Azure Automation Week Concludes! Let’s put it all together!
Whew, this week flew by! We learned how to set up Azure Automation, how to run a runbook with the REST API, how to do a more advanced offline domain join, and how to get input from the SCSM portal. Today, we are going to put all that we learned into a task sequence!
First off, we just need a task sequence that installs Windows 10 Enterprise. I used the default task sequence but am joining the computer to a workgroup. We want to use our fancy new Azure Automation runbook to add the computer to the domain! Here’s my apply network settings step:
The only other change I did was to add an Azure Automation script at the end. I’m using the function from Tuesday and the runbooks from Wednesday and Thursday. I did change my domain join runbook from Wednesday. Instead of just returning the domain join file, I’m also returning the domain join certificate. I exported the certificate as a .reg file and put the text in the script:
$CertString = @'
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\MY\Certificates\EA767B6091B141417C9A9BE93E5026AEE8D050AE]
BLAHBLAHLBAH
'@
$returnObject = @{
'Cert'=$CertString
'OfflineDomainJoin'="$FileContent"
}
return (ConvertTo-Json $returnObject)
Now I have all I need to domain join a computer from anywhere and put it on the network through direct access! My task sequence ends in a script that calls these runbooks:
The script is my Run-AzureRunbook with this code:
$SecretParams = @{
'UserName'= ''
'Password'=''
'AutomationAccount' = ''
'adTenant' = ''
}
$Results = Run-AzureRunbook -RunBookName 'SCSMPortalQuestionsAnswers' -HybridWorkerGroup 'OSD_Automation_Group' -Params '"TicketID":"SR18"' @SecretParams
$OffDomainJoinResults = Run-AzureRunbook -RunBookName 'OfflineDomainJoin' -HybridWorkerGroup 'OSD_Automation_Group' -Params "`"ComputerName`":`"$($Results.'Computer Name')`"" @SecretParams
Rename-Computer -NewName $Results.'Computer Name' -Force
$OffDomainJoinResults.Cert > 'c:\cert.reg'
regedit /s c:\cert.reg
Remove-Item -Path 'c:\cert.reg' -Force
$OffDomainJoinResults.OfflineDomainJoin > 'c:\djoin.txt'
djoin.exe /requestodj /loadfile c:\djoin.txt /windowspath C:\Windows /localos
Remove-Item -Path 'c:\djoin.txt' -Force
As you can see, I’m first getting the information from the ticket, then running the domain join runbook. I then rename the computer based on the ticket input, import the certificate for direct access, and do the domain join! Now you just need to restart after and you have a computer on the domain!
Beginning:
Middle:
End:
That’s it for Azure Automation week! I hope you all had fun and learned something!
Leave a Comment