureEnvironmentName": { + "value": "[parameters('AzureEnvironmentName')]" + }, + "AzureStorageFQDN": { + "value": "[parameters('AzureStorageFQDN')]" + }, + "managementVMOSSku": { + "value": "[parameters('managementVMOSSku')]" + }, + "avdHostPool_vmNumberOfInstances": { + "value": "[parameters('avdHostPool_vmNumberOfInstances')]" + }, + "vmSize": { + "value": "Standard_D2s_v3" + }, + "existingVnetName": { + "value": "[parameters('adds_vnetName')]" + }, + "existingSubnetName": { + "value": "sharedsvcs" + }, + "virtualNetworkResourceGroupName": { + "value": "[resourceGroup().name]" + }, + "usePublicIP": { + "value": true + }, + "VMUserAssignedIdentity":{ + "value": "[parameters('script_executionUserResourceID')]" + } + + } + } +} diff --git a/Blueprint/Artifacts/addsDAUser.json b/Blueprint/Artifacts/addsDAUser.json index bfae29f..d810f13 100644 --- a/Blueprint/Artifacts/addsDAUser.json +++ b/Blueprint/Artifacts/addsDAUser.json @@ -28,6 +28,9 @@ "script_executionUserResourceID": { "type": "string" }, + "key-vault-name": { + "type": "string" + }, "ad_usernameUPN": { "type": "string", "metadata": { @@ -75,7 +78,6 @@ }, "variables": { "deployment-prefix": "[concat(parameters('resourcePrefix'), '-sharedsvcs')]", - "key-vault-name": "[concat(variables('deployment-prefix'), '-kv')]", "username": "[first(split(parameters('ad_usernameUPN'), '@'))]", "domainadmin_secret_value": "[concat(toUpper(uniqueString(parameters('secret-unique-value1'))), uniqueString(parameters('secret-unique-value2')), toLower(uniqueString(parameters('secret-unique-value3'))), '!')]", "domainadmin_group": "AAD DC Administrators", @@ -84,12 +86,12 @@ "resources": [ { "type": "Microsoft.KeyVault/vaults/secrets", - "name": "[concat(variables('key-vault-name'), '/', variables('username'))]", + "name": "[concat(parameters('key-vault-name'), '/', variables('username'))]", "apiVersion": "2019-09-01", "properties": { "value": "[variables('domainadmin_secret_value')]", "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults', variables('key-vault-name'))]" + "[resourceId('Microsoft.KeyVault/vaults', parameters('key-vault-name'))]" ] } }, @@ -99,7 +101,7 @@ "name": "createDAUser", "location": "[resourceGroup().location]", "dependsOn": [ - "[resourceId('Microsoft.KeyVault/vaults/secrets', variables('key-vault-name'), variables('username'))]" + "[resourceId('Microsoft.KeyVault/vaults/secrets', parameters('key-vault-name'), variables('username'))]" ], "kind": "AzurePowerShell", "identity": { @@ -111,7 +113,7 @@ "properties": { "forceUpdateTag": "[parameters('utcValue')]", "azPowerShellVersion": "5.4", - "arguments": "[concat('-displayName', ' ', variables('username'), ' ', '-userPrincipalName', ' ', parameters('ad_usernameUPN'), ' ', '-keyvault', ' ', variables('key-vault-name'), ' ','-forcePasswordChange', ' ', variables('forcePasswordChange'))]", + "arguments": "[concat('-displayName', ' ', variables('username'), ' ', '-userPrincipalName', ' ', parameters('ad_usernameUPN'), ' ', '-keyvault', ' ', parameters('key-vault-name'), ' ','-forcePasswordChange', ' ', variables('forcePasswordChange'))]", "primaryScriptUri": "[parameters('addADUserScriptURI')]", "timeout": "PT4H", "cleanupPreference": "OnSuccess", @@ -152,6 +154,9 @@ "resourcePrefix": { "value": "[parameters('resourcePrefix')]" }, + "key-vault-name": { + "value": "[parameters('key-vault-name')]" + }, "addADUserScriptURI": { "value": "[concat(parameters('scriptURI'),'/addADuser.ps1')]" }, diff --git a/Blueprint/Artifacts/avdDeploy.json b/Blueprint/Artifacts/avdDeploy.json index 84ea98c..ebf06d2 100644 --- a/Blueprint/Artifacts/avdDeploy.json +++ b/Blueprint/Artifacts/avdDeploy.json @@ -20,10 +20,13 @@ "displayName": "Resource Prefix" } }, + "key-vault-name": { + "type": "string" + }, "baseTime":{ "type":"string", "defaultValue": "[utcNow('u')]" - }, + }, "nestedTemplatesLocation": { "type": "string", "metadata": { @@ -506,13 +509,12 @@ }, "variables": { "deployment-prefix": "[concat(parameters('resourcePrefix'), '-sharedsvcs')]", - "key-vault-name": "[concat(variables('deployment-prefix'), '-kv')]", "createVMs": "[greater(parameters('avdHostPool_vmNumberOfInstances'),0)]", "rdshManagedDisks": "[if(equals(parameters('vmImageType'), 'CustomVHD'), parameters('vmUseManagedDisks'), bool('true'))]", "rdshPrefix": "[parameters('vmNamePrefix')]", "avSetSKU": "[if(variables('rdshManagedDisks'), 'Aligned', 'Classic')]", "existingDomainUsername": "[first(split(parameters('administratorAccountUsername'), '@'))]", - "key-vault-resourceID": "[resourceId('Microsoft.KeyVault/vaults', variables('key-vault-name'))]", + "key-vault-resourceID": "[resourceId('Microsoft.KeyVault/vaults', parameters('key-vault-name'))]", "vhds": "[concat('vhds','/', variables('rdshPrefix'))]", "subnet-id": "[resourceId(parameters('virtualNetworkResourceGroupName'),'Microsoft.Network/virtualNetworks/subnets',parameters('existingVnetName'), parameters('existingSubnetName'))]", "resourceGroup": "[resourceGroup().name]", @@ -694,7 +696,7 @@ "administratorAccountPassword": { "reference": { "keyVault": { - "id": "[resourceId('Microsoft.KeyVault/vaults', variables('key-vault-name'))]" + "id": "[resourceId('Microsoft.KeyVault/vaults', parameters('key-vault-name'))]" }, "secretName": "[variables('existingDomainUsername')]" } @@ -771,7 +773,10 @@ "parameters": { "resourcePrefix": { "value": "[parameters('resourcePrefix')]" - }, + }, + "key-vault-name": { + "value": "[parameters('key-vault-name')]" + }, "artifactsLocation": { "value": "https://wvdportalstorageblob.blob.core.windows.net/galleryartifacts/Configuration_7-20-2020.zip" }, diff --git a/Blueprint/Artifacts/avdUsers.json b/Blueprint/Artifacts/avdUsers.json index 89f514d..c2aab6d 100644 --- a/Blueprint/Artifacts/avdUsers.json +++ b/Blueprint/Artifacts/avdUsers.json @@ -18,11 +18,14 @@ "displayName": "Resource Group and Resource identifier. String to be used as prefix to all Resource Group and Resource names." } }, + "key-vault-name": { + "type": "string" + }, "aad_avduserGroup": { "type": "string", "metadata": { "displayName": "AAD AVD Test Users Group" - }, + }, "defaultValue": "AVD Users" }, "createAVDUserScriptURI": { @@ -94,7 +97,7 @@ }, "variables": { "deployment-prefix": "[concat(parameters('resourcePrefix'), '-sharedsvcs')]", - "key-vault-name": "[concat(variables('deployment-prefix'), '-kv')]", + "key-vault-name": "[parameters('key-vault-name')]", "hostpoolName": "[replace(parameters('hostpoolName'),'\"','')]", "pw_secret_value": "[concat(toUpper(uniqueString(parameters('secret-unique-value1'))), uniqueString(parameters('secret-unique-value2')), toLower(uniqueString(parameters('secret-unique-value3'))), '!')]", "forcePasswordChange": true, @@ -155,6 +158,9 @@ "resourcePrefix": { "value": "[parameters('resourcePrefix')]" }, + "key-vault-name": { + "value": "[parameters('key-vault-name')]" + }, "domainName": { "value": "[parameters('adds_domainName')]" }, diff --git a/Blueprint/Artifacts/keyvault.json b/Blueprint/Artifacts/keyvault.json index 4c63176..3931358 100644 --- a/Blueprint/Artifacts/keyvault.json +++ b/Blueprint/Artifacts/keyvault.json @@ -18,6 +18,9 @@ "displayName": "Resource Group and Resource identifier. String to be used as prefix to all Resource Group and Resource names." } }, + "key-vault-name": { + "type": "string" + }, "keyvault_ownerUserObjectID": { "type": "string", "metadata": { @@ -85,7 +88,7 @@ }, "variables": { "deployment-prefix": "[concat(parameters('resourcePrefix'), '-sharedsvcs')]", - "key-vault-name": "[concat(variables('deployment-prefix'), '-kv')]", + "key-vault-name": "[parameters('key-vault-name')]", "enable-vault-for-deployment": true, "enable-vault-for-templateDeployment": true, "enable-vault-for-diskEncryption": true, @@ -229,6 +232,9 @@ "resourcePrefix": { "value": "[parameters('resourcePrefix')]" }, + "key-vault-name": { + "value": "[parameters('key-vault-name')]" + }, "keyvault_ownerUserObjectID": { "value": "[parameters('keyvault_ownerUserObjectID')]" }, diff --git a/Blueprint/Blueprint.json b/Blueprint/Blueprint.json index f7b69ca..6c8c5ef 100644 --- a/Blueprint/Blueprint.json +++ b/Blueprint/Blueprint.json @@ -1,470 +1,456 @@ -{ - "type": "Microsoft.Blueprint/blueprints", - "name": "AVD Blueprint", - "properties": { - "targetScope": "subscription", - "parameters": { - "avdUsers_userPrefix": { - "type": "string", - "metadata": { - "displayName": "Test User prefix", - "description": "Username prefix. A number will be added to the end of this value." - }, - "defaultValue": "user" - }, - "avdUsers_userCount": { - "type": "int", - "metadata": { - "displayName": "Total AVD users to create.", - "description": "Total Number of AVD users to create." - }, - "defaultValue": 10 - }, - "avdHostPool_vmNumberOfInstances": { - "type": "int", - "metadata": { - "displayName": "AVD VMs to create.", - "description": "Total Number of AVD virtual machines to create." - }, - "defaultValue": 2 - }, - "avdHostPool_vmSize": { - "type": "string", - "metadata": { - "displayName": "Azure VM size of the session host(s).", - "description": "The size of the Azure VM used when session hosts are created." - }, - "defaultValue": "Standard_D4s_v3" - }, - "avdHostPool_loadBalancerType": { - "type": "string", - "metadata": { - "displayName": "The host pool session balancing method.", - "description": "The method of balancing user session load on session hosts, in the host pool (wide vs. deep)" - }, - "AllowedValues": [ - "DepthFirst", - "BreadthFirst", - "Persistent" - ], - "defaultValue": "BreadthFirst" - }, - "avdHostPool_HostPoolType": { - "type": "string", - "allowedValues": [ - "Personal", - "Pooled" - ], - "metadata": { - "description": "Set this parameter to Personal if you would like to enable Persistent Desktop experience. Defaults to false." - }, - "defaultValue": "Pooled" - }, - "avdHostPool_maxSessionLimit": { - "type": "int", - "metadata": { - "displayName": "User session limit per session host, in the host pool", - "description": "The maximum number of user sessions per session host in the host pool" - }, - "defaultValue": 40 - }, - "adds_domainName": { - "type": "string", - "metadata": { - "displayName": "Azure ADDS Domain" - } - }, - "adds_vnetName": { - "type": "string", - "metadata": { - "displayName": "Azure ADDS vNet" - }, - "defaultValue": "[concat(parameters('resourcePrefix'), '-sharedsvcs-vnet')]", - "allowedValues": [] - }, - "script_executionUserResourceID": { - "type": "string", - "metadata": { - "displayName": "Deployment Script Managed Identity Resource ID", - "description": "Resource ID for the Managed Identity that will execute embedded deployment scripts." - } - }, - "scriptExecutionUserObjectID": { - "type": "string", - "metadata": { - "displayName": "Deployment Script Managed Identity Object ID", - "description": "Object ID for the Managed Identity that will execute embedded deployment scripts." - } - }, - "keyvault_ownerUserObjectID": { - "type": "string", - "metadata": { - "displayName": "Keyvault Owner User Object ID", - "description": "Object ID of the Global Administrator account used to initiate this blueprint assignment" - } - }, - "resourcePrefix": { - "type": "string", - "metadata": { - "displayName": "Resource Prefix" - }, - "defaultValue": "AVD" - }, - "scriptURI": { - "type": "string", - "metadata": { - "displayName": "Script URI", - "description": "URI where Powershell scripts executed by the blueprint are located." - }, - "defaultValue": "https://raw.githubusercontent.com/Azure/AVDBlueprint/main/scripts" - }, - "AzureEnvironmentName": { - "type": "string", - "metadata": { - "displayName": "Azure Environment Name", - "description": "URI where Powershell scripts executed by the blueprint are located." - }, - "defaultValue": "AzureCloud", - "allowedValues": ["AzureCloud", "AzureUSGovernment"] - }, - "AzureStorageFQDN": { - "type": "string", - "metadata": { - "displayName": "Azure Files public endpoint", - "description": "URI where Powershell scripts executed by the blueprint are located." - }, - "defaultValue": "file.core.windows.net", - "allowedValues": ["file.core.windows.net", "file.core.usgovcloudapi.net"] - }, - "managementVMOSSku": { - "type": "string", - "metadata": { - "displayName": "Management VM OS Sku", - "description": "The Windows Sku of the VM used to manage AAD DS" - }, - "defaultValue": "2022-datacenter", - }, - "avdHostPool_CreateAvailabilitySet": { - "type": "bool", - "metadata": { - "displayName": "Create VM Availability Set", - "description": "Yes/No to create an availability set for the session host VMs" - }, - "defaultValue": true, - "allowedValues": [ - true, - false - ] - }, - "availabilityOption": { - "type": "string", - "metadata": { - "description": "Select the availability options for the VMs." - }, - "defaultValue": "AvailabilitySet", - "allowedValues": [ - "None", "AvailabilitySet", "AvailabilityZone" - ] - }, - "availabilitySetName": { - "type": "string", - "metadata": { - "description": "The name of availability set to be used when creating the VMs." - }, - "defaultValue": "[concat(parameters('resourcePrefix'), '-AvailabilitySet')]" - }, - "availabilitySetUpdateDomainCount": { - "type": "int", - "metadata": { - "description": "The platform update domain count of availability set to be created." - }, - "defaultValue": 5, - "allowedValues": [ - 1, - 2, - 3, - 4, - 5, - 6, - 7, - 8, - 9, - 10, - 11, - 12, - 13, - 14, - 15, - 16, - 17, - 18, - 19, - 20 - ] - }, - "availabilitySetFaultDomainCount": { - "type": "int", - "metadata": { - "description": "The platform fault domain count of availability set to be created." - }, - "defaultValue": 2, - "allowedValues": [ - 1, - 2, - 3 - ] - }, - "log-analytics_service-tier": { - "type": "string", - "metadata": { - "displayName": "Service tier", - "description": "Log Analytics Service tier: Free, Standalone, PerNode or PerGB2018." - }, - "defaultValue": "PerNode", - "allowedValues": ["Free", "Standalone", "PerNode", "PerGB2018"] - }, - "log-analytics_data-retention": { - "type": "int", - "metadata": { - "displayName": "Log retention in days", - "description": "Number of days data will be retained." - }, - "defaultValue": 365, - "allowedValues": [] - }, - "logsRetentionInDays": { - "type": "int", - "defaultValue": 365, - "minValue": 0, - "maxValue": 365, - "metadata": { - "displayName": "Log retention in days", - "description": "Specifies the number of days (0-365) that logs will be kept. A value of '0' will retain logs indefinitely" - } - }, - "vnet_vnet-address-prefix": { - "type": "string", - "metadata": { - "displayName": "Address prefix of the vnet created by the AVD Blueprint." - }, - "defaultValue": "10.0.0.0/16", - "allowedValues": [] - }, - "vnetEnableDdosProtection": { - "type": "Bool", - "metadata": { - "displayName": "Enable Virtual Network DDoS protection", - "description": "Determines whether or not DDoS Protection is enabled in the Virtual Network." - }, - "defaultValue": false - }, - "vnet_sharedsvcs-subnet-address-prefix": { - "type": "string", - "metadata": { - "displayName": "Shared services subnet address prefix", - "description": "Shared services subnet address prefix." - }, - "defaultValue": "10.0.0.0/24", - "allowedValues": [] - }, - "vnet_adds-subnet-address-prefix": { - "type": "string", - "metadata": { - "displayName": "Azure ADDS subnet address prefix", - "description": "Subnet for Azure ADDS." - }, - "defaultValue": "10.0.6.0/24", - "allowedValues": [] - }, - "daUser_AdminUser": { - "type": "string", - "metadata": { - "displayName": "Admin User UPN", - "description": "This account will be a member of AAD DC Administrators and local admin on deployed VMs." - }, - "defaultValue": "[concat( 'domainadmin@', parameters('adds_domainName'))]" - }, - "avdHostPool_hostpoolname": { - "type": "string", - "metadata": { - "displayName": "AVD Hostpool Name" - }, - "defaultValue": "[concat(parameters('resourcePrefix'), '-avd-hp')]" - }, - "avdHostPool_workspaceName": { - "type": "string", - "metadata": { - "displayName": "AVD Workspace Name" - }, - "defaultValue": "[concat(parameters('resourcePrefix'), '-avd-ws')]" - }, - "avdHostPool_hostpoolDescription": { - "type": "string", - "metadata": { - "displayName": "AVD Hostpool Description" - }, - "defaultValue": "A collection of session hosts, running as virtual machines in Azure, and registered to the Azure Virtual Desktop service" - }, - "avdHostPool_vmNamePrefix": { - "type": "string", - "metadata": { - "displayName": "VM Prefix", - "description": "Prefix added to each AVD session host name." - }, - "defaultValue": "[concat(parameters('resourcePrefix'), 'VM')]" - }, - "avdHostPool_vmGalleryImageOffer": { - "type": "string", - "allowedValues": [ - "windows-10", - "office-365" - ], - "metadata": { - "displayName": "Gallery Image Offer" - }, - "defaultValue": "office-365" - }, - "avdHostPool_vmGalleryImagePublisher": { - "type": "string", - "metadata": { - "displayName": "Gallery Image Publisher" - }, - "defaultValue": "MicrosoftWindowsDesktop" - }, - "avdHostPool_vmGalleryImageSKU": { - "type": "string", - "allowedValues": [ - "19h2-evd-o365pp", - "19h2-evd-o365pp-g2", - "20h1-evd-o365pp", - "20h1-evd-o365pp-g2", - "20h2-evd-o365pp", - "20h2-evd-o365pp-g2", - "21h1-evd-o365pp", - "21h1-evd-o365pp-g2", - "19h2-evd", - "19h2-evd-g2", - "20h1-evd", - "20h1-evd-g2", - "20h2-evd", - "20h2-evd-g2", - "21h1-evd", - "21h1-evd-g2" - ], - "metadata": { - "displayName": "Azure Gallery image SKU", - "description": "20h1=2004, 20h2=2009, 21h1=21h1" - }, - "defaultValue": "21h1-evd-o365pp" - }, - "avdHostPool_vmImageType": { - "type": "string", - "metadata": { - "description": "Select the image source for the session host vms. VMs from a Gallery image will be created with Managed Disks." - }, - "defaultValue": "Gallery", - "allowedValues": [ - "CustomVHD", - "CustomImage", - "Gallery", - "Disk" - ] - }, - "avdHostPool_vmDiskType": { - "type": "string", - "metadata": { - "displayName": "VM Image Type" - }, - "defaultValue": "StandardSSD_LRS" - }, - "avdHostPool_vmUseManagedDisks": { - "type": "bool", - "metadata": { - "displayName": "Use Managed Disks" - }, - "defaultValue": true - }, - "avdHostPool_allApplicationGroupReferences": { - "type": "string", - "metadata": { - "displayName": "allApplicationGroupReferences (AVDHostpool)", - "description": "The existing app groups references of the workspace selected." - }, - "defaultValue": "", - "allowedValues": [] - }, - "avdHostPool_vmImageVhdUri": { - "type": "string", - "metadata": { - "displayName": "vmImageVhdUri (AVDHostpool)", - "description": "(Required when vmImageType = CustomVHD) URI of the sysprepped image vhd file to be used to create the session host VMs. For example, https://rdsstorage.blob.core.windows.net/vhds/sessionhostimage.vhd" - }, - "defaultValue": "", - "allowedValues": [] - }, - "avdHostPool_vmCustomImageSourceId": { - "type": "string", - "metadata": { - "displayName": "vmCustomImageSourceId (AVDHostpool)", - "description": "(Required when vmImageType = CustomImage) Resource ID of the image." - }, - "defaultValue": "", - "allowedValues": [] - }, - "avdHostPool_networkSecurityGroupId": { - "type": "string", - "metadata": { - "displayName": "networkSecurityGroupId (AVDHostpool)", - "description": "The resource ID of an existing network security group." - }, - "defaultValue": "", - "allowedValues": [] - }, - "avdHostPool_personalDesktopAssignmentType": { - "type": "string", - "metadata": { - "displayName": "personalDesktopAssignmentType (AVDHostpool)", - "description": "Set the type of assignment for a Personal hostpool type" - }, - "defaultValue": "Automatic", - "allowedValues": ["Automatic", "Direct", ""] - }, - "avdHostPool_customRdpProperty": { - "type": "string", - "metadata": { - "displayName": "customRdpProperty (AVDHostpool)", - "description": "Hostpool RDP properties." - }, - "defaultValue": "", - "allowedValues": [] - }, - "avdHostPool_deploymentId": { - "type": "string", - "metadata": { - "displayName": "deploymentId (AVDHostpool)", - "description": "GUID for the deployment" - }, - "defaultValue": "", - "allowedValues": [] - }, - "avdHostPool_ouPath": { - "type": "string", - "metadata": { - "displayName": "ouPath (AVDHostpool)", - "description": "OUPath for the domain join" - }, - "defaultValue": "", - "allowedValues": [] - } - }, - "resourceGroups": { - "ResourceGroup": { - "name": "[concat(parameters('resourcePrefix'),'-sharedsvcs-rg')]", - "metadata": { - "displayName": "Shared Services resource group" - }, - "dependsOn": [] - } - } - } -} +{ + "type": "Microsoft.Blueprint/blueprints", + "name": "AVD Blueprint", + "properties": { + "targetScope": "subscription", + "parameters": { + "avdUsers_userPrefix": { + "type": "string", + "metadata": { + "displayName": "Test User prefix", + "description": "Username prefix. A number will be added to the end of this value." + }, + "defaultValue": "user" + }, + "avdUsers_userCount": { + "type": "int", + "metadata": { + "displayName": "Total AVD users to create.", + "description": "Total Number of AVD users to create." + }, + "defaultValue": 10 + }, + "avdHostPool_vmNumberOfInstances": { + "type": "int", + "metadata": { + "displayName": "AVD VMs to create.", + "description": "Total Number of AVD virtual machines to create." + }, + "defaultValue": 2 + }, + "avdHostPool_vmSize": { + "type": "string", + "metadata": { + "displayName": "Azure VM size of the session host(s).", + "description": "The size of the Azure VM used when session hosts are created." + }, + "defaultValue": "Standard_D4s_v3" + }, + "avdHostPool_loadBalancerType": { + "type": "string", + "metadata": { + "displayName": "The host pool session balancing method.", + "description": "The method of balancing user session load on session hosts, in the host pool (wide vs. deep)" + }, + "AllowedValues": [ + "DepthFirst", + "BreadthFirst", + "Persistent" + ], + "defaultValue": "BreadthFirst" + }, + "avdHostPool_HostPoolType": { + "type": "string", + "allowedValues": [ + "Personal", + "Pooled" + ], + "metadata": { + "description": "Set this parameter to Personal if you would like to enable Persistent Desktop experience. Defaults to false." + }, + "defaultValue": "Pooled" + }, + "avdHostPool_maxSessionLimit": { + "type": "int", + "metadata": { + "displayName": "User session limit per session host, in the host pool", + "description": "The maximum number of user sessions per session host in the host