3

I'm building a JSON template that deploys a VM in Azure and executing a PowerShell script via Custom Script Extension (CSE). The JSON template was taken from here with some modifications for my company needs.

One of the parameters in the JSON template is adminPassword, that configures the password for the VM's local admin account.

The PowerShell script should deploy a domain controller on the VM. This is the important part of the PS script:

Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath C:\Windows\NTDS -DomainMode 7 -DomainName Domain.local -DomainNetbiosName Domain -ForestMode 7 -InstallDns:$true -LogPath C:\Windows\NTDS -SysvolPath C:\Windows\SYSVOL -NoRebootOnCompletion:$false -Force:$true

The Install-ADDSForest command requires the switch -SafeModeAdministratorPassword for the command to run. Adding the password as plain text at the beginning of the PS script works, but plain text password is not an option. This is how I tested:

$SafePassPlain = 'Password'
$SafePass = ConvertTo-SecureString -string $SafePassPlain `
    -AsPlainText -force

And entering this in the Install-ADDSForest line: -SafeModeAdministratorPassword $SafePass

This is the part in the JSON template where the script runs:

      "properties": {
        "publisher": "Microsoft.Compute",
        "type": "CustomScriptExtension",
        "typeHandlerVersion": "1.4",
        "autoUpgradeMinorVersion": true,
        "settings": {
          "fileUris": [
            "https://URLtoFile/DC-Domain.ps1
          ],
          "commandToExecute": "powershell.exe -ExecutionPolicy Unrestricted -File DC-Domain.ps1"

I would like to pass the adminPassword parameter from the JSON template to the PS script so it will use it for the -SafeModeAdministratorPassword switch. Is it possible?

I read about ConvertFrom-Json and checked these: 1 2, but I'm not sure how to implement that on my end...

After checking this and this, seeing examples of passing parameters from a JSON template to a PS script, I tried implementing it like this, which didn't work:

"commandToExecute": "[concat('powershell -ExecutionPolicy Unrestricted -File DC-Domain1.ps1 -SafeModeAdministratorPassword ',parameters('adminPassword'))]"

Any help will be appreciated...

Improve this question
2
  • Could you provide the error in your question? Commented Mar 14, 2019 at 9:02
  • The custom script execution just keeps running for about an hour and times out (I guess waiting for the -SafeModeAdministratorPassword). The log under C:\WindowsAzure\Logs\Plugins\Microsoft.Compute.CustomScriptExtension doesn't show any errors... If needed, I will redeploy the VMs and give more details. I guess that the real question is if passing a parameter from the JSON template to a PS script the template runs is even possible/supported and how should it be written in the template > commandToEexecute and in the PS script. Commented Mar 14, 2019 at 13:11
Related questions
6
How to pass the password as argument in Powershell script and convert to secure string
0
Passing parameter values to a PowerShell script
1
How to pass variables into an escaped json string?
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.