Translations: "Dutch" |

Invoke Scripts on Multiple Azure VMs

Jan 8, 2025 Azure PowerShell DevOps IaaS
Share on:

Need to quickly run a script on multiple Azure VMs? This guide walks you through the process of creating and executing PowerShell scripts across multiple Azure virtual machines using the AzVMRunCommand feature.

Prerequisites

Before getting started, ensure you have:

  • PowerShell Az modules installed
  • Active Azure authentication
  • Appropriate permissions to access and modify target VMs

Use Case: Creating Local Windows Accounts

In this guide, we'll walk through a practical example of creating local Windows accounts across multiple Azure VMs. We'll break down the implementation into two main components:

1. Local Account Creation Script

This script runs directly on each target VM to create the local user account:

 1$Password = ConvertTo-SecureString "<your password here or even better, use an input parm" -AsPlainText -Force
 2$UserParams = @{
 3    Name = "<your username here>"
 4    Password = $Password
 5    FullName = "<Full name>"
 6    Description = "Local user account created via PowerShell"
 7    PasswordNeverExpires = $true
 8    UserMayNotChangePassword = $false
 9}
10
11try {
12    New-LocalUser @UserParams
13    Write-Host "User account 'inspark' created successfully!"
14    Add-LocalGroupMember -Group "Administrators" -Member "inspark"
15    Write-Host "User 'inspark' added to Administrators group"
16} catch {
17    Write-Error "Failed to create user account: $_" 
18}
19
20Get-LocalUser -Name $UserParams.Name | Select-Object Name, Enabled, PasswordExpires, LastLogon

2. VM Execution Script

This script handles the deployment of our local account creation script across multiple VMs:

 1# Filter VMs based on tags
 2$vms = Get-AzVM | Where-Object { 
 3    $_.Tags -and 
 4    $_.Tags["Tag key"] -eq "Tag value" 
 5}
 6
 7# Execute script on each VM
 8foreach($vm in $vms) {
 9    Write-Host "Creating local admin user on VM: $($vm.name)"
10    try {
11        Set-AzVMRunCommand `
12         -ResourceGroupName $vm.resourceGroupName `
13        -VMName $vm.name `
14        -Location $vm.location `
15        -RunCommandName "RunCommandName" `
16        SourceScript $script
17    }
18    catch {
19        Write-Error "Failed to execute script on VM $($vm.name): $_"
20    }
21    
22    # Verify execution status
23    Try {
24        $result = Get-AzVMRunCommand `
25        -ResourceGroupName $vm.resourceGroupName `
26        -VMName $vm.name `
27        -RunCommandName "RunCommandName" `
28        -Expand InstanceView
29    }
30    catch {
31        Write-Error "Failed to get script execution status on VM $($vm.name): $_"
32    }
33    Write-Host "Script execution status on VM $($vm.name)"
34    $result.InstanceView
35}

Complete Implementation

Here's the complete script that combines both components:

 1# Define the script to be executed on VMs using here-string
 2$script = @'
 3$Password = ConvertTo-SecureString "<your password here or even better, use an input parm" -AsPlainText -Force
 4$UserParams = @{
 5    Name = "<your username here>"
 6    Password = $Password
 7    FullName = "<Full name>"
 8    Description = "Local user account created via PowerShell"
 9    PasswordNeverExpires = $true
10    UserMayNotChangePassword = $false
11}
12
13try {
14    New-LocalUser @UserParams
15    Write-Host "User account 'inspark' created successfully!"
16    Add-LocalGroupMember -Group "Administrators" -Member "inspark"
17    Write-Host "User 'inspark' added to Administrators group"
18} catch {
19    Write-Error "Failed to create user account: $_" 
20}
21
22Get-LocalUser -Name $UserParams.Name | Select-Object Name, Enabled, PasswordExpires, LastLogon
23'@
24
25# Load and filter VMs
26$vms = Get-AzVM | Where-Object { 
27    $_.Tags -and 
28    $_.Tags["Tag key"] -eq "Tag value" 
29}
30
31# Execute on each VM
32foreach($vm in $vms) {
33    Write-Host "Creating local admin user on VM: $($vm.name)"
34    try {
35        Set-AzVMRunCommand `
36         -ResourceGroupName $vm.resourceGroupName `
37        -VMName $vm.name `
38        -Location $vm.location `
39        -RunCommandName "RunCommandName" `
40        SourceScript $script
41    }
42    catch {
43        Write-Error "Failed to execute script on VM $($vm.name): $_"
44    }
45    Try {
46        $result = Get-AzVMRunCommand `
47        -ResourceGroupName $vm.resourceGroupName `
48        -VMName $vm.name `
49        -RunCommandName "RunCommandName" `
50        -Expand InstanceView
51    }
52    catch {
53        Write-Error "Failed to get script execution status on VM $($vm.name): $_"
54    }
55    Write-Host "Script execution status on VM $($vm.name)"
56    $result.InstanceView
57}

Key Features

  1. Tag-gebaseerd Filteren: Selecteer specifieke VMs met behulp van Azure-tags
  2. AzVMRunCommand: Voer PowerShell scripts uit vanaf jouw systeem op Azure virtual machines
  3. Here-string: Gebruik here-string om een inline script in jouw script te laden

Security Considerations

  • Always use secure password management practices
  • Consider using Azure Key Vault for credential storage
  • Implement proper access controls for the automation account
  • Regularly audit and review local administrator accounts

Reactions

comments powered by Disqus (not working in Firefox)