pool" + }, + "defaultValue": 40 + }, + "adds_domainName": { + "type": "string", + "metadata": { + "displayName": "Azure ADDS Domain" + } + }, + "adds_vnetName": { + "type": "string", + "metadata": { + "displayName": "Azure ADDS vNet" + }, + "defaultValue": "[concat(parameters('resourcePrefix'), '-sharedsvcs-vnet')]", + "allowedValues": [] + }, + "key-vault-name": { + "type": "string", + "defaultValue": "[concat(parameters('resourcePrefix'),uniqueString(subscription().id))]" + }, + "script_executionUserResourceID": { + "type": "string", + "metadata": { + "displayName": "Deployment Script Managed Identity Resource ID", + "description": "Resource ID for the Managed Identity that will execute embedded deployment scripts." + } + }, + "scriptExecutionUserObjectID": { + "type": "string", + "metadata": { + "displayName": "Deployment Script Managed Identity Object ID", + "description": "Object ID for the Managed Identity that will execute embedded deployment scripts." + } + }, + "keyvault_ownerUserObjectID": { + "type": "string", + "metadata": { + "displayName": "Keyvault Owner User Object ID", + "description": "Object ID of the Global Administrator account used to initiate this blueprint assignment" + } + }, + "resourcePrefix": { + "type": "string", + "metadata": { + "displayName": "Resource Prefix" + }, + "defaultValue": "AVD" + }, + "scriptURI": { + "type": "string", + "metadata": { + "displayName": "Script URI", + "description": "URI where Powershell scripts executed by the blueprint are located." + }, + "defaultValue": "https://raw.githubusercontent.com/Azure/AVDBlueprint/main/scripts" + }, + "AzureEnvironmentName": { + "type": "string", + "metadata": { + "displayName": "Azure Environment Name", + "description": "URI where Powershell scripts executed by the blueprint are located." + }, + "defaultValue": "AzureCloud", + "allowedValues": ["AzureCloud", "AzureUSGovernment"] + }, + "AzureStorageFQDN": { + "type": "string", + "metadata": { + "displayName": "Azure Files public endpoint", + "description": "URI where Powershell scripts executed by the blueprint are located." + }, + "defaultValue": "file.core.windows.net", + "allowedValues": ["file.core.windows.net", "file.core.usgovcloudapi.net"] + }, + "managementVMOSSku": { + "type": "string", + "metadata": { + "displayName": "Management VM OS Sku", + "description": "The Windows Sku of the VM used to manage AAD DS" + }, + "defaultValue": "2022-datacenter" + }, + "avdHostPool_CreateAvailabilitySet": { + "type": "bool", + "metadata": { + "displayName": "Create VM Availability Set", + "description": "Yes/No to create an availability set for the session host VMs" + }, + "defaultValue": true, + "allowedValues": [ + true, + false + ] + }, + "availabilityOption": { + "type": "string", + "metadata": { + "description": "Select the availability options for the VMs." + }, + "defaultValue": "AvailabilitySet", + "allowedValues": [ + "None", "AvailabilitySet", "AvailabilityZone" + ] + }, + "availabilitySetName": { + "type": "string", + "metadata": { + "description": "The name of availability set to be used when creating the VMs." + }, + "defaultValue": "[concat(parameters('resourcePrefix'), '-AvailabilitySet')]" + }, + "availabilitySetUpdateDomainCount": { + "type": "int", + "metadata": { + "description": "The platform update domain count of availability set to be created." + }, + "defaultValue": 5, + "allowedValues": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20 + ] + }, + "availabilitySetFaultDomainCount": { + "type": "int", + "metadata": { + "description": "The platform fault domain count of availability set to be created." + }, + "defaultValue": 2, + "allowedValues": [ + 1, + 2, + 3 + ] + }, + "log-analytics_service-tier": { + "type": "string", + "metadata": { + "displayName": "Service tier", + "description": "Log Analytics Service tier: Free, Standalone, PerNode or PerGB2018." + }, + "defaultValue": "PerNode", + "allowedValues": ["Free", "Standalone", "PerNode", "PerGB2018"] + }, + "log-analytics_data-retention": { + "type": "int", + "metadata": { + "displayName": "Log retention in days", + "description": "Number of days data will be retained." + }, + "defaultValue": 365, + "allowedValues": [] + }, + "logsRetentionInDays": { + "type": "int", + "defaultValue": 365, + "minValue": 0, + "maxValue": 365, + "metadata": { + "displayName": "Log retention in days", + "description": "Specifies the number of days (0-365) that logs will be kept. A value of '0' will retain logs indefinitely" + } + }, + "vnet_vnet-address-prefix": { + "type": "string", + "metadata": { + "displayName": "Address prefix of the vnet created by the AVD Blueprint." + }, + "defaultValue": "10.0.0.0/16", + "allowedValues": [] + }, + "vnetEnableDdosProtection": { + "type": "Bool", + "metadata": { + "displayName": "Enable Virtual Network DDoS protection", + "description": "Determines whether or not DDoS Protection is enabled in the Virtual Network." + }, + "defaultValue": false + }, + "vnet_sharedsvcs-subnet-address-prefix": { + "type": "string", + "metadata": { + "displayName": "Shared services subnet address prefix", + "description": "Shared services subnet address prefix." + }, + "defaultValue": "10.0.0.0/24", + "allowedValues": [] + }, + "vnet_adds-subnet-address-prefix": { + "type": "string", + "metadata": { + "displayName": "Azure ADDS subnet address prefix", + "description": "Subnet for Azure ADDS." + }, + "defaultValue": "10.0.6.0/24", + "allowedValues": [] + }, + "daUser_AdminUser": { + "type": "string", + "metadata": { + "displayName": "Admin User UPN", + "description": "This account will be a member of AAD DC Administrators and local admin on deployed VMs." + }, + "defaultValue": "[concat( 'domainadmin@', parameters('adds_domainName'))]" + }, + "avdHostPool_hostpoolname": { + "type": "string", + "metadata": { + "displayName": "AVD Hostpool Name" + }, + "defaultValue": "[concat(parameters('resourcePrefix'), '-avd-hp')]" + }, + "avdHostPool_workspaceName": { + "type": "string", + "metadata": { + "displayName": "AVD Workspace Name" + }, + "defaultValue": "[concat(parameters('resourcePrefix'), '-avd-ws')]" + }, + "avdHostPool_hostpoolDescription": { + "type": "string", + "metadata": { + "displayName": "AVD Hostpool Description" + }, + "defaultValue": "A collection of session hosts, running as virtual machines in Azure, and registered to the Azure Virtual Desktop service" + }, + "avdHostPool_vmNamePrefix": { + "type": "string", + "metadata": { + "displayName": "VM Prefix", + "description": "Prefix added to each AVD session host name." + }, + "defaultValue": "[concat(parameters('resourcePrefix'), 'VM')]" + }, + "avdHostPool_vmGalleryImageOffer": { + "type": "string", + "allowedValues": [ + "windows-10", + "office-365" + ], + "metadata": { + "displayName": "Gallery Image Offer" + }, + "defaultValue": "office-365" + }, + "avdHostPool_vmGalleryImagePublisher": { + "type": "string", + "metadata": { + "displayName": "Gallery Image Publisher" + }, + "defaultValue": "MicrosoftWindowsDesktop" + }, + "avdHostPool_vmGalleryImageSKU": { + "type": "string", + "metadata": { + "displayName": "AVD session host Gallery OS image SKU", + "description": "The Windows version that will be used to create the AVD session hosts" + }, + "defaultValue": "21h1-evd-o365pp" + }, + "avdHostPool_vmImageType": { + "type": "string", + "metadata": { + "description": "Select the image source for the session host vms. VMs from a Gallery image will