Пользовательская политика расширения Azure
Я создаю собственную политику, чтобы заставить все виртуальные машины, которые имеют образ из определенной группы ресурсов, присоединиться к домену путем развертывания расширения.
Я столкнулся с проблемой, когда он не работает, и он продолжает говорить, что у меня нет прав, даже когда я жестко кодирую имя пользователя и пароль в переменных.
{
"if": {
"allOf": [
{
"field": "type",
"in": [
"Microsoft.Compute/virtualMachines",
"Microsoft.Compute/VirtualMachineScaleSets"
]
},
{
"field": "Microsoft.Compute/imageId",
"contains": "resourceGroups/Templates"
}
]
},
"then": {
"effect": "deployIfNotExists",
"details": {
"name": "Microsoft.PowerShell",
"type": "Microsoft.Compute/virtualMachines/extensions",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Compute/virtualMachines/extensions/type",
"equals": "CustomScriptExtension"
},
{
"field": "Microsoft.Compute/virtualMachines/extensions/publisher",
"equals": "Microsoft.PowerShell"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {
"domainJoinUserName": "",
"domainJoinUserPassword": "",
"domainFQDN": "myDomain.com",
"domainJoinOptions": 3
},
"resources": [
{
"comments": "Join domain - JsonADDomainExtension",
"apiVersion": "2015-06-15",
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat(trim(parameters('vmName')[copyIndex()]),'/joindomain')]",
"location": "[parameters('location')]",
"copy": {
"name": "vmDomainJoinCopy",
"count": "[length(parameters('vmName'))]"
},
"properties": {
"publisher": "Microsoft.Compute",
"type": "JsonADDomainExtension",
"typeHandlerVersion": "1.3",
"autoUpgradeMinorVersion": true,
"settings": {
"Name": "[variables('domainFQDN')]",
"User": "[variables('domainJoinUserName')]",
"Restart": "true",
"Options": "[variables('domainJoinOptions')]"
},
"protectedSettings": {
"Password": "[variables('domainJoinUserPassword')]"
}
}
}
]
}
}
}
}
}
}
1 ответ
Решение
Вот очень подробная политика Azure для присоединения виртуальной машины к домену, и она работает для меня. Пожалуйста, проверьте и посмотрите, поможет ли это:
{
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"anyOf": [
{
"field": "Microsoft.Compute/imageId",
"in": "[parameters('listOfImageIdToInclude')]"
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "MicrosoftWindowsServer"
},
{
"field": "Microsoft.Compute/imageOffer",
"equals": "WindowsServer"
},
{
"field": "Microsoft.Compute/imageSKU",
"in": [
"2008-R2-SP1",
"2008-R2-SP1-smalldisk",
"2012-Datacenter",
"2012-Datacenter-smalldisk",
"2012-R2-Datacenter",
"2012-R2-Datacenter-smalldisk",
"2016-Datacenter",
"2016-Datacenter-Server-Core",
"2016-Datacenter-Server-Core-smalldisk",
"2016-Datacenter-smalldisk",
"2016-Datacenter-with-Containers",
"2016-Datacenter-with-RDSH"
]
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "MicrosoftWindowsServer"
},
{
"field": "Microsoft.Compute/imageOffer",
"equals": "WindowsServerSemiAnnual"
},
{
"field": "Microsoft.Compute/imageSKU",
"in": [
"Datacenter-Core-1709-smalldisk",
"Datacenter-Core-1709-with-Containers-smalldisk",
"Datacenter-Core-1803-with-Containers-smalldisk"
]
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "MicrosoftWindowsServerHPCPack"
},
{
"field": "Microsoft.Compute/imageOffer",
"equals": "WindowsServerHPCPack"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "MicrosoftSQLServer"
},
{
"anyOf": [
{
"field": "Microsoft.Compute/imageOffer",
"like": "*-WS2016"
},
{
"field": "Microsoft.Compute/imageOffer",
"like": "*-WS2016-BYOL"
},
{
"field": "Microsoft.Compute/imageOffer",
"like": "*-WS2012R2"
},
{
"field": "Microsoft.Compute/imageOffer",
"like": "*-WS2012R2-BYOL"
}
]
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "MicrosoftRServer"
},
{
"field": "Microsoft.Compute/imageOffer",
"equals": "MLServer-WS2016"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "MicrosoftVisualStudio"
},
{
"field": "Microsoft.Compute/imageOffer",
"in": [
"VisualStudio",
"Windows"
]
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "MicrosoftDynamicsAX"
},
{
"field": "Microsoft.Compute/imageOffer",
"equals": "Dynamics"
},
{
"field": "Microsoft.Compute/imageSKU",
"equals": "Pre-Req-AX7-Onebox-U8"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "microsoft-ads"
},
{
"field": "Microsoft.Compute/imageOffer",
"equals": "windows-data-science-vm"
}
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/imagePublisher",
"equals": "MicrosoftWindowsDesktop"
},
{
"field": "Microsoft.Compute/imageOffer",
"equals": "Windows-10"
}
]
}
]
}
]
},
"then": {
"effect": "deployIfNotExists",
"details": {
"type": "Microsoft.Compute/virtualMachines/extensions",
"roleDefinitionIds": [
"/providers/microsoft.authorization/roleDefinitions/"
],
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Compute/virtualMachines/extensions/type",
"equals": "JsonADDomainExtension"
},
{
"field": "Microsoft.Compute/virtualMachines/extensions/publisher",
"equals": "Microsoft.Compute"
},
{
"field": "Microsoft.Compute/virtualMachines/extensions/provisioningState",
"equals": "Succeeded"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"ouPath": {
"type": "string"
},
"domainFQDN": {
"type": "string"
},
"vmName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {
"domainJoinOptions": 131075
},
"resources": [
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"comments": "Join domain - JsonADDomainExtension",
"name": "[concat(parameters('vmName'), '/JsonADDomainExtension')]",
"apiVersion": "2018-06-01",
"location": "[parameters('location')]",
"properties": {
"publisher": "Microsoft.Compute",
"type": "JsonADDomainExtension",
"typeHandlerVersion": "1.3",
"autoUpgradeMinorVersion": true,
"settings": {
"Name": "[parameters('domainFQDN')]",
"User": "username",
"Restart": "true",
"Options": "[variables('domainJoinOptions')]",
"OUPath": "[parameters('ouPath')]"
},
"protectedSettings": {
"Password": "Password"
}
}
}
],
"outputs": {
"policy": {
"type": "string",
"value": "[concat('Enabled extension for VM', ': ', parameters('vmName'))]"
}
}
},
"parameters": {
"vmName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
},
"ouPath": {
"value": "[parameters('ouPath')]"
},
"domainFQDN": {
"value": "[parameters('domainFQDN')]"
}
}
}
}
}
}
}
Убедитесь, что вы передаете правильное имя пользователя и пароль.
Также в качестве альтернативы, вы можете обратиться к этой статье для того же запроса.
Надеюсь, поможет.