Configuring Azure DSC Automation with PowerShell in 5 steps

DSC review

  • Azure virtual machines
  • Azure virtual machines (classic)
  • Physical/virtual Windows machines on-premises, or in a cloud other than Azure (including AWS EC2 instances)
  • Physical/virtual Linux machines on-premises, in Azure, or in a cloud other than Azure

Pricing

Supported VMs

  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012R2
  • Windows Server 2012
  • Windows Server 2008 R2 SP1
  • Windows 10
  • Windows 8.1
  • Windows 7

Azure DSC configuration steps

  1. Create an Automation account.
  2. Create the configuration file which contains the Desired State Configuration for your VMs.
  3. Import the configuration file which contains the Desired State Configuration for your VMs to the Azure automation account.
  4. Compile the configuration file, this process verifies that there are no errors in the configuration file.
  5. Register VMs with the DSC we have just created.

Create an Automation account

Create the configuration file

  • Load the Powershell DSC Configuration module
  • Install/verify the Telnet-Client Windows Feature
  • Verifies that a registry key DownloadOAB is with the value of 0
  • Verifies that the Guest local user is in a Disabled state
  • You can find the configuration script at the end of the blog.

Import the configuration file

Create the configuration file

Register VMs with the DSC configuration

  • ApplyOnly: DSC applies the configuration and does nothing further unless a new configuration is pushed to the target node or when a new configuration is pulled from service. After the initial application of a new configuration, DSC does not check for drift from a previously configured state. Note that DSC will attempt to apply the configuration until it is successful before ApplyOnly takes effect.
  • ApplyAndMonitor: This is the default value. The LCM applies any new configurations. After the initial application of a new configuration, if the target node drifts from the desired state, DSC reports the discrepancy in logs. Note that DSC will attempt to apply the configuration until it is successful before ApplyAndMonitor takes effect.
  • ApplyAndAutoCorrect: DSC applies any new configurations. After the initial application of a new configuration, if the target node drifts from the desired state, DSC reports the discrepancy in logs and then re-applies the current configuration.
  • As I mentioned earlier, using the Azure portal, you can select only one VM at the time, unlike Powershell:

Troubleshooting DSC configuration

  • The configuration is checked by default every 15 minutes, therefore sometimes it will take a few minutes until the configuration will be enforced or monitor:
  • To view the current Local DSC configuration (LCM), run the next command from the target VM:
  • To verify that all the components from the configuration file were implemented (3 in our example: WindowsFeature, Registry, and User), run the next command from the target VM:
  • In case one of the configuration components was changed the status of the VM will be changed from Compliant to Not compliant.
    I have removed the Telnet-Client Windows Feature from DC02 and the dashboard was changed accordingly:
  • The next example informs us, that the Telnet Client component is OK by checking the Ensure attribute.
    In case it is in a Present state, the configuration is set on the VM:
  • Another way to check the status of the DSC configuration is by running the next command and verify that the status is true.
    In case that the VM is not compliant, the status will be False:

Summery

  1. Create an Automation account:
    New-AzAutomationAccount -ResourceGroupName EXCH -Name DCAUTO -Location westeurope
  2. Create the configuration file which contains the Desired State Configuration for your VMs.
  3. Import the configuration file which contains the Desired State Configuration for your VMs to the Azure automation account:
    Import-AzAutomationDscConfiguration -SourcePath C:\Temp\DSC\test.ps1 -ResourceGroupName EXCH -AutomationAccountName DCAUTO -Published
  4. Compile the configuration file, this process verifies that there are no errors in the configuration file:
    Start-AzAutomationDscCompilationJob -ResourceGroupName exch -ConfigurationName test -AutomationAccountName DCAUTO
  5. Register VMs with the DSC we have just created:
    Register-AzAutomationDscNode -AzureVMName DC01 -ResourceGroupName EXCH -AutomationAccountName DCAUTO -NodeConfigurationName Test.localhost -ConfigurationMode ApplyAndMonitor

Configuration script sample

--

--

--

During the last 14 years, I was working as a Senior PFE within Exchange area at Microsoft. Now I’m Senior Consult as Azure IAAS, PowerShell & Automations.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Write clean and quality code with SOLID Principles

Getting Started with Jenkins + Android

Inventory Alert System in Excel with Automated Email

Exchange and .Net Framework compatibility on Azure IAAS.

How To Become a Web Developer in 2021

Debugging on XIAOMI/MIUI Device

Low-code or no-code platforms? LOKO AI, that’s an all-in-one

Facebook Graph Analysis Using NetworkX

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Tzahi Kolber

Tzahi Kolber

During the last 14 years, I was working as a Senior PFE within Exchange area at Microsoft. Now I’m Senior Consult as Azure IAAS, PowerShell & Automations.

More from Medium

Git basic commands

GIT & Basic Git with Gitlab

Generate code for a REST API call using Postman in just a few clicks