be created with Managed Disks." + }, + "defaultValue": "Gallery", + "allowedValues": [ + "CustomVHD", + "CustomImage", + "Gallery", + "Disk" + ] + }, + "avdHostPool_vmDiskType": { + "type": "string", + "metadata": { + "displayName": "VM Image Type" + }, + "defaultValue": "StandardSSD_LRS" + }, + "avdHostPool_vmUseManagedDisks": { + "type": "bool", + "metadata": { + "displayName": "Use Managed Disks" + }, + "defaultValue": true + }, + "avdHostPool_allApplicationGroupReferences": { + "type": "string", + "metadata": { + "displayName": "allApplicationGroupReferences (AVDHostpool)", + "description": "The existing app groups references of the workspace selected." + }, + "defaultValue": "", + "allowedValues": [] + }, + "avdHostPool_vmImageVhdUri": { + "type": "string", + "metadata": { + "displayName": "vmImageVhdUri (AVDHostpool)", + "description": "(Required when vmImageType = CustomVHD) URI of the sysprepped image vhd file to be used to create the session host VMs. For example, https://rdsstorage.blob.core.windows.net/vhds/sessionhostimage.vhd" + }, + "defaultValue": "", + "allowedValues": [] + }, + "avdHostPool_vmCustomImageSourceId": { + "type": "string", + "metadata": { + "displayName": "vmCustomImageSourceId (AVDHostpool)", + "description": "(Required when vmImageType = CustomImage) Resource ID of the image." + }, + "defaultValue": "", + "allowedValues": [] + }, + "avdHostPool_networkSecurityGroupId": { + "type": "string", + "metadata": { + "displayName": "networkSecurityGroupId (AVDHostpool)", + "description": "The resource ID of an existing network security group." + }, + "defaultValue": "", + "allowedValues": [] + }, + "avdHostPool_personalDesktopAssignmentType": { + "type": "string", + "metadata": { + "displayName": "personalDesktopAssignmentType (AVDHostpool)", + "description": "Set the type of assignment for a Personal hostpool type" + }, + "defaultValue": "Automatic", + "allowedValues": ["Automatic", "Direct", ""] + }, + "avdHostPool_customRdpProperty": { + "type": "string", + "metadata": { + "displayName": "customRdpProperty (AVDHostpool)", + "description": "Hostpool RDP properties." + }, + "defaultValue": "", + "allowedValues": [] + }, + "avdHostPool_deploymentId": { + "type": "string", + "metadata": { + "displayName": "deploymentId (AVDHostpool)", + "description": "GUID for the deployment" + }, + "defaultValue": "", + "allowedValues": [] + }, + "avdHostPool_ouPath": { + "type": "string", + "metadata": { + "displayName": "ouPath (AVDHostpool)", + "description": "OUPath for the domain join" + }, + "defaultValue": "", + "allowedValues": [] + } + }, + "resourceGroups": { + "ResourceGroup": { + "name": "[concat(parameters('resourcePrefix'),'-sharedsvcs-rg')]", + "metadata": { + "displayName": "Shared Services resource group" + }, + "dependsOn": [] + } + } + } +} diff --git a/Examples & Samples/Deploy with Single Script/AVDBPParameters.json b/Examples & Samples/Deploy with Single Script/AVDBPParameters.json index 0a8d1c5..0efdc27 100644 --- a/Examples & Samples/Deploy with Single Script/AVDBPParameters.json +++ b/Examples & Samples/Deploy with Single Script/AVDBPParameters.json @@ -2,15 +2,15 @@ "AzureSubscriptionID": "", "AzureTenantID": "", "AADDSDomainName": "", - "BlueprintResourcePrefix": "Please delete this text and enter a 6-8 character random string of text", - + "BlueprintResourcePrefix": "", + + "PromptForSessionHostOSSku": true, "PromptForManagementVMOSSku": false, "avdHostPool_vmGalleryImageSKU": "21h1-evd-o365pp", "avdHostPool_vmSize": "Standard_B4ms", "avdHostPool_vmNumberOfInstances": 2, "avdHostPool_maxSessionLimit": 16, "avdUsers_userCount": 30, - "BlueprintGlobalResourceGroupName": "AVD_Blueprint_Global_RG", "UserAssignedIdentityName": "UAI1", "BlueprintName": "AVDBlueprint", diff --git a/Examples & Samples/Deploy with Single Script/AssignAVDBlueprint.ps1 b/Examples & Samples/Deploy with Single Script/AssignAVDBlueprint.ps1 index 2c4ed8c..658a6b9 100644 --- a/Examples & Samples/Deploy with Single Script/AssignAVDBlueprint.ps1 +++ b/Examples & Samples/Deploy with Single Script/AssignAVDBlueprint.ps1 @@ -53,7 +53,7 @@ $BPScriptParams - TITLE: AVD Blueprint Configuration and Deployment script - AUTHORED BY: Robert M. Smith - AUTHORED DATE: 01 September 2021 -- CONTRIBUTORS: Tim Muessig, Jason Masten, Dennis Payne +- CONTRIBUTORS: Tim Muessig, Jason Masten, Dennis Payne, Chris Rutledge - LAST UPDATED: 30 September 2021 - PURPOSE: A single PowerShell script to perform everything necessary to deploy Azure Virtual Desktop (AVD) into an Azure Subscription @@ -113,29 +113,39 @@ $BPScriptParams ######################################################################################################################################> +#region Checking for the required parameters, and if not set, exit script Write-Host "Checking PowerShell installed modules..." -ForegroundColor Cyan - #region Checking for the first two required parameters, and if not set, exit script if (-not($AADDSDomainName)) { - Write-Host "`n Azure Active Directory Domain Services name is null + Write-Host "`n Azure Active Directory Domain Services name is not found AAD DS name must be specified in the parameter file 'AVDBPParameters.json' Your AAD DS prefix name must be 15 characters or less in the format 'domain.contoso.com' - This script will now exit." -ForegroundColor Cyan + This script will now exit." -ForegroundColor Red Return } if (-not($AzureTenantID)) { Write-Host "`n Azure Tenant ID is missing. The destination Azure Tenant ID must be present in the file'AVDBPParameters.json'. - This script will now exit." -ForegroundColor Cyan + This script will now exit." -ForegroundColor Red Return } if (-not($AzureSubscriptionID)) { Write-Host "`n Azure Subscription ID is missing. The destination Azure Subscription ID must be present in the file'AVDBPParameters.json'. - This script will now exit." -ForegroundColor Cyan + This script will now exit." -ForegroundColor Red Return } + +if (-not($BlueprintResourcePrefix)) { + Write-Host "`n 'BlueprintResourcePrefix' parameter value is missing in the parameter file 'AVDBPParameters.json' + Please enter a 4-8 character value to be used for the blueprint deployment prefix. + This prefix is used in naming some objects during the blueprint deployment, including computer names. + Prefixes longer than 8 or 9 characters start to limit number of session hosts VMs that can get created because of name length. + This script will now exit." -ForegroundColor Red + Return +} + #endregion #region Make sure required Az modules are installed @@ -148,6 +158,8 @@ if (-not($AzureSubscriptionID)) { # - Az.Resources # - AzureAD + Write-Host "Checking PowerShell installed modules..." -ForegroundColor Cyan + $AzModuleGalleryMessage = "You may be prompted to install from the PowerShell Gallery`n If the Az PowerShell modules were not previously installed you may be prompted to install 'Nuget'.