How to Build an Azure Automation Lab

Preston Parsard · ‎Apr 07 2020

Hello fellow IT industry professionals! I’m Preston K. Parsard, and I’m truly excited to bring you some awesome automation opportunities, so to start, let’s consider these scenarios:

1. You’re an IT professional and to stay competitive, relevant and enhance your ability to manage large volumes of resources, you would like to quickly develop one or more of the following skills.

Azure Automation
Windows PowerShell
Windows PowerShell Desired State Configuration
PowerShell Core
Desired State Configuration for Linux

You also don’t want to worry about the details of building this lab yourself from scratch.

2. Maybe you’re more of an IT or business decision maker instead and would like to offer opportunities for your technical staff to quickly provision an on-demand training environment without having to invest in any capital expenditures. Furthermore, you want to allow your staff to deprovision those resources just as easily when required to reduce operational expenses.

3. What about if you’re a trainer for any or all the training topics mentioned above and need a convenient way to provide an individual lab environment for each attendee in your class, where each sand-box is customized and segregated for all participants?

If you fit any of these roles and intentions, your responsibilities, including tracking and updating the configuration of this type of solution may soon become a little easier now. After all, what if your automated lab building solution was already documented as some sort of declarative (i.e. infrastructure as…) code? What if all you had to do was run a script and enter a few parameters to trigger and cascade a set of templates to provision your lab for you?

Azure Automation Lab

Disclaimer

This project is meant for training or demonstration only and should not be construed as suitable for production purposes. Although it may be cloned, enhanced and customized to a production solution using recommended architectural patterns, the effort required for those enhancements will be at your or your organizations own discretion and responsibility.

Please see the Azure Reference Architectures for guidance on production level planning and design projects.

This article briefly outlines the project without focusing on the specific details, which are available in the README.md file referenced in the project link in the references section at the end.

Welcome to the 0026-azure-automation-plus-dsc-lab project! Ok, I admit that’s a little long, so we can just call it Project 0026 for short.

This solution will deploy a new lab environment fairly quickly once you review the training goals and meet the requirements. The process includes downloading a script, running it and supplying a few parameters. After that, you can do something else, like go to lunch, then come back later to find the completed deployment in about an hour. I do realize that some of you may first want to pause and review the source code before running it. I get that and completely recommend that look-before-you-leap approach anyway. The total solution is probably about 4,000 lines of code, mostly based on Java Script Object Notation (JSON) ARM templates, Desired State Configuration and PowerShell scripts. After you or your favorite IT or Cybersecurity folks review Project 0026 and you’re comfortable, then subsequent deployments can be initiated in about the same time it takes daylight from the sun to reach the earth. Reference: https://en.wikipedia.org/wiki/Sunlight

Pre-requisites

So let’s cover what we’ll need to actually make this work now.

An Azure subscription
A web browser
An Internet connection
Windows PowerShell Version 5.1
Membership in the local Administrators group on the machine on which you will execute the PowerShell script.
During script execution, you will be asked to upgrade the legacy AzureRM PowerShell modules to the newer Az versions and a link to a reference that explains how and why this is necessary. Don’t worry if you’ve already upgraded to the Az modules on your system. In that case you can still answer the prompt with “Y”, “y”, “YES” or “yes” to continue and it will just pull the latest version of the Az modules down for you.
A password that must be at least 12 characters in length and meet complexity requirements, i.e. 3 out of 4 of upper case, lower case, numeric and special characters.
Cost: The resource cost for this solution will vary depending on the the parameters you use when you execute the script, such as -excludeAds <yes|no>, -excludeWeb <yes|no>, -excludeSql <yes|no>, excludePki <yes|no>, -includeCentOS <yes|no> and -includeUbuntu <yes|no>. The cost also varies according to which type of subscription you have. See the README.md file for examples. For demos, you can decide to even delete the entire resource group and resources once finished, or schedule virtual machine shutdowns at night or during the weekends. See links item 6 in the references section at the end for more information about the pricing calculator.

Lab Infrastructure

The environment will consist of a minimum of 2, up to a maximum of 11 servers depending on the values of the include... or exclude... parameters used; All machines consists of 9 Windows and 2 Linux, and some supporting resources such as:

A storage account to record diagnostic events.
An automation account to, well…even automate some more stuff like runbooks later if desired.
A log analytics workspace to configure advanced logging and monitoring.
A recovery services vault to backup and restore data or entire VMs.

The VM roles that will be deployed are:

Domain Controllers

Three Windows 2019 Data Center Core domain controllers, where only 1 will be promoted to a domain controller named AZRADS##03.dev.adatum.com. Both AZRADS##01.dev.adatum.com & AZRADS##02.dev.adatum.com are optional based on the value of the -includeAds parameter and are only member servers until you promote them.

Development/Jump Server

One Windows 2019 Data Center Development/Jump/DSCPull/DSCPush server with the Visual Studio 2019 Community Edition VM image. This will be AZRDEV##01.dev.adatum.com.

