搜索
搜索

Azure 自定义扩展策略

debugcn 发表于 Dev
3
邦多克777

我正在创建一个自定义策略,以通过部署扩展来强制所有具有来自某个资源组的映像的 VM 加入域。

我遇到了它无法工作的问题,即使我将用户名和密码硬编码到变量中,它也一直说我没有权限。

{
  "if": {
    "allOf": [
      {
        "field": "type",
        "in": [
          "Microsoft.Compute/virtualMachines",
          "Microsoft.Compute/VirtualMachineScaleSets"
        ]
      },
      {
        "field": "Microsoft.Compute/imageId",
        "contains": "resourceGroups/Templates"
      }
    ]
  },
  "then": {
    "effect": "deployIfNotExists",
    "details": {
      "name": "Microsoft.PowerShell",
      "type": "Microsoft.Compute/virtualMachines/extensions",
      "existenceCondition": {
        "allOf": [
          {
            "field": "Microsoft.Compute/virtualMachines/extensions/type",
            "equals": "CustomScriptExtension"
          },
          {
            "field": "Microsoft.Compute/virtualMachines/extensions/publisher",
            "equals": "Microsoft.PowerShell"
          }
        ]
      },
      "deployment": {
        "properties": {
          "mode": "incremental",
          "template": {
            "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
            "contentVersion": "1.0.0.0",
            "parameters": {
              "vmName": {
                "type": "string"
              },
              "location": {
                "type": "string"
              }
            },
            "variables": {
              "domainJoinUserName": "",
              "domainJoinUserPassword": "",
              "domainFQDN": "myDomain.com",
              "domainJoinOptions": 3
            },
            "resources": [
              {
                "comments": "Join domain - JsonADDomainExtension",
                "apiVersion": "2015-06-15",
                "type": "Microsoft.Compute/virtualMachines/extensions",
                "name": "[concat(trim(parameters('vmName')[copyIndex()]),'/joindomain')]",
                "location": "[parameters('location')]",
                "copy": {
                  "name": "vmDomainJoinCopy",
                  "count": "[length(parameters('vmName'))]"
                },
                "properties": {
                  "publisher": "Microsoft.Compute",
                  "type": "JsonADDomainExtension",
                  "typeHandlerVersion": "1.3",
                  "autoUpgradeMinorVersion": true,
                  "settings": {
                    "Name": "[variables('domainFQDN')]",
                    "User": "[variables('domainJoinUserName')]",
                    "Restart": "true",
                    "Options": "[variables('domainJoinOptions')]"
                  },
                  "protectedSettings": {
                    "Password": "[variables('domainJoinUserPassword')]"
                  }
                }
              }
            ]
          }
        }
      }
    }
  }
}

莫希特·维尔玛

这是一个非常详细的 Azure 策略,用于将 VM 加入域中,它对我有用。请检查它是否有帮助:

