MVA-Config-201.ps1

# Microsoft Virtual Academy
# Automatisierte Konfiguration in Azure im Überblick
# 201 - http://aka.ms/mva-1505-201

#region Create VM

# Settings
$subscriptionName = "MSFT MVA Stage" # Get-AzureSubscription
$location = "West Europe" # Get-AzureLocation
$serviceName = "mvaconfig202"
$storageAccountName = $serviceName
$adminUsername = "adm_demo"
$adminPassword = "Azureisttoll!"
$imageFamily = "Windows Server 2012 R2 Datacenter"
$vmName = $serviceName
$instanceSize = "Medium" # Get-AzureRoleSize

# In case you have more than one Azure subscription, select one.
Select-AzureSubscription -SubscriptionName $subscriptionName

# Get latest image for defined image family.
# MVA03-Images.ps1 / https://gist.github.com/pkirch/058d757a799fa0087241
$imageName = Get-AzureVMImage | 
                Where-Object -Property ImageFamily -eq $imageFamily | 
                Sort-Object -Property PublishedDate -Descending | 
                Select-Object -ExpandProperty ImageName -First 1

# Create storage account and set is as current.
New-AzureStorageAccount -Location $location -StorageAccountName $storageAccountName -Type Standard_LRS
Set-AzureSubscription -SubscriptionName $subscriptionName -CurrentStorageAccountName $storageAccountName

# Create new VM configuration, add provisioning data to it, and start it.
New-AzureVMConfig -ImageName $imageName -InstanceSize $instanceSize -Name $vmName |
    Add-AzureProvisioningConfig -Windows -AdminUsername $adminUsername -Password $adminPassword |
    Add-AzureEndpoint -LocalPort 80 -Name HTTP -Protocol tcp -PublicPort 80 |
    New-AzureVM -ServiceName $serviceName -Location $location -WaitForBoot

#endregion

#region Prepare connection

# Create credentials for remote session.
$secPasswd = ConvertTo-SecureString $adminPassword -AsPlainText -Force
$credentialHost = New-Object System.Management.Automation.PSCredential ($adminUsername, $secPasswd)

# Get host and port to connect to VM via PowerShell Remoting
$uriHost = Get-AzureWinRMUri -ServiceName $serviceName -Name $vmName

# Prepare and create new PSSession object.
$psso = New-PSSessionOption -SkipCACheck # Alternative way would be to download and import WinRM certificate.
$sessionHost = New-PSSession -ComputerName $uriHost.Host -Port $uriHost.Port -Credential $credentialHost -UseSSL -SessionOption $psso

#endregion

#region Invoke command via PowerShell Remoting and install ADDS and forrest

Invoke-Command -Session $sessionHost -ScriptBlock { 

param($adminPassword, $domainName, $domainNetbiosName)

#Import-Module ServerManager
Add-WindowsFeature -Name AD-Domain-Services

# Save secure string with password.
$securePassword = ConvertTo-SecureString -String $adminPassword -AsPlainText -Force

#
# Windows PowerShell script for AD DS Deployment
#

Import-Module ADDSDeployment
Install-ADDSForest `
-CreateDnsDelegation:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "Win2012R2" `
-DomainName $domainName `
-DomainNetbiosName $domainNetbiosName `
-ForestMode "Win2012R2" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true `
-SafeModeAdministratorPassword:$securePassword

} -ArgumentList $adminPassword, <# $domainName #> $uriHost.Host, <# $domainNetbiosName #> "net$serviceName"


#endregion

#region Install and configure IIS

Invoke-Command -Session $sessionHost -ScriptBlock { 

param($adminPassword, $domainName, $domainNetbiosName)

#Import-Module ServerManager
Add-WindowsFeature -Name  Web-Server, Web-Windows-Auth, Web-Mgmt-Tools

Set-WebConfigurationProperty -Filter system.webServer/security/authentication/anonymousAuthentication -PSPath "IIS:\Sites" -Location "Default Web Site" -Name Enabled -Value False
Set-WebConfigurationProperty -Filter system.webServer/security/authentication/windowsAuthentication -PSPath "IIS:\Sites" -Location "Default Web Site" -Name Enabled -Value True

}

#endregion

# Clean up: close connection
Remove-PSSession -Session $sessionHost