Deploying an Azure IaaS VM using PowerShell

I recently had to deploy some new VMs and wanted to use PowerShell and also join them to a domain and get the anti-malware extension used. Below is the PowerShell I used. You would need to modify the variables in the below to match your own domains.

$Region = "EastUS"
$VNetName = "savilltech-vnet-east"
$VNetRG = "savilltech-vnets_rg"
$VNetSubnetName = "savilltech-vnet-east-savhybridinfra-vms"
$VNetSubnetCIDR = "10.244.3.64/26"
$NSGName = "savNSGLockdownEastUS"
$VMRG = "savilltech-savhybridinfra_rg"

$SQLVMName = "AZUUSESQL01"
$SQLVMSize = "Standard_DS3_v2" #4vcpu 16GB memory
$SQLVMIP = "10.244.3.68"

$VMDiagName = "savhybridinfradiag"

#Domain Join Strings
$string1 = '{
    "Name": "savilltech.net",
    "User": "savilltech.net\\adminname",
    "OUPath": "OU=Servers,OU=Hybrid,OU=Environments,DC=savilltech,DC=net",
    "Restart": "true",
    "Options": "3"
        }'
$string2 = '{ "Password": "rawpasswordhere" }'


#Get the network subnet
$NSG = Get-AzureRmNetworkSecurityGroup -Name $NSGName -ResourceGroupName $VNetRG
$VNet = Get-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $VNetRG
$VNetSubnet = Get-AzureRmVirtualNetworkSubnetConfig -Name $VNetSubnetName -VirtualNetwork $VNet    

#Local Credential
$user = "localadmin"
$password = 'localadminpasshere'
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ($user, $securePassword) 

# Antimalware extension
$SettingsString = '{ "AntimalwareEnabled": true,"RealtimeProtectionEnabled": true}';
$allVersions= (Get-AzureRmVMExtensionImage -Location $Region -PublisherName "Microsoft.Azure.Security" -Type "IaaSAntimalware").Version
$typeHandlerVer = $allVersions[($allVersions.count)-1]
$typeHandlerVerMjandMn = $typeHandlerVer.split(".")
$typeHandlerVerMjandMn = $typeHandlerVerMjandMn[0] + "." + $typeHandlerVerMjandMn[1]


#Create the resource group
New-AzureRmResourceGroup -Name $VMRG -Location $Region

#Create the diagnostics storage account
New-AzureRmStorageAccount -ResourceGroupName $VMRG -Name $VMDiagName -SkuName Standard_LRS -Location $Region

# Create VM Object
$vm = New-AzureRmVMConfig -VMName $SQLVMName -VMSize $SQLVMSize 

$nic = New-AzureRmNetworkInterface -Name ('nic-' + $SQLVMName) -ResourceGroupName $VMRG -Location $Region `
    -SubnetId $VNetSubnet.Id -PrivateIpAddress $SQLVMIP

# Add NIC to VM
$vm = Add-AzureRmVMNetworkInterface -VM $vm -Id $nic.Id

# VM Storage
$vm = Set-AzureRmVMSourceImage -VM $vm -PublisherName MicrosoftWindowsServer -Offer WindowsServer `
    -Skus 2016-Datacenter -Version latest
$vm = Set-AzureRmVMOSDisk -VM $vm  -StorageAccountType PremiumLRS -DiskSizeInGB 512 `
    -CreateOption FromImage -Caching ReadWrite -Name "$SQLVMName-OS"
$vm = Set-AzureRmVMOperatingSystem -VM $vm -Windows -ComputerName $SQLVMName `
    -Credential $cred -ProvisionVMAgent -EnableAutoUpdate

$diskConfig = New-AzureRmDiskConfig -AccountType PremiumLRS -Location $Region -CreateOption Empty `
        -DiskSizeGB 2048
$dataDisk1 = New-AzureRmDisk -DiskName "$SQLVMName-data1" -Disk $diskConfig -ResourceGroupName $VMRG
$vm = Add-AzureRmVMDataDisk -VM $vm -Name "$SQLVMName-data1" -CreateOption Attach `
    -ManagedDiskId $dataDisk1.Id -Lun 1

$vm = Set-AzureRmVMBootDiagnostics -VM $vm -Enable -ResourceGroupName $VMRG -StorageAccountName $VMDiagName

# Create Virtual Machine
New-AzureRmVM -ResourceGroupName $VMRG -Location $Region -VM $vm

Set-AzureRmVMExtension -ResourceGroupName $VMRG -VMName $SQLVMName -Name "IaaSAntimalware" `
    -Publisher "Microsoft.Azure.Security" -ExtensionType "IaaSAntimalware" `
    -TypeHandlerVersion $typeHandlerVerMjandMn -SettingString $SettingsString -Location $Region

Set-AzureRmVMExtension -ResourceGroupName $VMRG -VMName $SQLVMName -ExtensionType "JsonADDomainExtension" `
    -Name "joindomain" -Publisher "Microsoft.Compute" -TypeHandlerVersion "1.0" -Location $Region `
    -SettingString $string1 -ProtectedSettingString $string2

$Region = "EastUS"

