Coder Social home page Coder Social logo

microsoft / aad-hybrid-lab Goto Github PK

View Code? Open in Web Editor NEW
34.0 22.0 38.0 597 KB

Create a new VM with AD installed, test users created, PowerShell Azure AD modules, and Azure AD Connect installer ready to go.

License: MIT License

PowerShell 89.67% HTML 10.33%

aad-hybrid-lab's Introduction

Azure Active Directory Hybrid Lab

Creates an AD VM with Azure AD Connect installed

Quick Start

Details

  • Deploys the following infrastructure:
  • Virtual Network
  • 1 subnet
  • 1 Network Security Groups
    • AD - permits AD traffic, RDP incoming to network; limits DMZ access
  • Public IP Address
  • AD VM
    • DSC installs AD
    • The Azure vNet is updated with a custom DNS entry pointing to the DC
    • Test users are created in the local AD by passing in an array. There is an array sample set as the default value in the deployment template.
    • Azure Active Directory Connect is installed and available to configure.

Notes

  • The NSG is defined for reference, but is isn't production-ready as holes are also opened for RDP, and public IPs are allocated
  • One VM size is specified for all VMs

NOTICE/WARNING

  • This template is explicitly designed for a lab/classroom environment. A few compromises were made, especially with regards to credential passing to DSC and script automation, that WILL result in clear text passwords being left behind in the DSC/scriptextension package folders, Azure log folders, and system event logs on the resulting VMs.

Bonus

The "deploy.ps1" file above can be downloaded and run locally against this repo, and offers a few additional features:

  • After the deployment completes, it will create a folder on your desktop with the name of the resource group
  • It will then create an RDP connection in that folder for the DC VM.
  • It will generate a text file with your test user names

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

aad-hybrid-lab's People

Contributors

bretthackermsft avatar cocallaw avatar microsoft-github-policy-service[bot] avatar microsoftopensource avatar msftgits avatar zykovaleksandr avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

aad-hybrid-lab's Issues

Azure AD connect

Sorry for posting this under issues but I wasn't sure where else to ask this.

Are you able to connect a local Active Directory with Azure Active Directory just using these scripts ? I need to automate the full install process of AzureADConnect.msi and this repository seems to be the closest thing I could find.
Thank you!

Issues deploying template

Hello,

I'm having issues deploying this template, when I try deploying it the azure portal is throwing the error below.

I believe it's because the VM doesn't have access to anything external, because when i try to access anything in the browser on the vm it throws an unable to connect error in the browser.

See the error below.

{
    "code": "DeploymentFailed",
    "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.",
    "details":
    [
        {
            "code": "Conflict",
            "message": "{ 
				"status": "Failed", 
				"error": { 
						"code": "ResourceDeploymentFailure", 
						"message": "The resource operation completed with terminal provisioning state 'Failed'.", 
						"details": [ { 
							"code": "VMExtensionProvisioningError", 
							"message": "VM has reported a failure when processing extension 'Microsoft.Powershell.DSC'. Error message: "The DSC Extension failed to execute: Error downloading https://raw.githubusercontent.com/Microsoft/aad-hybrid-lab/master/aad-hybrid-lab/DSC/adDSC.zip after 29 attempts: The remote name could not be resolved: 'raw.githubusercontent.com'.More information about the failure can be found in the logs located under 'C:\WindowsAzure\Logs\Plugins\Microsoft.Powershell.DSC\2.80.0.0' on the VM."." 
						} 
					] 
				}
			}"
        }
    ]
}

TLS update on DC

Had to manually add registry keys for TLS in order to prevent errors. Added the following to the DC server.

New-Item -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Name 'DisabledByDefault' -Value '0' -Type DWord
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Name 'Enabled' -Value '1' -Type DWord

New-Item -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Name 'DisabledByDefault' -Value '0' -Type DWord
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Name 'Enabled' -Value '1' -Type DWord

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.