Search code examples
powershellazurewindowsdomainaccount

How to run Azure VM CustomScriptExtension as domain user? (part 1)


What I have working is a Powershell script that takes a JSON file to create a new VM; the JSON file contains instructions for the VM to join a domain and run a custom script. Both things do happen, but the script runs as the user workgroup\system and therefore doesn't have access to a network drive.

  • Does listing the extensions in this order guarantee that the script runs after the domain join is complete (or is it haphazard)?

Is there something I can do to ensure that the script does not run until the domain join is complete? How can I best detect (locally from the new VM) that the domain join is complete? How would you delay the running of the script until a better time (something like a once-off cron job)?

Update: Split question in two, other half is here.

Also, immense thanks to Dewi Jones for more than an hour of interactive support. I'm indebted by being able to give only a single check mark in return.


Solution

  • Get the domain and if the domain is equal to the one you are joining then continue.

    $domain = gc env:UserDNSDomain
    
    While ($domain -neq "FQDN")
    {
    Start-Sleep -seconds 2
    }
    

    Otherwise you can call a script using credentials as follows

    $username = 'user'
    $password = 'password'
    $PSArgs = 'Script file name'
    $securePassword = ConvertTo-SecureString $password -AsPlainText -Force
    $credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
    Start-Process Powershell.exe -Credential $credential $PSArgs