$VNetName = "savilltech-vnet-east"

$VNetRG = "savilltech-vnets_rg"

$VNetSubnetName = "savilltech-vnet-east-savhybridinfra-vms"

$VNetSubnetCIDR = "10.244.3.64/26"

$NSGName = "savNSGLockdownEastUS"

$VMRG = "savilltech-savhybridinfra_rg"

$SQLVMName = "AZUUSESQL01"

$SQLVMSize = "Standard_DS3_v2" #4vcpu 16GB memory

$SQLVMIP = "10.244.3.68"

$VMDiagName = "savhybridinfradiag"

#Domain Join Strings

$string1 = '{

"Name": "savilltech.net",

"User": "savilltech.net\\adminname",

"OUPath": "OU=Servers,OU=Hybrid,OU=Environments,DC=savilltech,DC=net",

"Restart": "true",

"Options": "3"

$string2 = '{ "Password": "rawpasswordhere" }'

#Get the network subnet

$NSG = Get-AzureRmNetworkSecurityGroup -Name $NSGName -ResourceGroupName $VNetRG

$VNet = Get-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $VNetRG

$VNetSubnet = Get-AzureRmVirtualNetworkSubnetConfig -Name $VNetSubnetName -VirtualNetwork $VNet

#Local Credential

$user = "localadmin"

$password = 'localadminpasshere'

$securePassword = ConvertTo-SecureString $password -AsPlainText -Force

$cred = New-Object System.Management.Automation.PSCredential ($user, $securePassword)

# Antimalware extension

$SettingsString = '{ "AntimalwareEnabled": true,"RealtimeProtectionEnabled": true}';

$allVersions= (Get-AzureRmVMExtensionImage -Location $Region -PublisherName "Microsoft.Azure.Security" -Type "IaaSAntimalware").Version

$typeHandlerVer = $allVersions[($allVersions.count)-1]

$typeHandlerVerMjandMn = $typeHandlerVer.split(".")

$typeHandlerVerMjandMn = $typeHandlerVerMjandMn[0] + "." + $typeHandlerVerMjandMn[1]

#Create the resource group

New-AzureRmResourceGroup -Name $VMRG -Location $Region

#Create the diagnostics storage account

New-AzureRmStorageAccount -ResourceGroupName $VMRG -Name $VMDiagName -SkuName Standard_LRS -Location $Region

# Create VM Object

$vm = New-AzureRmVMConfig -VMName $SQLVMName -VMSize $SQLVMSize

$nic = New-AzureRmNetworkInterface -Name ('nic-' + $SQLVMName) -ResourceGroupName $VMRG -Location $Region `

-SubnetId $VNetSubnet.Id -PrivateIpAddress $SQLVMIP

# Add NIC to VM

$vm = Add-AzureRmVMNetworkInterface -VM $vm -Id $nic.Id

# VM Storage

$vm = Set-AzureRmVMSourceImage -VM $vm -PublisherName MicrosoftWindowsServer -Offer WindowsServer `

-Skus 2016-Datacenter -Version latest

$vm = Set-AzureRmVMOSDisk -VM $vm -StorageAccountType PremiumLRS -DiskSizeInGB 512 `

-CreateOption FromImage -Caching ReadWrite -Name "$SQLVMName-OS"

$vm = Set-AzureRmVMOperatingSystem -VM $vm -Windows -ComputerName $SQLVMName `

-Credential $cred -ProvisionVMAgent -EnableAutoUpdate

$diskConfig = New-AzureRmDiskConfig -AccountType PremiumLRS -Location $Region -CreateOption Empty `

-DiskSizeGB 2048

$dataDisk1 = New-AzureRmDisk -DiskName "$SQLVMName-data1" -Disk $diskConfig -ResourceGroupName $VMRG

$vm = Add-AzureRmVMDataDisk -VM $vm -Name "$SQLVMName-data1" -CreateOption Attach `

-ManagedDiskId $dataDisk1.Id -Lun 1

$vm = Set-AzureRmVMBootDiagnostics -VM $vm -Enable -ResourceGroupName $VMRG -StorageAccountName $VMDiagName

# Create Virtual Machine

New-AzureRmVM -ResourceGroupName $VMRG -Location $Region -VM $vm

Set-AzureRmVMExtension -ResourceGroupName $VMRG -VMName $SQLVMName -Name "IaaSAntimalware" `

-Publisher "Microsoft.Azure.Security" -ExtensionType "IaaSAntimalware" `

-TypeHandlerVersion $typeHandlerVerMjandMn -SettingString $SettingsString -Location $Region

Set-AzureRmVMExtension -ResourceGroupName $VMRG -VMName $SQLVMName -ExtensionType "JsonADDomainExtension" `

-Name "joindomain" -Publisher "Microsoft.Compute" -TypeHandlerVersion "1.0" -Location $Region `

-SettingString $string1 -ProtectedSettingString $string2

John Savill's Corner of the Web

Computer related thoughts from John

Deploying an Azure IaaS VM using PowerShell

Like this:

Leave a Reply Cancel reply

Share this:

Like this:

Leave a Reply Cancel reply