`n If your policies allow those items to be installed, click 'Yes to All' when prompted." @@ -268,14 +280,6 @@ $AzureEnvironment = Get-AzContext $AzureStorageEnvironment = ($AzureEnvironment).Environment.StorageEndpointSuffix $AzureStorageFileEnv = 'file.' + $AzureStorageEnvironment -# Set the correct value for 'avdHostPool_vmGalleryImageOffer' based on the VM type being installed' -if ($avdHostPool_vmGalleryImageSKU -like '*o365pp*') -{ - $avdHostPool_vmGalleryImageOffer = "office-365" -} else { - $avdHostPool_vmGalleryImageOffer = "windows-10" -} - Write-Host "`n Enumerating list of locations in your environment, that offer the AVD service..." -ForegroundColor Cyan $AzureLocations = (Get-AzResourceProvider -ListAvailable | Where-Object {($_.ProviderNamespace -EQ "Microsoft.DesktopVirtualization" -and $_.RegistrationState -EQ "Registered")}).Locations.ToLower() -replace '\s','' @@ -345,7 +349,7 @@ if ($result -eq [System.Windows.Forms.DialogResult]::OK) #region If management VM Sku prompt set true, query and display available Skus if ($PromptForManagementVMOSSku){ Write-Host "`n Gathering list of available Server Windows Skus..." -ForegroundColor Cyan -$ServerSkus = Get-AzVMImageSku -Location $ChosenAzureLocation -PublisherName 'MicrosoftWindowsServer' -Offer 'WindowsServer' | Where-Object {$_.Skus -like "20??-datacenter*"}| foreach { $_.Skus} +$ServerSkus = Get-AzVMImageSku -Location $ChosenAzureLocation -PublisherName 'MicrosoftWindowsServer' -Offer 'WindowsServer' | Where-Object {$_.Skus -like "20??-datacenter*" -and $_.Skus -notlike "*core*" -and $_.Skus -notlike "*smalldisk*" -and $_.Skus -notlike "*containers*"} | Select-object -Expandproperty Skus # Present a pop-up form to select management VM OS Sku to build from Add-Type -AssemblyName System.Windows.Forms @@ -415,12 +419,97 @@ $managementVMOSSku = '2022-datacenter' } #endregion +#region If AVD session host prompt set true, query and display available Skus +if ($PromptForSessionHostOSSku){ +Write-Host "`n Gathering list of available Windows session host SKUs..." -ForegroundColor Cyan +$AVDSHvmsku = Get-AzVMImageSku -Location $ChosenAzureLocation -PublisherName 'MicrosoftWindowsDesktop' -offer 'windows-10' | Where-Object ({$_.Skus -like "*evd*" -and $_.Skus -notlike "*rs5*" -or $_.Skus -like "*avd*"})| Select-Object -ExpandProperty Skus +$AVDSHvmsku += Get-AzVMImageSku -Location $ChosenAzureLocation -PublisherName 'MicrosoftWindowsDesktop' -offer 'office-365' | Where-Object ({$_.Skus -like "*evd*" -and $_.Skus -notlike "*rs5*" -or $_.Skus -like "*avd*"})| Select-Object -ExpandProperty Skus +$AVDSHvmsku += Get-AzVMImageSku -Location $ChosenAzureLocation -PublisherName 'MicrosoftWindowsDesktop' -offer 'windows-11' | Where-Object ({$_.Skus -like "*evd*" -and $_.Skus -notlike "*rs5*" -or $_.Skus -like "*avd*"})| Select-Object -ExpandProperty Skus + +# Present a pop-up form to select management VM OS Sku to build from +Add-Type -AssemblyName System.Windows.Forms +Add-Type -AssemblyName System.Drawing + +$form = New-Object System.Windows.Forms.Form +$form.Text = 'AVD OS Sku' +$form.Size = New-Object System.Drawing.Size(300,200) +$form.StartPosition = 'CenterScreen' + +$okButton = New-Object System.Windows.Forms.Button +$okButton.Location = New-Object System.Drawing.Point(75,120) +$okButton.Size = New-Object System.Drawing.Size(75,23) +$okButton.Text = 'OK' +$okButton.DialogResult = [System.Windows.Forms.DialogResult]::OK +$form.AcceptButton = $okButton +$form.Controls.Add($okButton) + +$cancelButton = New-Object System.Windows.Forms.Button +$cancelButton.Location = New-Object System.Drawing.Point(150,120) +$cancelButton.Size = New-Object System.Drawing.Size(75,23) +$cancelButton.Text = 'Cancel' +$cancelButton.DialogResult = [System.Windows.Forms.DialogResult]::Cancel +$form.CancelButton = $cancelButton +$form.Controls.Add($cancelButton) + +$label = New-Object System.Windows.Forms.Label +$label.Location = New-Object System.Drawing.Point(10,20) +$label.Size = New-Object System.Drawing.Size(280,20) +$label.Text = 'Please select AVD OS Sku:' +$form.Controls.Add($label) + +$listBox = New-Object System.Windows.Forms.ListBox +$listBox.Location = New-Object System.Drawing.Point(10,40) +$listBox.Size = New-Object System.Drawing.Size(260,20) +$listBox.Height = 80 + +ForEach ($A in $AVDSHvmsku){ +Write-Output $A | ForEach-Object {[void] $listBox.Items.Add($_)} +} + +$form.Controls.Add($listBox) + +$form.Topmost = $true + +$result = $form.ShowDialog() + +if ($result -eq [System.Windows.Forms.DialogResult]::CANCEL) + { + Write-Host "The 'Cancel' button was pressed. The script will now exit." -ForegroundColor Red + Return + } +if ($null -eq $listBox.SelectedItem) + { + Write-Host " A Windows Server OS Sku was not selected. + Please re-run this script and select a Windows OS Sku in the pop-up pick-list" -ForegroundColor Red + Return + } +if ($result -eq [System.Windows.Forms.DialogResult]::OK) + { + $avdHostPool_vmGalleryImageSKU = $listBox.SelectedItem + # Set the correct 'ImageOffer' based on the image selected +if (Get-AzVMImage -Location $ChosenAzureLocation -PublisherName 'MicrosoftWindowsDesktop' -Offer 'windows-10' -Sku $avdHostPool_vmGalleryImageSKU -ErrorAction SilentlyContinue) { + $avdHostPool_vmGalleryImageOffer = 'windows-10' + } elseif (Get-AzVMImage -Location $ChosenAzureLocation -PublisherName 'MicrosoftWindowsDesktop' -Offer 'windows-11' -Sku $avdHostPool_vmGalleryImageSKU -ErrorAction SilentlyContinue) { + $avdHostPool_vmGalleryImageOffer = 'windows-11' + } elseif (Get-AzVMImage -Location $ChosenAzureLocation -PublisherName 'MicrosoftWindowsDesktop' -Offer 'office-365' -Sku $avdHostPool_vmGalleryImageSKU -ErrorAction SilentlyContinue) { + $avdHostPool_vmGalleryImageOffer = 'office-365' +} + + Write-Host "Your chosen Windows session host OS Sku is '$avdHostPool_vmGalleryImageSKU'" + } + +} else { +$avdHostPool_vmGalleryImageSKU = '21h1-evd-o365pp' +} +#endregion + Write-Host "`nThe following parameters will be used, based on the login information provided: Azure Tenant ID: $AzureTenantID Azure Subscription ID: $AzureSubscriptionID Azure Cloud Instance: $AzureEnvironmentName -Azure Location: $ChosenAzureLocation`n" -ForegroundColor Cyan +Azure Location: $ChosenAzureLocation +`n" -ForegroundColor Cyan $UserPrincipalName = (Get-AzContext).Account.Id #Internal Account @@ -459,13 +548,20 @@ Connect-AzureAD -AzureEnvironmentName $AzureEnvironmentName -TenantId $AzureTena $ManagedIdentityCheck = Get-AzUserAssignedIdentity -Name $UserAssignedIdentityName -ResourceGroupName $BlueprintGlobalResourceGroupName -ErrorAction SilentlyContinue Write-Host "`nCreating user-assigned managed identity account, that will be the context of the AVD assignment" -ForegroundColor Cyan If (-not($ManagedIdentityCheck)){ +$UserAssignedIdentity = Get-AzUserAssignedIdentity -Name $UserAssignedIdentityName -ResourceGroupName $BlueprintGlobalResourceGroupName -ErrorAction SilentlyContinue +Write-Host "`nCreating user-assigned managed identity account, which will be the context of the AVD assignment" -ForegroundColor Cyan +} + If (-not($UserAssignedIdentity)){ Write-Host " Managed identity '$UserAssignedIdentityName' does not currently exist. Now creating managed identity '$UserAssignedIdentityName' in resource group '$BlueprintGlobalResourceGroupName'" -ForegroundColor Cyan $UserAssignedIdentity = New-AzUserAssignedIdentity -ResourceGroupName $BlueprintGlobalResourceGroupName -Name $UserAssignedIdentityName -Location $ChosenAzureLocation + $UserAssignedIdentity } else { Write-Host "`nUser Assigned Identity '$UserAssignedIdentityName' already exists`n" -ForegroundColor Cyan + $UserAssignedIdentity = $ManagedIdentityCheck $ManagedIdentityCheck - $UserAssignedIdentity = Get-AzUserAssignedIdentity -ResourceGroupName $BlueprintGlobalResourceGroupName -Name $UserAssignedIdentityName + Write-Host "`nUser Assigned Identity '$UserAssignedIdentityName' already exists" -ForegroundColor Cyan + $UserAssignedIdentity } $UserAssignedIdentityId = $UserAssignedIdentity.Id $ScriptExecutionUserObjectID = $UserAssignedIdentity.PrincipalId @@ -486,33 +582,23 @@ if (-not($UAMIOwnerSubRoleCheck)){ Write-Host "User assigned identity '$UserAssignedIdentityName' already has 'Owner' role assigned at the subscription level" -ForegroundColor Cyan $UAMIOwnerSubRoleCheck } - #endregion -#region Grant the 'Blueprint Operator' subscription level role to the managed identity -Write-Host "Now checking if user assigned identity '$UserAssignedIdentityName' has 'Blueprint Operator' subscription level role assignment" -ForegroundColor Cyan -if (-not(Get-AzRoleAssignment -ResourceGroupName $BlueprintGlobalResourceGroupName -ObjectID ($UserAssignedIdentity).PrincipalId -RoleDefinitionName 'Blueprint Operator')) { - Write-Host "`User assigned identity '$UserAssignedIdentityName' does not currently have 'Blueprint Operator' subscription level role assignment" -ForegroundColor Cyan - Write-Host "Now assigning 'Blueprint Operator' role to '$UserAssignedIdentityName'" -ForegroundColor Cyan - New-AzRoleAssignment -ObjectId ($UserAssignedIdentity).PrincipalId -RoleDefinitionName 'Blueprint Operator' -Scope "/subscriptions/$AzureSubscriptionID" +#region Register the Azure Blueprint provider to the subscription, if not already registered +Write-Host "Now checking the 'Microsoft.Blueprint' provider, and registering if needed" -ForegroundColor Cyan +$BlueprintProviderRegistration = Get-AzResourceProvider -ListAvailable | Where-Object {($_.ProviderNamespace -EQ "Microsoft.Blueprint" -and $_.RegistrationState -EQ "Registered")} +if (-not($BlueprintProviderRegistration)) { + Write-Host "The 'Microsoft.Blueprint' provider is not currently registered. Now registering..." -ForegroundColor Cyan + Register-AzResourceProvider -ProviderNamespace 'Microsoft.Blueprint' + # adding a pause here until the 'Blueprint' provider is in the actual 'Registered' state + Do { + Write-Host "Pausing to ensure 'Blueprint' provider is in the 'registered' state. waiting 3 seconds..." -ForegroundColor Cyan + Start-Sleep -Seconds 3 + } until (Get-AzResourceProvider -ListAvailable | Where-Object {($_.ProviderNamespace -EQ "Microsoft.Blueprint" -and $_.RegistrationState -EQ "Registered")} -ErrorAction SilentlyContinue) + Get-AzResourceProvider -ListAvailable | Where-Object {($_.ProviderNamespace -EQ "Microsoft.Blueprint" -and $_.RegistrationState -EQ "Registered")} } else { - Write-Host "User assigned identity '$UserAssignedIdentityName' already has 'Blueprint Operator' role assigned at the subscription level" -ForegroundColor Cyan - Get-AzRoleAssignment -ResourceGroupName $BlueprintGlobalResourceGroupName -ObjectID ($UserAssignedIdentity).PrincipalId -RoleDefinitionName 'Blueprint Operator' -ErrorAction SilentlyContinue -} -#endregion - -#region Assign Azure AD role 'Global Administrator' to the managed identity, to allow creation of AD objects during assignment, if not already assigned -$AADGlobalAdminRoleInfo = Get-AzureADMSRoleDefinition -Filter "displayName eq 'Global Administrator'" -$AADGlobalAdminRoleInfoId = $AADGlobalAdminRoleInfo.Id -$AADGlobalAdminRoleDisplayName = $AADGlobalAdminRoleInfo.displayName -Write-Host "`Assigning Azure AD role 'Global Administrator' to the managed identity" -ForegroundColor Cyan -if (-not(Get-AzureADMSRoleAssignment -Filter "principalID eq '$ScriptExecutionUserObjectID' and roleDefinitionId eq '$AADGlobalAdminRoleInfoId'")){ - Write-Host "User assigned identity"$UserAssignedIdentity.name"does not have the"$AADGlobalAdminRoleInfo.displayName"role currently assigned." -ForegroundColor Cyan - Write-Host "Now assigning role to managed identity." -ForegroundColor Cyan - New-AzureADMSRoleAssignment -RoleDefinitionId $AADGlobalAdminRoleInfoId -PrincipalId $ScriptExecutionUserObjectID -DirectoryScopeId '/' -ErrorAction SilentlyContinue -} else { - Write-Host "User assigned identity '$UserAssignedIdentityName' already has the '$AADGlobalAdminRoleDisplayName' role assigned." -ForegroundColor Cyan - Get-AzureADMSRoleAssignment -Filter "principalID eq '$ScriptExecutionUserObjectID' and roleDefinitionId eq '$AADGlobalAdminRoleInfoId'" + Write-Host "The 'Microsoft.Blueprint' provider is already registered" -ForegroundColor Cyan + $BlueprintProviderRegistration } #endregion @@ -529,6 +615,52 @@ if (-not($BlueprintProviderList)) { } #endregion +#region Grant the 'Blueprint Operator' subscription level role to the managed identity +Write-Host "Now checking if user assigned identity '$UserAssignedIdentityName' has 'Blueprint Operator' subscription level role assignment" -ForegroundColor Cyan +$UAMIBlueprintOperatorRoleCheck = Get-AzUserAssignedIdentity -Name $UserAssignedIdentityName -ResourceGroupName $BlueprintGlobalResourceGroupName +if (-not($UAMIBlueprintOperatorRoleCheck)) { + Do { + Write-Host "User assigned identity '$UserAssignedIdentityName' is not currently available, waiting 3 seconds..." -ForegroundColor Cyan + Start-Sleep -Seconds 3 + } until (Get-AzUserAssignedIdentity -Name $UserAssignedIdentityName -ResourceGroupName $BlueprintGlobalResourceGroupName -ErrorAction SilentlyContinue) + Write-Host "User Assigned Managed Identity '$UserAssignedIdentityName' is now available..." -ForegroundColor Cyan +} +$UAMIBlueprintOperatorRoleCheck2 = Get-AzRoleAssignment -ResourceGroupName $BlueprintGlobalResourceGroupName -ObjectID ($UserAssignedIdentity).PrincipalId -RoleDefinitionName 'Blueprint Operator' +if (-not($UAMIBlueprintOperatorRoleCheck2)){ + Write-Host "Now checking if 'Blueprint Operator' role is currently assigned to '$UserAssignedIdentityName'" -ForegroundColor Cyan + Get-AzRoleAssignment -ResourceGroupName $BlueprintGlobalResourceGroupName -ObjectID ($UserAssignedIdentity).PrincipalId -RoleDefinitionName 'Blueprint Operator' + New-AzRoleAssignment -ObjectId ($UserAssignedIdentity).PrincipalId -RoleDefinitionName 'Blueprint Operator' -Scope "/subscriptions/$AzureSubscriptionID" +} else { + Write-Host "User assigned identity '$UserAssignedIdentityName' already has 'Blueprint Operator' role assigned at the subscription level" -ForegroundColor Cyan + Get-AzRoleAssignment -ResourceGroupName $BlueprintGlobalResourceGroupName -ObjectID ($UserAssignedIdentity).PrincipalId -RoleDefinitionName 'Blueprint Operator' -ErrorAction SilentlyContinue +} +#endregion + +#region Assign Azure AD role 'Global Administrator' to the managed identity, to allow creation of AD objects during assignment, if not already assigned +$AADGlobalAdminRoleInfo = Get-AzureADMSRoleDefinition -Filter "displayName eq 'Global Administrator'" +$AADGlobalAdminRoleInfoId = $AADGlobalAdminRoleInfo.Id +$AADGlobalAdminRoleDisplayName = $AADGlobalAdminRoleInfo.displayName + +Write-Host "`Assigning Azure AD role 'Global Administrator' to the managed identity" -ForegroundColor Cyan + +$UAMIOwnerSubRoleCheck = Get-AzUserAssignedIdentity -Name $UserAssignedIdentityName -ResourceGroupName $BlueprintGlobalResourceGroupName -ErrorAction SilentlyContinue +if (-not($UAMIOwnerSubRoleCheck)){ + Do { + Write-Host "Waiting 3 seconds for user assigned managed identity '$UserAssignedIdentityName' to become available for next operation..." -ForegroundColor Cyan + Start-Sleep -Seconds 3 + } until (Get-AzUserAssignedIdentity -Name $UserAssignedIdentityName -ResourceGroupName $BlueprintGlobalResourceGroupName -ErrorAction SilentlyContinue) +} + +if (-not(Get-AzureADMSRoleAssignment -Filter "principalID eq '$ScriptExecutionUserObjectID' and roleDefinitionId