我正在使用command1.ps1脚本在目标VM上安装Azure自定义脚本扩展并执行command2.ps1。command2.ps1应该以域管理员的身份运行一个脚本(位于ScriptBlock内部)(因此-Credential $Credentials
)。当我手动运行command2.ps1并输入$ domainAdminName和$ domainAdminPassword时,它可以工作,但是当通过command1.ps1运行它时,则无法工作。可能是由于Azure自定义脚本扩展将command2.ps1作为系统帐户运行引起的吗?请帮我使脚本工作。command1.ps1:
param
(
[Parameter(Mandatory)]
[String]$resourceGroupName,
[Parameter(Mandatory)]
[String]$targetVMname,
[Parameter(Mandatory)]
[String]$vmLocation,
[Parameter(Mandatory)]
[String]$FileUri,
[Parameter(Mandatory)]
[String]$nameOfTheScriptToRun,
[Parameter(Mandatory)]
[String]$customScriptExtensionName,
[Parameter(Mandatory)]
[String]$domainAdminName,
[Parameter(Mandatory)]
[String]$domainAdminPassword
)
Set-AzureRmVMCustomScriptExtension -Argument "-domainAdminName $domainAdminName -domainAdminPassword $domainAdminPassword" `
-ResourceGroupName $resourceGroupName `
-VMName $targetVMname `
-Location $vmLocation `
-FileUri $FileUri `
-Run $nameOfTheScriptToRun `
-Name $customScriptExtensionName
Remove-AzureRmVMCustomScriptExtension -Force `
-ResourceGroupName $resourceGroupName `
-VMName $targetVMname `
-Name $customScriptExtensionName
command2.ps1:
param
(
[Parameter(Mandatory)]
[String]$domainAdminName,
[Parameter(Mandatory)]
[String]$domainAdminPassword
)
$domainAdminPasswordSecureString = ConvertTo-SecureString -String $domainAdminPassword -AsPlainText -Force
$DomainCredentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $domainAdminName, $domainAdminPasswordSecureString
Invoke-Command -ComputerName localhost -ScriptBlock {
Start-Transcript C:\transcript1.txt
New-Item C:\111.txt
Stop-Transcript
} -Credential $DomainCredentials
事件日志中还存在一些错误:https : //i.stack.imgur.com/RKlZo.png https://i.stack.imgur.com/XL28M.png
您可以使用Azure DSC扩展来解决此问题
"properties": {
"publisher": "Microsoft.Powershell",
"type": "DSC",
"typeHandlerVersion": "2.20",
"autoUpgradeMinorVersion": true,
"settings": {
"configuration": {
"url": "url",
"script": "script.ps1",
"function": "function"
},
"configurationArguments": {
"regular": "arguments"
}
},
"protectedSettings": {
"configurationArguments": {
"DomainCredentials": {
"userName": "user",
"password": "password"
}
}
}
然后在您的DSC配置中添加如下参数:
[Parameter(Mandatory)] # doesn't have to be mandatory, just copy pasting
[System.Management.Automation.PSCredential]$DomainCredentials,
模板中的参数名称必须与dsc中的参数名称匹配。您可能可以使用powershell找出类似的东西。我个人从未尝试过,但应该可以。
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句