Infrastructure as Code – Deploy VMs in Azure
Plan
Code below will deploy an Azure Virtual Network, subnet, network security group, and rule to allow RDP access to two VMs.
Design
Estimated cost
Deploy
Prerequisite: Install Azure CLI
Run below code using PowerShell.
#Update based on your organizational requirements
$Location = "westus2"
$ResourceGroupName = "ActiveDirectoryOnPremRG"
$NetworkSecurityGroup = "NSG-DomainControllers"
$VNetName = "VNet-AzureVMsWestUS2"
$VNetAddress = "10.10.0.0/16"
$SubnetName = "Subnet-AzureDCsWestUS2"
$SubnetAddress = "10.10.10.0/24"
$AvailabilitySet = "AS-DomainControllers"
$VMSize = "Standard_DS1_v2"
$DataDiskSize = "20"
$AdminUsername = "azureuser"
$AdminPassword = "ChangeMe#1234"
$DomainController1 = "AZDC01"
$DC1IP = "10.10.10.11"
$DomainController2 = "AZDC02"
$DC2IP = "10.10.10.12"
# Create a resource group.
az group create --name $ResourceGroupName `
--location $Location
# Create a network security group
az network nsg create --name $NetworkSecurityGroup `
--resource-group $ResourceGroupName `
--location $Location
# Create a network security group rule for port 3389.
az network nsg rule create --name PermitRDP `
--nsg-name $NetworkSecurityGroup `
--priority 1000 `
--resource-group $ResourceGroupName `
--access Allow `
--source-address-prefixes VirtualNetwork `
--destination-address-prefixes VirtualNetwork `
--source-port-ranges "*" `
--direction Inbound `
--destination-port-ranges 3389
# Create a virtual network.
az network vnet create --name $VNetName `
--resource-group $ResourceGroupName `
--address-prefixes $VNetAddress `
--location $Location
# Create a subnet
az network vnet subnet create --address-prefix $SubnetAddress `
--name $SubnetName `
--resource-group $ResourceGroupName `
--vnet-name $VNetName `
--network-security-group $NetworkSecurityGroup
# Create an availability set.
az vm availability-set create --name $AvailabilitySet `
--resource-group $ResourceGroupName `
--location $Location
# Create two virtual machines.
az vm create `
--resource-group $ResourceGroupName `
--availability-set $AvailabilitySet `
--name $DomainController1 `
--size $VMSize `
--image Win2019Datacenter `
--admin-username $AdminUsername `
--admin-password $AdminPassword `
--data-disk-sizes-gb $DataDiskSize `
--data-disk-caching None `
--nsg $NetworkSecurityGroup `
--private-ip-address $DC1IP `
--public-ip-address '""' `
--license-type Windows_Server `
--no-wait
az vm auto-shutdown `
--email "derrickpark@outlook.com" `
--webhook "https://derrickpark.com" `
--resource-group $ResourceGroupName `
--name $DomainController1 `
--time 1100
az vm create `
--resource-group $ResourceGroupName `
--availability-set $AvailabilitySet `
--name $DomainController2 `
--size $VMSize `
--image Win2019Datacenter `
--admin-username $AdminUsername `
--admin-password $AdminPassword `
--data-disk-sizes-gb $DataDiskSize `
--data-disk-caching None `
--nsg $NetworkSecurityGroup `
--private-ip-address $DC2IP `
--public-ip-address '""' `
--license-type Windows_Server
az vm auto-shutdown `
--email "derrickpark@outlook.com" `
--webhook "https://derrickpark.com" `
--resource-group $ResourceGroupName `
--name $DomainController2 `
--time 1100 Result
Source: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/virtual-dc/adds-on-azure-vm