eq '$AADGlobalAdminRoleInfoId'")){ + Write-Host "User assigned identity"$UserAssignedIdentity.name"does not have the"$AADGlobalAdminRoleInfo.displayName"role currently assigned." -ForegroundColor Cyan + Write-Host "Now assigning role to managed identity." -ForegroundColor Cyan + New-AzureADMSRoleAssignment -RoleDefinitionId $AADGlobalAdminRoleInfoId -PrincipalId $ScriptExecutionUserObjectID -DirectoryScopeId '/' -ErrorAction SilentlyContinue +} else { + Write-Host "User assigned identity '$UserAssignedIdentityName' already has the '$AADGlobalAdminRoleDisplayName' role assigned." -ForegroundColor Cyan + Get-AzureADMSRoleAssignment -Filter "principalID eq '$ScriptExecutionUserObjectID' and roleDefinitionId eq '$AADGlobalAdminRoleInfoId'" +} +#endregion + #region Register the 'Microsoft.AAD' provider to the subscription, if not already registered Write-Host "Now checking the 'Microsoft.AAD' provider, and registering if needed" -ForegroundColor Cyan $MicrosoftAADProviderCheck = Get-AzResourceProvider -ListAvailable | Where-Object {($_.ProviderNamespace -EQ "Microsoft.AAD" -and $_.RegistrationState -EQ "Registered")} diff --git a/Examples & Samples/Remove-AzAvdBpDeployment.ps1 b/Examples & Samples/Remove-AzAvdBpDeployment.ps1 index 3cc8d3e..9947554 100644 --- a/Examples & Samples/Remove-AzAvdBpDeployment.ps1 +++ b/Examples & Samples/Remove-AzAvdBpDeployment.ps1 @@ -54,27 +54,48 @@ Param( [switch] $PurgeKeyVault ) + +#Trying to work around an issue where the modules were previously installed but don't report that way to PowerShell +Write-Verbose "Checking PowerShell modules needed to run this script" if (-not(Get-Module -Name 'Az.Keyvault')) { + Import-Module -Name 'Az.Keyvault' -Force + } + if (-not(Get-Module -Name 'Az.Keyvault')) { Install-Module 'Az.Keyvault' -Force Import-Module -Name 'Az.Keyvault' -Force } if (-not(Get-Module -Name 'Az.Storage')) { + Import-Module -Name 'Az.Storage' -Force + } + if (-not(Get-Module -Name 'Az.Storage')) { Install-Module 'Az.Storage' -Force Import-Module -Name 'Az.Storage' -Force } if (-not(Get-Module -Name 'Az.Resources')) { + Import-Module -Name 'Az.Resources' -Force + } + if (-not(Get-Module -Name 'Az.Resources')) { Install-Module 'Az.Resources' -Force Import-Module -Name 'Az.Resources' -Force } if (-not(Get-Module -Name 'Az.OperationalInsights')) { + Import-Module -Name 'Az.OperationalInsights' -Force + } + if (-not(Get-Module -Name 'Az.OperationalInsights')) { Install-Module 'Az.OperationalInsights' -Force Import-Module -Name 'Az.OperationalInsights' -Force } if (-not(Get-Module -Name 'AzureAD')) { + Import-Module -Name 'AzureAD' -Force + } + if (-not(Get-Module -Name 'AzureAD')) { Install-Module 'AzureAD' -Force Import-Module -Name 'AzureAD' -Force } if (-not(Get-Module -Name 'Az.DesktopVirtualization')) { + Import-Module 'Az.DesktopVirtualization' -Force + } + if (-not(Get-Module -Name 'Az.DesktopVirtualization')) { Install-Module 'Az.DesktopVirtualization' -Force Import-Module 'Az.DesktopVirtualization' -Force } diff --git a/README.md b/README.md index d61ebd9..f0327f3 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ The AVD Blueprints are meant to deploy an entire environment, including Azure Ac * Locate the .zip file downloaded from Github.com * Right-click the .zip file, and then click **'Properties'** * In the bottom section labeled **'Security'**, if the text is present: 'This file came from another computer and might be blocked to help protect this computer', click the **'Unblock'** check-box, then click **'Apply'**, and then click **'OK'**. - + * **Extract the downloaded .zip file** to any folder on your device (Example. 'C:\AVDBlueprint') * You can double-click the .zip file in Windows File Explorer. * Double-click the top-level folder in the zip, which should be named **'AVDBlueprint-main'**. diff --git a/scripts/CreateAADDSFileShare_ConfigureGP.ps1 b/scripts/CreateAADDSFileShare_ConfigureGP.ps1 index 22f9df2..fdc7a88 100644 --- a/scripts/CreateAADDSFileShare_ConfigureGP.ps1 +++ b/scripts/CreateAADDSFileShare_ConfigureGP.ps1 @@ -19,8 +19,10 @@ Param( [string] $evdvm_name_prefix, [Parameter(Mandatory=$true)] - [string] $vmNumberOfInstances - + [string] $vmNumberOfInstances, + + [Parameter(Mandatory=$true)] + [string] $keyvaultname ) #region Install RSAT-AD Tools, GP Tools, setup working folders, and install 'Az' PowerShell modules Install-WindowsFeature -name GPMC @@ -51,8 +53,10 @@ $Scriptblock = { [string] $evdvm_name_prefix, [Parameter(Mandatory=$true,Position=6)] - [string] $vmNumberOfInstances + [string] $vmNumberOfInstances, + [Parameter(Mandatory=$true,Position=7)] + [string] $keyvaultname ) Start-Transcript -OutputDirectory C:\Windows\Temp @@ -150,7 +154,7 @@ Connect-AzAccount -Identity -Environment $AzureEnvironmentName # Download AVD post-install group policy settings zip file, and expand it $CTempPath = 'C:\Temp' -New-Item -ItemType Directory -Path "$CTempPath" -ErrorAction SilentlyContinue +New-Item -ItemType Directory -Path $CTempPath -ErrorAction SilentlyContinue New-Item -ItemType Directory -Path "$CTempPath\Software" -ErrorAction SilentlyContinue $AVDPostInstallGPSettingsZip = "$CTempPath\AVD_PostInstall_GP_Settings.zip" $ZipFileURI = "$ScriptURI/AVD_PostInstall_GP_Settings.zip" @@ -211,7 +215,7 @@ $AVDComputersOU = New-ADOrganizationalUnit -Name 'AVD Computers' -DisplayName 'A New-GPLink -Target $AVDComputersOU.DistinguishedName -Name $AVDPolicy.DisplayName -LinkEnabled Yes # Get credentials and use those to move AVD session hosts to their new OU -$KeyVault = Get-AzKeyVault -VaultName "*-sharedsvcs-kv" +$KeyVault = Get-AzKeyVault -VaultName $keyvaultname $DAUserUPN = (Get-AzADGroup -DisplayName "AAD DC Administrators" | Get-AzADGroupMember).UserPrincipalName $DAUserName = $DAUserUPN.Split('@')[0] $DAPass = (Get-AzKeyVaultSecret -VaultName $keyvault.VaultName -name $DAUserName).SecretValue @@ -270,7 +274,7 @@ for ($i = 1; $i -le $vmNumberOfInstances ; $i++) { $s = New-PSSession -ComputerName $VMComputerName Invoke-Command -Session $s -ScriptBlock { gpupdate /force - shutdown /r /f /t 15 + shutdown /r /f /t 60 } Remove-PSSession -Session $s } @@ -287,7 +291,7 @@ for ($i = 1; $i -le $vmNumberOfInstances ; $i++) { Connect-AzAccount -Identity -Environment $AzureEnvironmentName #Create a DAuser context, using password from Key Vault -$KeyVault = Get-AzKeyVault -VaultName "*-sharedsvcs-kv" +$KeyVault = Get-AzKeyVault -VaultName $keyvaultname $DAUserUPN = (Get-AzADGroup -DisplayName "AAD DC Administrators" | Get-AzADGroupMember).UserPrincipalName $DAUserName = $DAUserUPN.Split('@')[0] $DAPass = (Get-AzKeyVaultSecret -VaultName $keyvault.VaultName -name $DAUserName).SecretValue @@ -311,7 +315,7 @@ Get-AzContext | Out-File -append c:\windows\temp\outercontext.txt klist tickets | Out-File -append c:\windows\temp\outercontext.txt #Run the $scriptblock in the DAuser context -Invoke-Command -ConfigurationName DASessionConf -ComputerName $env:COMPUTERNAME -ScriptBlock $Scriptblock -ArgumentList $ResourceGroupName,$StorageAccountName,$ScriptURI,$AzureEnvironmentName,$AzureStorageFQDN,$evdvm_name_prefix,$vmNumberOfInstances +Invoke-Command -ConfigurationName DASessionConf -ComputerName $env:COMPUTERNAME -ScriptBlock $Scriptblock -ArgumentList $ResourceGroupName,$StorageAccountName,$ScriptURI,$AzureEnvironmentName,$AzureStorageFQDN,$evdvm_name_prefix,$vmNumberOfInstances,$keyvaultname #Clean up DAuser context Unregister-PSSessionConfiguration -Name DASessionConf -Force