{
  "if": {
    "allOf": [
      {
        "field": "type",
        "equals": "Microsoft.Compute/virtualMachines"
      },
      {
        "anyOf": [
          {
            "field": "Microsoft.Compute/imageId",
            "in": "[parameters('listOfImageIdToInclude')]"
          },
          {
            "allOf": [
              {
                "field": "Microsoft.Compute/imagePublisher",
                "equals": "MicrosoftWindowsServer"
              },
              {
                "field": "Microsoft.Compute/imageOffer",
                "equals": "WindowsServer"
              },
              {
                "field": "Microsoft.Compute/imageSKU",
                "in": [
                  "2008-R2-SP1",
                  "2008-R2-SP1-smalldisk",
                  "2012-Datacenter",
                  "2012-Datacenter-smalldisk",
                  "2012-R2-Datacenter",
                  "2012-R2-Datacenter-smalldisk",
                  "2016-Datacenter",
                  "2016-Datacenter-Server-Core",
                  "2016-Datacenter-Server-Core-smalldisk",
                  "2016-Datacenter-smalldisk",
                  "2016-Datacenter-with-Containers",
                  "2016-Datacenter-with-RDSH"
                ]
              }
            ]
          },
          {
            "allOf": [
              {
                "field": "Microsoft.Compute/imagePublisher",
                "equals": "MicrosoftWindowsServer"
              },
              {
                "field": "Microsoft.Compute/imageOffer",
                "equals": "WindowsServerSemiAnnual"
              },
              {
                "field": "Microsoft.Compute/imageSKU",
                "in": [
                  "Datacenter-Core-1709-smalldisk",
                  "Datacenter-Core-1709-with-Containers-smalldisk",
                  "Datacenter-Core-1803-with-Containers-smalldisk"
                ]
              }
            ]
          },
          {
            "allOf": [
              {
                "field": "Microsoft.Compute/imagePublisher",
                "equals": "MicrosoftWindowsServerHPCPack"
              },
              {
                "field": "Microsoft.Compute/imageOffer",
                "equals": "WindowsServerHPCPack"
              }
            ]
          },
          {
            "allOf": [
              {
                "field": "Microsoft.Compute/imagePublisher",
                "equals": "MicrosoftSQLServer"
              },
              {
                "anyOf": [
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "like": "*-WS2016"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "like": "*-WS2016-BYOL"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "like": "*-WS2012R2"
                  },
                  {
                    "field": "Microsoft.Compute/imageOffer",
                    "like": "*-WS2012R2-BYOL"
                  }
                ]
              }
            ]
          },
          {
            "allOf": [
              {
                "field": "Microsoft.Compute/imagePublisher",
                "equals": "MicrosoftRServer"
              },
              {
                "field": "Microsoft.Compute/imageOffer",
                "equals": "MLServer-WS2016"
              }
            ]
          },
          {
            "allOf": [
              {
                "field": "Microsoft.Compute/imagePublisher",
                "equals": "MicrosoftVisualStudio"
              },
              {
                "field": "Microsoft.Compute/imageOffer",
                "in": [
                  "VisualStudio",
                  "Windows"
                ]
              }
            ]
          },
          {
            "allOf": [
              {
                "field": "Microsoft.Compute/imagePublisher",
                "equals": "MicrosoftDynamicsAX"
              },
              {
                "field": "Microsoft.Compute/imageOffer",
                "equals": "Dynamics"
              },
              {
                "field": "Microsoft.Compute/imageSKU",
                "equals": "Pre-Req-AX7-Onebox-U8"
              }
            ]
          },
          {
            "allOf": [
              {
                "field": "Microsoft.Compute/imagePublisher",
                "equals": "microsoft-ads"
              },
              {
                "field": "Microsoft.Compute/imageOffer",
                "equals": "windows-data-science-vm"
              }
            ]
          },
          {
            "allOf": [
              {
                "field": "Microsoft.Compute/imagePublisher",
                "equals": "MicrosoftWindowsDesktop"
              },
              {
                "field": "Microsoft.Compute/imageOffer",
                "equals": "Windows-10"
              }
            ]
          }
        ]
      }
    ]
  },
  "then": {
    "effect": "deployIfNotExists",
    "details": {
      "type": "Microsoft.Compute/virtualMachines/extensions",
      "roleDefinitionIds": [
        "/providers/microsoft.authorization/roleDefinitions/"
      ],
      "existenceCondition": {
        "allOf": [
          {
            "field": "Microsoft.Compute/virtualMachines/extensions/type",
            "equals": "JsonADDomainExtension"
          },
          {
            "field": "Microsoft.Compute/virtualMachines/extensions/publisher",
            "equals": "Microsoft.Compute"
          },
          {
            "field": "Microsoft.Compute/virtualMachines/extensions/provisioningState",
            "equals": "Succeeded"
          }
        ]
      },
      "deployment": {
        "properties": {
          "mode": "incremental",
          "template": {
            "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
            "contentVersion": "1.0.0.0",
            "parameters": {
              "ouPath": {
                "type": "string"
              },
              "domainFQDN": {
                "type": "string"
              },
              "vmName": {
                "type": "string"
              },
              "location": {
                "type": "string"
              }
            },
            "variables": {
              "domainJoinOptions": 131075
            },
            "resources": [
              {
                "type": "Microsoft.Compute/virtualMachines/extensions",
                "comments": "Join domain - JsonADDomainExtension",
                "name": "[concat(parameters('vmName'), '/JsonADDomainExtension')]",
                "apiVersion": "2018-06-01",
                "location": "[parameters('location')]",
                "properties": {
                  "publisher": "Microsoft.Compute",
                  "type": "JsonADDomainExtension",
                  "typeHandlerVersion": "1.3",
                  "autoUpgradeMinorVersion": true,
                  "settings": {
                    "Name": "[parameters('domainFQDN')]",
                    "User": "username",
                    "Restart": "true",
                    "Options": "[variables('domainJoinOptions')]",
                    "OUPath": "[parameters('ouPath')]"
                  },
                  "protectedSettings": {
                    "Password": "Password"
                  }
                }
              }
            ],
            "outputs": {
              "policy": {
                "type": "string",
                "value": "[concat('Enabled extension for VM', ': ', parameters('vmName'))]"
              }
            }
          },
          "parameters": {
            "vmName": {
              "value": "[field('name')]"
            },
            "location": {
              "value": "[field('location')]"
            },
            "ouPath": {
              "value": "[parameters('ouPath')]"
            },
            "domainFQDN": {
              "value": "[parameters('domainFQDN')]"
            }
          }
        }
      }
    }
  }
}

确保您传递的是正确的用户名和密码。

或者,您可以针对相同的请求参考这篇文章。

https://blogs.msdn.microsoft.com/igorpag/2016/01/25/azure-arm-vm-domain-join-to-active-directory-domain-with-joindomain-extension/

希望能帮助到你。

本文收集自互联网,转载请注明来源。

如有侵权,请联系[email protected] 删除。

编辑于
0

我来说两句

0条评论
登录后参与评论

相关文章

来自分类Dev

Azure AD B2C 自定义策略集扩展属性值

来自分类Dev

Azure B2C:在哪里创建要在自定义策略-门户或自定义策略或两者中使用的DateTime扩展属性?

