Category: PowerShell

Keeping your managed PC from locking all the time

I know you shouldn’t try and subvert your companies internal security policies, but sometimes the security department just don’t seem to understand the consequences of what they do…especially when using multiple computers simultaneously!

The following script essentially presses the inaccessible F15 key at regular time intervals to ensure the screen timeout is reset and you avoid locking out.

Continue reading “Keeping your managed PC from locking all the time”
‘*** Execution Timeout Expired’ with SqlPackage.exe on Azure DevOps Release Pipeline Fix

‘*** Execution Timeout Expired’ with SqlPackage.exe on Azure DevOps Release Pipeline Fix

A while ago I was having an issue deploying a SQL Data Tools project using the Azure DevOps pipelines. It worked fine when there was no data in the database, but once there was some data to preserve in the release the DACPAC deployment started to timeout with the following error when running SqlPackage.

Continue reading “‘*** Execution Timeout Expired’ with SqlPackage.exe on Azure DevOps Release Pipeline Fix”

Resource Tag management in Microsoft Azure

Adding tags to resources in Azure is generally a good idea. This helps administrators manage billing, knowing what things are and when they can be safely decommissioned etc..

I have includes here some guidance and useful scripts for adding tags and managing tags on resources and resource groups.

Continue reading “Resource Tag management in Microsoft Azure”

Azure Active Directory – How to give a Registered Application an AD Directory Administrative Role

By default a ‘Registered Application’ account is not a member of any Directory Roles and/or group memberships and there is no easy way to make these changes using the portal. You may have an API or back-end application that will be required to perform actions on your AD that requires elevated permissions (e.g. Reset passwords or delete accounts etc..)

Normally for advanced configuration, you will need to start editing the manifest file. Luckily this has been made easy using the Portal. You can now edit the file directly, or download, make changes and then upload.

However, to make a ‘Registered Application’ a member of a ‘Directory Administrative Role’ you need to use PowerShell to add the role member to the ‘Service Principal’ (as I couldn’t find a way to do this in the manifest!).

Continue reading “Azure Active Directory – How to give a Registered Application an AD Directory Administrative Role”

How to delete an Azure Active Directory (ADD) Tenant

You may have discovered that deleting an Azure Active Directory is a particularly frustrating experience that ultimately ends in failure. The new portal have improved things a bit, by running through a series of check before the delete button is enabled.

You may need to go back to the Classic portal (https://manage.windowsazure.com) to see some of the objects/resources to delete.

However, although this will help you remove ‘most’ of what you need to, unfortunately NOT all!

In this case I got a “Unable to delete directory

Continue reading “How to delete an Azure Active Directory (ADD) Tenant”

Creating an Azure Virtual Network with VPN Gateway entirely with PowerShell not possible!

As I found the documentation for this somewhat lacking (especially for New-AzureRmVirtualNetworkGateway and New-AzureRmVirtualNetworkGatewayIpConfig), I thought I would try and see if it was possible to create and fully configure a Virtual Network and Gateway using PowerShell. I have posted my PowerShell script examples and efforst here.

NOTE: Several of these command return  a warning (shown below) which means things will be changing soon…again 😉 …and other just exception, so although you can setup a Virtual Network you can not create the Gateway!

2017-01-05_15-39-25

I am using version 3.3.0 of the Azure cmdlets.

# Get Azure cmdlets version
Get-Module -ListAvailable -Name Azure -Refresh

Steps

  1. Setup variables, login and set current context 
    # Setup Variables
$location = "North Europe"
$rgName = "MyResourceGroup"
$strgAccount = "MyStorageAccount"
$vnetName = "vnet-1"
$gatewayPIPName = "gateway-2-pip"
$clientAddressPool = "192.168.0.0/16"
$gatewayName = "mygateway1"

# Setup PowerShell Environment
Add-AzureRmAccount
Select-AzureRmSubscription -SubscriptionName "MySubscription"
Set-AzureRmCurrentStorageAccount -ResourceGroupName $rgName -Name $strgAccount
# get and check current context (ARM)
Get-AzureRmContext
  2. Create the Virtual Network (include a subnet called ‘GatewaySubnet‘ specifically for the VPN Gateway. It appears this is required even if using the Portal to add a Gateway to a Virtual Network.) 
    # Create the Virtual Network with 3 subnets)
# Setup Subnets
$gatewaySubnet = New-AzureRmVirtualNetworkSubnetConfig `
    -Name GatewaySubnet -AddressPrefix "10.1.0.0/24"
$frontendSubnet = New-AzureRmVirtualNetworkSubnetConfig `
    -Name frontendSubnet -AddressPrefix "10.1.1.0/24"
$backendSubnet = New-AzureRmVirtualNetworkSubnetConfig `
    -Name backendSubnet -AddressPrefix "10.1.2.0/24"
# Create VNet
$vnet = New-AzureRmVirtualNetwork -Name $vnetName `
    -ResourceGroupName $rgName -Location $location `
    -AddressPrefix "10.1.0.0/16" `
    -Subnet $gatewaySubnet,$frontendSubnet,$backendSubnet
  3. Create a Public IP Address (PIP) to be used by the Gateway 
    # Create a PIP
$pip = New-AzureRmPublicIpAddress -AllocationMethod Dynamic `
    -ResourceGroupName $rgName -Location $location `
    -Name $gatewayPIPName
  4. Create the VNet Gateway (Attempt 1Although I can’t see any issues in the script below, unfortunately this is returning a 500 Internal Server Error. I have tried a number of variations!!) 
    # Gateway config
$vnetGatewayIPConf = New-AzureRmVirtualNetworkGatewayIpConfig -Name default `
    -PublicIpAddress $pip -Subnet $gatewaySubnet
# Create VNet Gateway
$vnetGateway = New-AzureRmVirtualNetworkGateway -Name "hmstraingateway1" 
    -ResourceGroupName $rgName `
    -Location $location `
    -IpConfigurations $vnetGatewayIPConf `
    -GatewayType Vpn `
    -VpnType RouteBased `
    -GatewaySku Basic `
    -VpnClientAddressPool $clientAddressPool

     

Attempt 2: I then thought I would see if it would be possible to complete the process using ARM Templates. When attempting to get an ARM Template for an existing Virtual Network Gateway we get the following errors.

Error details - Microsoft Azure 
  • The schema of resource type 'Microsoft.Network/virtualNetworkGateways' is 
not available. Resources of this type will not be exported to the template. 
(Code: ResourceTypeSchemaNotFound)
  • The schema of resource type 'Microsoft.Web/connections' is not available. 
Resources of this type will not be exported to the template. 
(Code: ResourceTypeSchemaNotFound)

This effectively indicates that the ARM capability of this type of resource is not yet all there in Azure. I seem to come across issue like this quite a lot.

Also with the ARM Virtual Network you can’t use the Get-AzureVNetConfig to download the configuration files either.

So in conclusion the only way to currently create a Gateway and complete the process, is to use the Azure Portal. Please comment below if you know of another way or have spotted an issue.

Links

New-AzureRmVirtualNetworkGatewayIpConfig (https://docs.microsoft.com/en-us/powershell/resourcemanager/azurerm.network/v2.1.0/new-azurermvirtualnetworkgatewayipconfig)

New-AzureRmVirtualNetworkGateway (https://docs.microsoft.com/en-us/powershell/resourcemanager/AzureRM.Network/v1.0.13/New-AzureRmVirtualNetworkGateway?redirectedfrom=msdn)

Save