#----------------------------------------------- #Lab 1: Building the Foundation #Section: Connect to Azure with Powershell #---------------------------------------------- Add-AzureAccount Get-AzureSubscription #------------------------------------------------- #Set Your Variables for the Lab - Setting the Variables here will ensure the script will work for your environment. Replace "ABC" with your initials or something unique for your deployment. #------------------------------------------------- $subscriptionName = "Free Trial" #Replace with the friendly name of your subscription, if not using the free trial $storageAccountName = "abcstore" #storage name must be all lowercase $locationName = "West US" $domainCloudService = "ABCdomainservice" $dcAvalSet = "ABC-DCSet" $serverImages = Get-AzureVMImage | Where {$_.ImageFamily -eq "Windows Server 2012 R2 Datacenter" } | sort-object -descending -Property PublishedDate $image = $serverImages[0].ImageName $subnet = "Core-Subnet" $instancesize = "Small" $VnetName = "ABC-Vnet" $un = "sysadmin" $pwd = "Passw0rd!" $firstDC = "ABC-DC01" $secondDC = "ABC-DC02" #Select the subscription to use for the lab (important if you have more than one subscription in your account) Select-AzureSubscription -subscriptionName $subscriptionName #----------------------------------------------- #Lab 1: Building the Foundation #Section: Create a new storage account using PowerShell #---------------------------------------------- New-AzureStorageAccount -StorageAccountName $storageAccountName -Location $locationName #----------------------------------------------- #Lab 1: Building the Foundation #Section: Create a new service with PowerShell #---------------------------------------------- Set-AzureSubscription -subscriptionName $subscriptionName -CurrentStorageAccount $storageAccountName New-AzureService -ServiceName $domainCloudService -Location $locationName #----------------------------------------------- #Lab 2: Building Workloads #Section: Deploy domain controllers in Microsoft Azure #Task: Create First VM/DC in the domain #------------------------------------------------- $newVM = New-AzureVMConfig -Name $firstDC -InstanceSize $instancesize -Image $image ` | Add-AzureProvisioningConfig -Windows -Password $pwd -AdminUsername $un ` | Set-AzureSubnet -SubnetNames $subnet New-AzureVM -VMs $newVM -ServiceName $domainCloudService -VNetName $VnetName #Move to Avail set Get-AzureVm -ServiceName $domainCloudService -Name $firstDC | Set-AzureAvailabilitySet -AvailabilitySetName $dcAvalSet | Update-AzureVM #----------------------------------------------- #Lab 2: Building Workloads #Section: Preparing to Remotely Connect to Azure Virtual Machines #------------------------------------------------- #Install Certificate for remote connection to first Domain Controller #Add these lines at line 70 within the InstallWinRMCertzureVM.ps1 that you downloaded. $subscriptionName = "Free Trial" #Replace with the friendly name of your subscription, if not using the free trial $ServiceName = $domainCloudService $Name = $firstDC #----------------------------------------------- #Lab 2: Building Workloads #Section: Create users in your Active Directory #------------------------------------------------- #Connect Remotely to first DC $uri = Get-AzureWinRMUri -ServiceName $domainCloudService -Name $firstDC $cred = Get-Credential Enter-PSSession -ConnectionUri $uri -Credential $cred #After remote connection to domain controller is made: Add-WindowsFeature -name ad-domain-services -IncludeManagementTools Install-ADDSForest -DomainName "contosoazure.com" -ForestMode 6 -DomainMode 6 #After the domain is configured, create OUs and Users: New-ADOrganizationalUnit -Name "FINANCE" -Path "DC=contosoazure, DC=Com" New-ADOrganizationalUnit -Name "IT" -Path "DC=contosoazure, DC=Com" New-ADOrganizationalUnit -Name "SALES" -Path "DC=contosoazure, DC=Com" $newPassword = (Read-Host -Prompt "Provide New Password" -AsSecureString) New-ADUser -Name "Matt Deen" -Path "OU=FINANCE,dc=contosoazure,dc=com" -AccountPassword $newPassword -Department "Finance" -SamAccountName "MattDeen" -Surname "Deen" -GivenName "Matt" -DisplayName "Matt Deen" New-ADUser -Name "Bob Smith" -Path "OU=SALES,dc=contosoazure,dc=com" -SamAccountName "BobSmith" -GivenName "Bob" -Surname "Smith" -DisplayName "Bob Smith" -Department "Sales" -AccountPassword $newPassword New-ADUser -Name "Pat Holden" -SamAccountName "Pat Holden" -GivenName "Pat" -Surname "Holden" -DisplayName "Pat Holden" -Department "Finance" -AccountPassword $newPassword New-ADUser -Name "Dan Chun" -SamAccountName "Dan Chun" -GivenName "Dan" -Surname "Chun" -DisplayName "Dan Chun" -Department "Finance" -AccountPassword $newPassword New-ADUser -Name "Karen Vogue" -Path "OU=sales,dc=contosoazure,dc=com" -SamAccountName "KarenVogue" -GivenName "Karen" -Surname "Vogue" -DisplayName "Karen Vogue" -Department "Sales" -AccountPassword $newPassword #This enables a user account. You can repeat this command to enable more uses if desired. Enable-ADAccount -Identity KarenVogue #----------------------------------------------- #Lab 2: Building Workloads #Section: Deploy the 2nd Domain Controller for your Forest #------------------------------------------------- #Make sure to exit from the remote session on DC01 and return to controlling Azure directly by typing: exit #Then continue on to deploy the 2nd DC, this time you will automatically deploy the machine to the correct Availability Set $newVM = New-AzureVMConfig -Name $secondDC -InstanceSize $instancesize -Image $image -AvailabilitySetName $dcAvalSet ` | Add-AzureProvisioningConfig -Windows -Password $pwd -AdminUsername $un ` | Set-AzureSubnet -SubnetNames $subnet New-AzureVM -VMs $newVM -ServiceName $domainCloudService #Install Certificate for remote connection to second Domain Controller #Edit these lines at line 70 within the InstallWinRMCertzureVM.ps1 that you downloaded. $subscriptionName = "Free Trial" #Replace with the friendly name of your subscription, if not using the free trial $ServiceName = $domainCloudService $Name = $secondDC #Connect Remotely to second DC $uri = Get-AzureWinRMUri -ServiceName $domainCloudService -Name $secondDC $cred = Get-Credential Enter-PSSession -ConnectionUri $uri -Credential $cred #Add ADDS and promote to DC: Add-WindowsFeature -name ad-domain-services -IncludeManagementTools #Reconnect via PowerShell Remoting before Promoting: Install-ADDSDomainController -Credential (Get-Credential) -DatabasePath 'C:\Windows\NTDS' -DomainName 'contosoazure.com' -InstallDns:$true -LogPath 'C:\Windows\NTDS' -NoGlobalCatalog:$false -SiteName 'Default-First-Site-Name' -SysvolPath 'C:\Windows\SYSVOL' -NoRebootOnCompletion:$true -Force:$true -Verbose #Optional: Switch the 2nd Domain Controller to Server Core Remove-WindowsFeature -name User-Interfaces-Infra Restart-Computer