Web Servers

Two optional Windows 2019 Data Center Core servers, initially deployed as standalone servers but which can later be configured after deployment as web servers using something like Desired State Configuration or an imperative PowerShell script. These are named AZRWEB##01.dev.adatum.com and AZRWEB##02.dev.adatum.com.

Database Servers

Two optional Windows 2019 Data Center servers (without the SQL image), initially deployed as standalone servers but which can be configured after deployment as SQL 2019 servers, again using either Desired State Configuration or imperative PowerShell. These are AZRSQL##01.dev.adatum.com and AZRSQL##02.dev.adatum.com

Linux Server

One optional CentOS 7 server, which can be used to demonstrate or practice PowerShell 7 or PowerShell DSC for Linux concepts. This is AZRLNX##01.

One optional Ubuntu server, which can also be used as an additional Linux workload. This is AZRLNX##02.

PKI Server

One optional Windows 2019 Data Center with a GUI PKI server named AZRPKI##01.dev.adatum.com. This is really just a base Windows VM image that you can also practice configuring as an actually PKI server. Hey, it could be a great exercise to build this with Desired State Configuration, right?

So these are all the 11 servers that can be deployed for your lab if you don't exclude any of them with either the -exclude... or -include... workload parameter switches. Remember that the details are available in the README.md file for the Azure Automation Plus DSC Lab, or better yet, if you’re more of a visual learner, with slide animations and demos, here’s the video!

Deploying the Solution

PowerShell Method

To deploy this project, you can either download the script or clone the GitHub repository to your desired target directory on your machine or a file share. Make sure to unblock the script Deploy-AzureResourceGroup.ps1 so it will execute if your PowerShell execution policy is set to something like Remote Signed. Next open your PowerShell editor or console such as the Windows PowerShell ISE, PowerShell, Visual Studio Code, Visual Studio 2019 as an administrator and run the script.

Once the script starts, follow these seven simple steps to initiate the deployment:

Acknowledge that the required modules, such as the Az modules will replace the legacy AzureRM modules (if installed), otherwise if the Az modules are already installed, they will just be updated.
Authenticate to your Azure subscription.
Enter your subscription name when prompted.
Specify a student number from 10-26 that will be used to uniquely identify your Azure resources.
Enter the geographic Azure region to which you want to deploy this solution.
Provide an administrative password for the adm.infra.user account that will be used to build the servers for you.
Wait for the deployment to complete, which ideally should take about 1-2 hours if all conditions are satisfied. The more workloads you decide to select with the -include... or -exclude... parameters, the longer the deployment will take.

Azure CLI (bash) Method

You can also use the Azure CLI method if you prefer. An example set of commands and explanatory comments are also provided in the README.md file for this project.

Connecting to your Lab

If you use the PowerShell deployment method, your RDP prompt will open automatically for you to authenticate, otherwise using the Azure CLI method will require you to connect to the jump/development VM from the portal at https://portal.azure.com

After Deploying the Template

This solution includes Azure Bastion connectivity, where you can RDP or SSH to your VMs securely with a TLS (TCP 443) connection from the Internet. Initially, an RDP connection to the jump server is provisioned, but an attempt is made to deploy Azure Bastion. If the Azure Bastion deployment is successful, then the previously deployed public IP address for the jump server is disconnected and all the relevant Network Security Group firewall rules are updated accordingly. The Azure Bastion deployment however may fail if it is not currently available in your region, in which case the jump server connection method will be used. To see the latest supported regions, please refer to the online documentation here.

Select Azure BastionProvide Credentials

Ok, so now you have a lab infrastructure to explore. Although we don’t provide exactly what excercises to practice or learn, there is a basic outline of recommended training objectives, such as building the Dev server as a Desired State Configuration push/pull server to simulate an on-premises push/pull scenario based in Azure.

I say we above because I anticipate that some of you just can’t wait to help me out with this later on by filing issues, recommending features, submitting pull requests, and even contributing, right?

Target State Diagram

After the deployment, this is what the end result should look like:

Summary

So we’ve covered some of the benefits of Project 0026, what’s required to get started, what’s included in the lab infrastructure, as well as a couple of methods that can be used to perform this deployment. Next, we wrapped it up with how to connect once the solution is provisioned, along with some recommended guidance on what skills you can develop and a target state diagram to reference as you learn. Note also that the ARM templates provide configuration as code documentation. This means for those of you who are, like a magnetic compass needle pulled towards the north pole, are more compelled to investigate the details of the JSON files to see what was actually done and how, the Project 0026 world is now your virtual oyster.

I’d really love to hear any feedback you may have on how we can make this project better for everyone. So what else can we do to help make you a hero (cape not included)?

Well that’s it for now IT superstars. I say superstars because I believe anyone interested in reducing administrative effort and leveraging open source contributions to accelerate learning can be nothing less than either a current or future star. Am I right?

