我正在创建一个自定义策略,以通过部署扩展来强制所有具有来自某个资源组的映像的 VM 加入域。
我遇到了一个问题,它无法正常工作,即使我将用户名和密码硬编码到变量中,它也一直说我没有权限。
{
"if": {
"allOf": [
{
"field": "type",
"in": [
"Microsoft.Compute/virtualMachines",
"Microsoft.Compute/VirtualMachineScaleSets"
]
},
{
"field": "Microsoft.Compute/imageId",
"contains": "resourceGroups/Templates"
}
]
},
"then": {
"effect": "deployIfNotExists",
"details": {
"name": "Microsoft.PowerShell",
"type": "Microsoft.Compute/virtualMachines/extensions",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Compute/virtualMachines/extensions/type",
"equals": "CustomScriptExtension"
},
{
"field": "Microsoft.Compute/virtualMachines/extensions/publisher",
"equals": "Microsoft.PowerShell"
}
]
},
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vmName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {
"domainJoinUserName": "",
"domainJoinUserPassword": "",
"domainFQDN": "myDomain.com",
"domainJoinOptions": 3
},
"resources": [
{
"comments": "Join domain - JsonADDomainExtension",
"apiVersion": "2015-06-15",
"type": "Microsoft.Compute/virtualMachines/extensions",
"name": "[concat(trim(parameters('vmName')[copyIndex()]),'/joindomain')]",
"location": "[parameters('location')]",
"copy": {
"name": "vmDomainJoinCopy",
"count": "[length(parameters('vmName'))]"
},
"properties": {
"publisher": "Microsoft.Compute",
"type": "JsonADDomainExtension",
"typeHandlerVersion": "1.3",
"autoUpgradeMinorVersion": true,
"settings": {
"Name": "[variables('domainFQDN')]",
"User": "[variables('domainJoinUserName')]",
"Restart": "true",
"Options": "[variables('domainJoinOptions')]"
},
"protectedSettings": {
"Password": "[variables('domainJoinUserPassword')]"
}
}
}
]
}
}
}
}
}
}