Azure Automation Week Concludes! Let’s put it all together!

1 minute read

Whew, this week flew by! We learned how to set up Azure Automation, how to run a runbook with the REST API, how to do a more advanced offline domain join, and how to get input from the SCSM portal. Today, we are going to put all that we learned into a task sequence!

First off, we just need a task sequence that installs Windows 10 Enterprise. I used the default task sequence but am joining the computer to a workgroup. We want to use our fancy new Azure Automation runbook to add the computer to the domain! Here’s my apply network settings step:


The only other change I did was to add an Azure Automation script at the end. I’m using the function from Tuesday and the runbooks from Wednesday and Thursday. I did change my domain join runbook from Wednesday. Instead of just returning the domain join file, I’m also returning the domain join certificate. I exported the certificate as a .reg file and put the text in the script:

$CertString = @'
Windows Registry Editor Version 5.00


$returnObject = @{
return (ConvertTo-Json $returnObject)

Now I have all I need to domain join a computer from anywhere and put it on the network through direct access! My task sequence ends in a script that calls these runbooks:


The script is my Run-AzureRunbook with this code:

$SecretParams = @{
    'UserName'= ''
    'AutomationAccount' = ''
    'adTenant' = ''

$Results = Run-AzureRunbook -RunBookName 'SCSMPortalQuestionsAnswers' -HybridWorkerGroup 'OSD_Automation_Group' -Params '"TicketID":"SR18"' @SecretParams
$OffDomainJoinResults = Run-AzureRunbook -RunBookName 'OfflineDomainJoin' -HybridWorkerGroup 'OSD_Automation_Group' -Params "`"ComputerName`":`"$($Results.'Computer Name')`"" @SecretParams
Rename-Computer -NewName $Results.'Computer Name' -Force
$OffDomainJoinResults.Cert > 'c:\cert.reg' 
regedit /s c:\cert.reg
Remove-Item -Path 'c:\cert.reg' -Force
$OffDomainJoinResults.OfflineDomainJoin > 'c:\djoin.txt'
djoin.exe /requestodj /loadfile c:\djoin.txt /windowspath C:\Windows /localos
Remove-Item -Path 'c:\djoin.txt' -Force

As you can see, I’m first getting the information from the ticket, then running the domain join runbook. I then rename the computer based on the ticket input, import the certificate for direct access, and do the domain join! Now you just need to restart after and you have a computer on the domain!







That’s it for Azure Automation week! I hope you all had fun and learned something!

Leave a Comment