#----------------------------------------------- # Lab 1: Building the Foundation # Section: Connect to Azure with Powershell #---------------------------------------------- Add-AzureAccount # This prompts you for your Azure Subscription Account Credentials, and logs you in. Get-AzureSubscription | FT SubscriptionName # Get the list of Subscriptions your has access to. Get-AzureLocation | FT DisplayName # Show the datacenter region location names. (You will use the one you chose for your network location.) #------------------------------------------------- # Set Your Variables for the Lab - Setting the Variables here will ensure the script will work for your environment. Replace "ABC" with your initials or something unique for your deployment. #------------------------------------------------- # These variables must be edited: $subscrName = "Free Trial" # Replace with the friendly name of your subscription, if not using the free trial $storageAccountName = "xxxstore" # Storage name must be all lowercase. Replace xxx with your initials or some unique ID $domainCloudService = "XXXdomainservice" # Must be globally unique (used in a URL). Replace XXX with your initials or some unique ID $dcAvalSet = "XXX-DCSet" # Replace XXX with your initials or some unique ID $firstDC = "XXX-DC01" # Replace XXX with your initials or some unique ID $secondDC = "XXX-DC02" # Replace XXX with your initials or some unique ID # These variables must match what you configured for your network in Lab #1 $VnetName = "XXX-Vnet" # <-- Edit to match your virtual network name $locationName = "West US" # <-- Edit to match your network location choice $subnet = "Core-Subnet" # <-- Edit if your network configuration first subnet name is different than the lab manual suggested # These variables can be left as-is. If you edit them, be sure to make note of the values for later. $serverImages = Get-AzureVMImage | Where {$_.ImageFamily -eq "Windows Server 2012 R2 Datacenter" } | sort-object -descending -Property PublishedDate $image = $serverImages[0].ImageName $instancesize = "Small" $un = "SysAdmin" # Remember the Username and Password $pwd = "Passw0rd!" # You'll use these creditials to connect to and/or login to your Domain Controllers # Select the subscription to use for the lab (important if you have more than one subscription in your account) Select-AzureSubscription -subscriptionName $subscrName #----------------------------------------------- # Lab 1: Building the Foundation # Section: Create a new storage account using PowerShell #---------------------------------------------- New-AzureStorageAccount -StorageAccountName $storageAccountName -Location $locationName Set-AzureSubscription -subscriptionName $subscrName -CurrentStorageAccount $storageAccountName #----------------------------------------------- # Lab 1: Building the Foundation # Section: Create a new service with PowerShell #---------------------------------------------- New-AzureService -ServiceName $domainCloudService -Location $locationName #----------------------------------------------- # Lab 2: Building Workloads # Section: Deploy domain controllers in Microsoft Azure # Task: Create First VM/DC in the domain #------------------------------------------------- $newVM = New-AzureVMConfig -Name $firstDC -InstanceSize $instancesize -Image $image ` | Add-AzureProvisioningConfig -Windows -Password $pwd -AdminUsername $un ` | Set-AzureSubnet -SubnetNames $subnet New-AzureVM -VMs $newVM -ServiceName $domainCloudService -VNetName $VnetName # Move to Availability set (Wait until your DC is "Running" and not still "Provisioning" before executing this command. Get-AzureVm -ServiceName $domainCloudService -Name $firstDC | Set-AzureAvailabilitySet -AvailabilitySetName $dcAvalSet | Update-AzureVM #----------------------------------------------- # Lab 2: Building Workloads # Section: Preparing to Remotely Connect to Azure Virtual Machines #------------------------------------------------- # Install Certificate for remote connection to first Domain Controller # Add these lines at line 70 within the InstallWinRMCertzureVM.ps1 that you downloaded from http://aka.ms/psremotingscript $subscriptionName = $subscrName $ServiceName = $domainCloudService $Name = $firstDC #----------------------------------------------- # Lab 2: Building Workloads # Section: Create users in your Active Directory #------------------------------------------------- # Connect