Powershell - Azure - Create VM using templates

During my recent studies on the cloud realm, I've been experimenting with Azure PowerShell module that allows you to manage your Azure subscription remotely via an encrypted remote session. It's pretty handy when you want to automate tasks and don't want to have to go to Azure portal and click through a dozen of screens to get it done.

I've put up the following PowerShell script as my first prototype for Azure Powershell automation that would create a VM on Azure using a JSON Template.

It will validate if there's an active Azure Subscription connection for the current profile, perform it if not. Also validate if a valid URI was provided for the template.


There's a some room for improvement on logging and additional features, but I just wanted to make it quick and simple to exemplify it's usage.

Feel free to take a look and to comment it if you like!

Cheers!

Github source:
https://github.com/diogocatossi/Powershell/blob/master/AzurePowershell-CreateSimpleVMUsingTemplate.ps1

PowerShell - Active Directory PKI - Computer Certificate enrollment

For several years I've been working with Windows Server and desktop infrastructure (dating back from Windows NT 4.0) and Active Directory Services starting with Windows Server 2000. Along these years a subject that remains often unknown to most IT professions is the PKI (Public Key Infrastructure) that hosts the corporate environment Certification Authorities, templates, enrollment services and other components that provide a framework of authenticity to an entity resources. Windows Server Infra can host stand-alone PKI servers or "Active Directory Integrated" which provides the most reliable and efficient method to an AD on-premises production environment, publishing the available templates and CAs forest-wide, root certificates and policies to all member servers, workstations and resources that rely on AD.

For example, 802.1x network authentication relies heavily on the certification authority to validate the computer machine certificate using LDAP queries against the global catalog. 

Also, VPN Gateways may use the same certificate to validate if the computer is allowed to connect checking if the cert is published by the corporate CA and has a valid computer object.

In order to achieve this a computer that's being joined to the domain must have a valid certificate stored in Windows 'Local Machine' cert store and thus I've created the following PowerShell script that performs the certificate enrollment for the desired template which has been published to Active Directory. 

This script developed in PowerShell was designed to perform a LDAP query the AD forest the computer is joined retrieving the published Enrollment Services. It will parse all CAs for the specified cert template and once found will perform the enrollment.

It has built-in resiliency to attempt enrollment for a defined time frame considering network disruption might occur.

Although this is focused to a machine certificate it can be customized to any type of certificate enrollment by modifying the desired cert template and the target store.

I hope you enjoy it and should it be useful or have any suggestion let me know on the comments and I'll be glad to help!

Cheers!

Additional reading about PKI: here

GitHub source:
https://github.com/diogocatossi/Powershell/blob/master/CertEnroll.ps1
Auxiliary ntrights to grant 'Network Service' permission to enroll:
https://github.com/diogocatossi/Powershell/blob/master/ntrights.exe

Gist: 

New Time Begins

Catossi conquering the world! @ Dalsnuten, Norway