Wednesday, November 26, 2014

The Imperfect Lab: Standing Up Active Directory in Azure with PowerShell Remoting

Today in my Imperfect Lab, I needed to start adding some servers so I could build out a domain. So I popped over to the management portal and quickly spun up "DC-Cloud1" in the "FirstSubnet" of my ImperfectNet.

  • ImperfectNet
    • FirstSubnet (192.168.1.0/24) <- right in here!
    • HalfSubnet (192.168.2.0/25)
    • Gateway (192.168.3.200/29)

I logged in and was just about to click "Add Roles/Features" when I paused. What fun is that? I've installed AD a million times that way and it would be way more interesting to do it from PowerShell ISE from my laptop. So I closed out my RDP session and got to work.

First you have to install the remote access certificate on your local machine. To do that you want to download this script - Configures Secure Remote PowerShell Access to Windows Azure Virtual Machines.  Put is somewhere easy to access, open it in PowerShell ISE and then feed the script your personal variables to install the certificate on your machine.  Once that's done, you'll be able to use the lines below to open a PowerShell session directly to your VM. (For more info Michael Washam's script, check out his post, Introduction to Remote PowerShell with Windows Azure.)

$uri = Get-AzureWinRMUri -ServiceName $cloudServiceName -Name $Name 
$cred = Get-Credential  
Enter-PSSession -ConnectionUri $uri -Credential $cred  

Now that I had a secure, remote session it was time to install Active Directory.

Add-WindowsFeature -name ad-domain-services -IncludeManagementTools
Install-ADDSForest -DomainName "yourdomain.com" -ForestMode 5 -DomainMode 5

Those "mode" numbers are adjustable for controlling the forest and domain functional levels. 5 is for 2012. For Server 2003 functional level use 2, for Server 2008 use 3.

Finally, just in case I wanted easy access to RDP to the machine, I installed the newest Remote Desktop Connection Manager 2.7. This way I don't have to download and keep track of RDP files from the Azure Portal every time. (Shout out to Tommy Patterson for letting me know about that version update last week!)

Posted by at
Labels: , ,

2 comments:

  1. Dave CoateMay 24, 2015 at 2:57 PM

    I have been trying to set up Remote PowerShell Access to servers on an Azure subnet from my Surface over a Point to Site connection. I have verified that I have installed the appropriate cert by looking in the certificates snap-in. Occasionally, I have been able to get the connection to work, but most of the time, it fails. I get a very long error message that boils down to: "WinRM cannot complete
    the operation". The message proposed some things to try and check. I have done all that.

    This is the kind of problem that drives one crazy: Sometimes it works!!

    What is the most likely cause of this error?

    ReplyDelete
  2. UnknownAugust 10, 2015 at 12:00 PM

    I've never actually done it with the P2S connection, though you'd think it would be more reliable that way. Local firewall issues would be my first guess.

    ReplyDelete

Subscribe to: Post Comments (Atom)

MS ITPro Evangelists Blogs

More Great Blogs