3

I'm building a JSON template that deploys a VM in Azure and executing a PowerShell script via Custom Script Extension (CSE). The JSON template was taken from here with some modifications for my company needs.

One of the parameters in the JSON template is adminPassword, that configures the password for the VM's local admin account.

The PowerShell script should deploy a domain controller on the VM. This is the important part of the PS script:

Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath C:\Windows\NTDS -DomainMode 7 -DomainName Domain.local -DomainNetbiosName Domain -ForestMode 7 -InstallDns:$true -LogPath C:\Windows\NTDS -SysvolPath C:\Windows\SYSVOL -NoRebootOnCompletion:$false -Force:$true

The Install-ADDSForest command requires the switch -SafeModeAdministratorPassword for the command to run. Adding the password as plain text at the beginning of the PS script works, but plain text password is not an option. This is how I tested:

$SafePassPlain = 'Password'
$SafePass = ConvertTo-SecureString -string $SafePassPlain `
    -AsPlainText -force

And entering this in the Install-ADDSForest line: -SafeModeAdministratorPassword $SafePass

This is the part in the JSON template where the script runs:

      "properties": {
        "publisher": "Microsoft.Compute",
        "type": "CustomScriptExtension",
        "typeHandlerVersion": "1.4",
        "autoUpgradeMinorVersion": true,
        "settings": {
          "fileUris": [
            "https://URLtoFile/DC-Domain.ps1
          ],
          "commandToExecute": "powershell.exe -ExecutionPolicy Unrestricted -File DC-Domain.ps1"

I would like to pass the adminPassword parameter from the JSON template to the PS script so it will use it for the -SafeModeAdministratorPassword switch. Is it possible?

I read about ConvertFrom-Json and checked these: 1 2, but I'm not sure how to implement that on my end...

After checking this and this, seeing examples of passing parameters from a JSON template to a PS script, I tried implementing it like this, which didn't work:

"commandToExecute": "[concat('powershell -ExecutionPolicy Unrestricted -File DC-Domain1.ps1 -SafeModeAdministratorPassword ',parameters('adminPassword'))]"

Any help will be appreciated...

Zobia Kanwal
  • 4,085
  • 4
  • 15
  • 38
Avi Samocha
  • 31
  • 1
  • Could you provide the error in your question? – Joy Wang Mar 14 '19 at 09:02
  • The custom script execution just keeps running for about an hour and times out (I guess waiting for the -SafeModeAdministratorPassword). The log under `C:\WindowsAzure\Logs\Plugins\Microsoft.Compute.CustomScriptExtension` doesn't show any errors... If needed, I will redeploy the VMs and give more details. I guess that the real question is if passing a parameter from the JSON template to a PS script the template runs is even possible/supported and how should it be written in the template > commandToEexecute and in the PS script. – Avi Samocha Mar 14 '19 at 13:11

0 Answers0