Remotely to first DC $uri = Get-AzureWinRMUri -ServiceName $domainCloudService -Name $firstDC $cred = Get-Credential Enter-PSSession -ConnectionUri $uri -Credential $cred # After remote connection to domain controller is made: Add-WindowsFeature -name ad-domain-services -IncludeManagementTools Install-ADDSForest -DomainName "contosoazure.com" -ForestMode 6 -DomainMode 6 # NOTE: The DC restarts after installing the Forest, so you'll need to re-enter the PowerShell remote session # when it's back up and running Enter-PSSession -ConnectionUri $uri -Credential $cred # Back into the remote PS session, now you can create OUs and Users: New-ADOrganizationalUnit -Name "FINANCE" -Path "DC=contosoazure, DC=Com" New-ADOrganizationalUnit -Name "IT" -Path "DC=contosoazure, DC=Com" New-ADOrganizationalUnit -Name "SALES" -Path "DC=contosoazure, DC=Com" $newPassword = (Read-Host -Prompt "Provide New Password" -AsSecureString) # Password for the new users New-ADUser -Name "Matt Deen" -Path "OU=FINANCE,dc=contosoazure,dc=com" -AccountPassword $newPassword -Department "Finance" -SamAccountName "MattDeen" -Surname "Deen" -GivenName "Matt" -DisplayName "Matt Deen" New-ADUser -Name "Bob Smith" -Path "OU=SALES,dc=contosoazure,dc=com" -SamAccountName "BobSmith" -GivenName "Bob" -Surname "Smith" -DisplayName "Bob Smith" -Department "Sales" -AccountPassword $newPassword New-ADUser -Name "Pat Holden" -SamAccountName "Pat Holden" -GivenName "Pat" -Surname "Holden" -DisplayName "Pat Holden" -Department "Finance" -AccountPassword $newPassword New-ADUser -Name "Dan Chun" -SamAccountName "Dan Chun" -GivenName "Dan" -Surname "Chun" -DisplayName "Dan Chun" -Department "Finance" -AccountPassword $newPassword New-ADUser -Name "Karen Vogue" -Path "OU=sales,dc=contosoazure,dc=com" -SamAccountName "KarenVogue" -GivenName "Karen" -Surname "Vogue" -DisplayName "Karen Vogue" -Department "Sales" -AccountPassword $newPassword # This enables a user account. You can repeat this command to enable more uses if desired. Enable-ADAccount -Identity KarenVogue #----------------------------------------------- # Lab 2: Building Workloads # Section: Deploy the 2nd Domain Controller for your Forest #------------------------------------------------- # Make sure to exit from the remote session on DC01 and return to controlling Azure directly by typing: exit # Then continue on to deploy the 2nd DC, this time you will automatically deploy the machine to the correct Availability Set $newVM = New-AzureVMConfig -Name $secondDC -InstanceSize $instancesize -Image $image -AvailabilitySetName $dcAvalSet ` | Add-AzureProvisioningConfig -Windows -Password $pwd -AdminUsername $un ` | Set-AzureSubnet -SubnetNames $subnet New-AzureVM -VMs $newVM -ServiceName $domainCloudService # Move 2nd DC to Avail set # ...already done! (Note the -AvailabilitySetName parameter in the New-AzureVMConfig cmdlet.) # Install Certificate for remote connection to second Domain Controller # Add these lines at line 70 within the InstallWinRMCertzureVM.ps1 that you downloaded from http://aka.ms/psremotingscript $subscriptionName = $subscrName $ServiceName = $domainCloudService $Name = $secondDC # Connect Remotely to second DC $uri = Get-AzureWinRMUri -ServiceName $domainCloudService -Name $secondDC $cred = Get-Credential Enter-PSSession -ConnectionUri $uri -Credential $cred # Add ADDS and promote to DC: Add-WindowsFeature -name ad-domain-services -IncludeManagementTools # Note: When prompted for credentials, make sure to include the domain name for the administrator. # Example: CONTOSOAZURE\SysAdmin or sysadmin@contosoazure.com Install-ADDSDomainController -Credential (Get-Credential) -DatabasePath 'C:\Windows\NTDS' -DomainName 'contosoazure.com' -InstallDns:$true -LogPath 'C:\Windows\NTDS' -NoGlobalCatalog:$false -SiteName 'Default-First-Site-Name' -SysvolPath 'C:\Windows\SYSVOL' -NoRebootOnCompletion:$true -Force:$true -Verbose # NOTE: The DC restarts after making it a domain controller, so you'll need to re-enter the PowerShell remote session # when it's back up and running Enter-PSSession -ConnectionUri $uri -Credential $cred # Optional: Switch the 2nd Domain Controller to Server Core by removing the User Interface. Remove-WindowsFeature -name User-Interfaces-Infra Restart-Computer # Be patient. It takes a while. Once the machine is back up and running, Connect to it (Remote Desktop) to verify that # it is just the core OS.