I try too add some Security roules in my Azure NSG via Powershell, but
Get-AzureNetworkSecurityGroup
doesn't seem to work, it alway returns nothing. I can't select a NSG by Name too
Get-AzureNetworkSecurityGroup -Name myname
Although
Find-AzureRmResource -ResourceNameContains nsg
finds my NSGs.
What do I do wrong?
Thanks
Get-AzureNetworkSecurityGroup is meant for NSG's created using the classic deployment model (Old Portal). This will yeild output only if you have classic NSG's in your subscription.
You have indicated that you get output when you use the Find-AzureRmResource commandlet. Now this is a commandlet for the resources created using the ARM deployment model in Azure. One easy way to identify the Resource Manager commandlets is to look for the letters RM in the commandlet.
Looks like you have NSG's created using Resource Manager, so try the following:
Get-AzureRmNetworkSecurityGroup -Name nsg1 -ResourceGroupName "KaushalRG"
Looks for network security group "nsg1" in resource group "KaushalRG"
More information on the deployment models in Azure can be found here: Azure Resource Manager vs. classic deployment
Related
In order to run migrations on my Test Azure SQL which is configured with PrivateLink I temporarly enable public access and then disable it again.
Set-AzSqlServer
-ServerName $sqlServerName
-ResourceGroupName $(IntegrationResourceGroupName)
-PublicNetworkAccess "Enabled"
And it worked for months, but recently I started receiving this error message.
Cannot find the Azure Active Directory object 'My_DB_Admins_Group_Name'.
Please make sure that the user or group or application you are authorizing is registered
in the current subscription's Azure Active directory. To get a list of Azure Active Directory
groups use Get-AzADGroup, or to get a list of Azure Active Directory
users use Get-AzADUser or to get a list of Azure Active Directory applications use Get-AzADApplication.
Release pipeline was not modified. What might be the reason?
I can execute this PS command from my local machine, as me, and it works fine.
As per the error message : Only azaduser and azadgroup are filtered by azsqlserveractivedirectoryadministrator. It is unlikely that it will look for service principles. You might make an azure ad group called dbas or something similar. To that group, then add the service principal to it.
Then add the group to the sql server using that set-azsqlcommand
$sp = Get-AzADServicePrincipal -DisplayName "theserviceprincipalname"
Add-AzADGroupMember -MemberObjectId $($sp.id) -TargetGroupDisplayName "AAD Group Name"
Set-AzSqlServerActiveDirectoryAdministrator -ResourceGroupName 'data-eastus2' -ServerName 'data-eastus2-sqlsvr' -DisplayName "AAD Group Name"
I'm trying to retrieve a complete list of VMs through PowerShell, but I'm having trouble pulling Classic VMs, and I'm having trouble understanding the distinction between RM and regular cmdlets, particularly when it comes to subscriptions.
Get-AzureRMSubscription correctly returns a complete list of the subscriptions my Azure account has access to. Get-AzureSubscription returns nothing. This means that I can correctly pull all of the new style VMs from any one subscription using Get-AzureRMVM, but since I can't find a 'classic' style subscription, I can't pull any of my existing classic VMs as I can't define which subscription to look in.
I can successfully view all VMs in all Subscriptions through the portal, but not through Powershell for whatever reason. I'm all out of ideas, is there something I'm missing?
Get-AzureRMSubscription Get-AzureSubscription Get-AzureRMVM are resource mode cmdlet, your VMs are classic mode VM, you should use classic cmdlets. Just use the following cmdlets.
#login your classic account
Add-AzureAccount
# Enumerates all configured subscriptions on your local machine.
Get-AzureSubscription
# Select the subscription to use
Select-AzureSubscription -SubscriptionName "mysubscription"
#get classic VM
Get-AzureVM
Classic VM's were the norm when Azure was used using manage.windowsazure.com where, each virtual machine had a cloud service attached to it by default and resources such as Virtual Networks and Firewalls (ACL) were static to each resource.
Azure Resource Manager (ARM) based deployments gives you the power of having flexible deployment models (e.g. one firewall/NSG for x number of VM's). A detailed study can be found on the below link:
Azure Resource Manager based deployments explained
For your question you can use the below Cmdlets to get all classic virtual machines.
#login your classic (work AD / Personal) account using the pop-up
Add-AzureAccount
# Get All subscriptions under the non-rm account. DO NOT USE Get-AzureRMSubscription for any classic resources
Get-AzureSubscription
# Select the subscription to use using the Subscription name or ID (if all your subscription names say pay-as-you-go for e.g. you may want to use your subscription ID)
Select-AzureSubscription -SubscriptionName "enter-your-subscription-name" OR -SubscriptionId "alternatively-use-subscription-id"
#List all the VM's in a variable for further use (if needed, else direct display)
$vmList = Get-AzureVM
#Output the Virtual Machines on the subscription
Write-Output ($vmList)
Done !