来自分类Dev

Azure DevOps 扩展自定义 UI

来自分类Dev

Azure AD B2C 自定义策略

来自分类Dev

Azure AD B2C 自定义策略

来自分类Dev

自定义策略的Azure AD B2C自定义加载屏幕

来自分类Dev

我有哪些调试自定义Azure策略或评估策略引擎外部字段的选项?

来自分类Dev

Windows Azure上的自定义PHP扩展

来自分类Dev

Windows Azure上的自定义PHP扩展

来自分类Dev

无法使用 Azure 自定义脚本扩展复制文件

来自分类Dev

自定义策略中的Azure B2c自定义属性不包含在令牌中

来自分类Dev

Azure AD B2C 自定义策略验证电子邮件自定义

来自分类Dev

Azure AD B2C无密码登录自定义策略

来自分类Dev

防止在Azure B2C自定义策略中更改电子邮件

来自分类Dev

密码重置链接Azure B2C自定义策略

来自分类Dev

Azure B2C:获取自定义策略的内置声明列表

来自分类Dev

Azure B2C SAML 自定义策略声明电子邮件

来自分类Dev

如何将自定义重试策略应用于 Azure 函数中的 Eventhub 绑定

来自分类Dev

使用自定义策略的 Azure ADB2C 尝试强制用户每次登录

来自分类Dev

如何设置 app.UseOAuthBearerAuthentication 以处理不同的 Azure B2C 自定义策略?

来自分类Dev

组织设置下的Azure DevOps扩展自定义中心组和中心

来自分类Dev

Azure DevOps自定义任务扩展:powershell.exe / node.exe退出代码:5

来自分类Dev

如何在自定义扩展中显示来自Azure DevOps工件的html报告?

来自分类Dev

Azure VM RHEL 自定义脚本扩展:找不到 script.sh 错误

来自分类Dev

在初始登录自定义策略上强制密码重置不起作用Azure B2C

来自分类Dev

在azure ad b2c自定义策略中对验证技术资料进行事前评估

来自分类Dev

在Azure B2C中未使用自定义策略填充电子邮件声明

来自分类Dev

保护Azure AD b2c问题中集成在自定义策略中的Rest-API

来自分类Dev

Azure B2C自定义策略-api.localaccountsignup-仅自动翻译某些字段

Related 相关文章

  1. 1

    Azure AD B2C 自定义策略集扩展属性值

  2. 2

    Azure B2C:在哪里创建要在自定义策略-门户或自定义策略或两者中使用的DateTime扩展属性?

  3. 3

    Azure DevOps 扩展自定义 UI

  4. 4

    Azure AD B2C 自定义策略

  5. 5

    Azure AD B2C 自定义策略

  6. 6

    自定义策略的Azure AD B2C自定义加载屏幕

  7. 7

    我有哪些调试自定义Azure策略或评估策略引擎外部字段的选项?

  8. 8

    Windows Azure上的自定义PHP扩展

  9. 9

    Windows Azure上的自定义PHP扩展

  10. 10

    无法使用 Azure 自定义脚本扩展复制文件

  11. 11

    自定义策略中的Azure B2c自定义属性不包含在令牌中

  12. 12

    Azure AD B2C 自定义策略验证电子邮件自定义

  13. 13

    Azure AD B2C无密码登录自定义策略

  14. 14

    防止在Azure B2C自定义策略中更改电子邮件

  15. 15

    密码重置链接Azure B2C自定义策略

  16. 16

    Azure B2C:获取自定义策略的内置声明列表

  17. 17

    Azure B2C SAML 自定义策略声明电子邮件

  18. 18

    如何将自定义重试策略应用于 Azure 函数中的 Eventhub 绑定

  19. 19

    使用自定义策略的 Azure ADB2C 尝试强制用户每次登录

  20. 20

    如何设置 app.UseOAuthBearerAuthentication 以处理不同的 Azure B2C 自定义策略?

  21. 21

    组织设置下的Azure DevOps扩展自定义中心组和中心

  22. 22

    Azure DevOps自定义任务扩展:powershell.exe / node.exe退出代码:5

  23. 23

    如何在自定义扩展中显示来自Azure DevOps工件的html报告?

  24. 24

    Azure VM RHEL 自定义脚本扩展:找不到 script.sh 错误

  25. 25

    在初始登录自定义策略上强制密码重置不起作用Azure B2C

  26. 26

    在azure ad b2c自定义策略中对验证技术资料进行事前评估

  27. 27

    在Azure B2C中未使用自定义策略填充电子邮件声明

  28. 28

    保护Azure AD b2c问题中集成在自定义策略中的Rest-API

  29. 29

    Azure B2C自定义策略-api.localaccountsignup-仅自动翻译某些字段

热门标签

归档