Deploying Azure Arc agent using PowerShell + AMA + Tagging
In this post, we take a closer look at how to deploy Azure Arc agents using PowerShell and tag them based on the Active Directory tiering level. Today we have at least 5 different ways how to get agents on our servers.
- Administrator permissions
- PowerShell remoting needs to be enabled
- ConnectedMachine PowerShell module
- Azure subscription
- Resource Group
- Internet connection
In this example, I’m going to connect my servers under the RG-PROD-IT-AZURE-ARC-WE Resource Group. You can create the Resource Group manually using the Azure portal or use the AZ PowerShell module.
We also query the local Active Directory during the agent installation to get the server tiering level and add the tiering as a tag.
Here is my sample Active Directory tree. I have two different servers, and both of them are under the TIER-1\Servers OU.
Tagging these serves from the Azure isn’t required directly but recommended. Tagging gives you extra information about that resource, and you can use that data in different scenarios.
Az.ConnectedMachine module installation
The first step is to install AZ.ConnectMachine PowerShell module from the PowerShell Gallery. If you already have the AZ module installed, then you don’t need to install it twice.
The next step is to connect Azure and change the connection context. This is only required if you have access to multiple subscriptions. If you have only one, then skip the Set-AzContext command.
Active Directory Query
This script also includes one function called Get-ADTieringLevel. I’m using the ADSISEARCHER type accelerator to query server OU. I can determine the tier level based on the OU and add it later as a resource tag.
PowerShell remote session
If you manage a bunch of servers, you don’t want to log on to every system and install the agent manually. In this example, I’m also using ToUpper() method because otherwise, the server names end up with lower letters in the Azure portal.
So now that we have the remote session up and running, we can gather the information from AD and run the Connect-AzConnectMachine cmdlet to do the onboarding.
You should the following out:
After successful onboarding, we can remove the remote session.
Enable Azure Monitor Agent extension
The final step is to enable the new Azure Monitor Agent. This command takes a few minutes to run.
You should see the following output
If everything worked correctly, then from the Azure portal you see the following object and information.
Download the full script from here – AzureArc/Remote-AzureArcOnBoardingV2.ps1 at main · Kaidja/AzureArc (github.com)