Even after looking at the docs, I couldn't find a way to do this with the AzureRM powershell cmdlets. Does anyone know how to do this?
The old Azure Service Management powershell cmdlets have a Publish-AzureServiceProject, but I believe it is deprecated now.
EDIT: Supplement Answer to yoape's answer below
You can create a new classical cloud service project using something like this:
New-AzureRmResource -ResourceType "Microsoft.ClassicCompute/domainNames" -Location "centralus" -ResourceName "myCloudServiceProjectName" -ResourceGroupName "myResourceGroup"
Where Microsoft.ClassicCompute/domainNames is the magic sauce one needs to create the desired classic cloud service project.
However, (afaik) you will still need to deploy/publish the classic cloud service via the old cmdlet: Publish-AzureServiceProject. Using the above cmdlet lets you create the cloud project in the proper resource group though.
The classic compute services are basically not supported by the Azure Resource Manager model. This means you cannot use the AzureRM cmdlets for publishing your Cloud Services.
The Publish-AzureServiceProject cmdlet from ASM is not depricated (yet), you can still use it (in fact it is still the only way to publish your Cloud Service from PowerShell). Perhaps you where thinking about the deprecation of the Switch-AzureMode cmdlet?
I am trying to run a task on TFS which requires AD set up. I managed to set up all connections, but for some reason Subscription on TFS is not selected.
I am not sure to what account do I have to log in, to set default subscription. -Default parameter is deprecated btw.
Task add-on I am trying to use is downloadable here:
https://marketplace.visualstudio.com/items?itemName=rbengtsson.appservices-start-stop&showReviewDialog=true
TFS build error:
I tried to set up via power-shell:
I have tested the Azure AppServices Stop task on my side, and found this task works perfectly with Azure Classic Connection Type, but while used Azure Resource Manager Connection Type, I got the same error message as you.
According to the source code of Azure AppServices Stop task on GitHub, this task actually uses Azure Power Shell below to stop the service:
$website = Get-AzureWebsite -Name $WebAppName
Stop-AzureWebsite -Name $WebAppName
It seems Stop-AzureWebsite only works with Azure Classic, as we can't find it in Using Azure PowerShell with Azure Resource Manager.
In conclusion, if you want to use Azure AppServices Stop task, you need to choose Azure Classic Connection Type:
Using the latest version of AzureRM Powershell you now can use Azure Resource Manager connection type and use commands like:
Start-AzureRmWebApp
Stop-AzureRmWebApp
The service I wish to upgrade is in a resource group and my user account is configured as an owner of that resource group. The user account is limited to only access the one resource group.
I can successfully update the cloud service using the new management portal by uploading a cspkg and a cscfg file.
I'm trying to automate this process using Azure Powershell.
This is what I've tried so far:
Set-AzureDeployment -Upgrade -ServiceName test-service -Configuration C:\temp\test-service.cscfg -Package "https://test-service.blob.core.windows.net/azurepowershelldeploy/test-package.cspkg" -Slot Production -Mode Auto -Label test-2015-07-28T00:33:04
ForbiddenError: The server failed to authenticate the request.
Verify that the certificate is valid and is associated with this subscription.
Having a look in fiddler, it's making a request to this endpoint, and getting back a 403 forbidden.
POST /xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx/services/hostedservices/test-service/deploymentslots/Production/?comp=upgrade HTTP/1.1
I believe the ASM API's don't work properly with resource groups. Is there a method to update a cloud service using the new ARM API's?
You can deploy, update or delete all of the resources for your application in a single, coordinated operation using ARM.
You would redeploy your ARM template to an existing RG using:New-AzureResourceGroupDeployment
The New-AzureResourceGroupDeployment cmdlet adds a deployment to an existing resource group, including the resources that the deployment needs. This cmdlet is similar to the New-AzureResourceGroup cmdlet, but it works on existing resource groups, instead of new ones. To add a single resource to a resource group, use the New-AzureResource cmdlet.
A good walk through for your scenario (with a few changes) is at: Provision and deploy microservices predictably in Azure
This tutorial shows how to provision and deploy an application composed of microservices in Azure App Service as a single unit and in a predictable manner using JSON resource group templates and PowerShell scripting.
Instead of using an app service resource in the RG template, use the types of resources you'd need. Then call the above New-AzureResourceGroupDeployment cmdlet instead of New-AzureResourceGroup cmdlet.