References

Project 0026

1. https://github.com/autocloudarc/0026-azure-automation-plus-dsc-lab

Links

1. Azure ARM templates

https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/overview

2. Azure Automation:

https://docs.microsoft.com/en-us/azure/

3. Desired State Configuration:

https://docs.microsoft.com/en-us/powershell/dsc/overview

4. Desired State Configuration for Linux:

https://docs.microsoft.com/en-us/powershell/dsc/lnxgettingstarted

5. Powershell Core:

https://docs.microsoft.com/en-us/powershell/scripting/whats-new/what-s-new-in-powershell-core-60?vie...

6. Example Scenario:

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/windows-powershell-and-dsc-o...

7. Azure Pricing Calculator:

https://azure.microsoft.com/en-us/pricing/calculator/

Videos

1.How to Build an Azure Automation Lab

Rahul_Mahajan · ‎Apr 09 2020

Thanks for the great initiative to make admins live easy :

getting below error - Fixed it by changing Az module command :

Get-AzureRMLocation : The term 'Get-AzureRMLocation' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included,
verify that the path is correct and try again.
At C:\Users\r\Downloads\Auto\0026-azure-automation-plus-dsc-lab-master\Deploy-AzureResourceGroup.ps1:259 char:16
+ $regions = Get-AzureRMLocation | Select-Object -ExpandProperty Lo ...
+ ~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-AzureRMLocation:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException

This is the new one unable to fix - Please help

VERBOSE: Performing the operation "Creating Deployment" on target "rg13".
New-AzResourceGroupDeployment : 4:22:24 PM - Error: Code=; Message=
At C:\Users\r\Downloads\Auto\0026-azure-automation-plus-dsc-lab-master\Deploy-AzureResourceGroup.ps1:293 char:1
+ New-AzResourceGroupDeployment -ResourceGroupName $rg `
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzResourceGroupDeployment], Exception
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet

Preston Parsard · ‎Apr 10 2020

@Rahul_Mahajan , Hi Rahul. Thanks for reporting the faulty Get-AzureRMLocation cmdlet. Good find! I've since correct it and pushed it back to the GitHub repo now. For the other error: VERBOSE: Performing the operation "Creating Deployment" on target "rg13"; I wasn't able to reproduce that one so it worked for me, with student number 13, running in Windows PowerShell 5.1. Can you please either go to the issues tab in GitHub for this project and upload the transcript log file or send me a note directly from this forum? I'll try to troubleshoot it from there. I have also since corrected the Get-AzureRmPublicIpAddress issue by using the new Cmdlet Get-AzPublicIpAddress, pushed and tested the change, which is testing well on my side now. Thanks.

Rahul_Mahajan · ‎Apr 10 2020

Thanks @Preston Parsard

Please help to understand what to provide here :

When checked its pointing to azuredeploy.json and something related to VM creation and just need to provide any new password to proceed :D

Next thing need to be fixed is :

Get-AzureRMPublicIpAddress : Method 'get_SerializationSettings' in type 'Microsoft.Azure.Management.Internal.Resources.ResourceManagementClient' from assembly
'Microsoft.Azure.Commands.ResourceManager.Common, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' does not have an implementation.
At C:\Users\r\Downloads\Auto\0026-azure-automation-plus-dsc-lab-master\Deploy-AzureResourceGroup.ps1:306 char:17
+ ... $fqdnDev = (Get-AzureRMPublicIpAddress -ResourceGroupName $rg | Where ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-AzureRmPublicIpAddress], TypeLoadException
+ FullyQualifiedErrorId : System.TypeLoadException,Microsoft.Azure.Commands.Network.GetAzurePublicIpAddressCommand

===============================================================

Logs from FIle :

**********************
PS>TerminatingError(Get-AzureRmPublicIpAddress): "Method 'get_SerializationSettings' in type 'Microsoft.Azure.Management.Internal.Resources.ResourceManagementClient' from assembly 'Microsoft.Azure.Commands.ResourceManager.Common, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' does not have an implementation."
**********************
Command start time: 20200411083943
**********************
PS>TerminatingError(Import-Module): "AzureRM.Profile already loaded. Az and AzureRM modules cannot be imported in the same session or used in the same script or runbook. If you are running PowerShell in an environment you control you can use the 'Uninstall-AzureRm' cmdlet to remove all AzureRm modules from your machine. If you are running in Azure Automation, take care that none of your runbooks import both Az and AzureRM modules. More information can be found here: https://aka.ms/azps-migration-guide."
**********************
Command start time: 20200411083944
**********************
PS>TerminatingError(Import-Module): "AzureRM.Profile already loaded. Az and AzureRM modules cannot be imported in the same session or used in the same script or runbook. If you are running PowerShell in an environment you control you can use the 'Uninstall-AzureRm' cmdlet to remove all AzureRm modules from your machine. If you are running in Azure Automation, take care that none of your runbooks import both Az and AzureRM modules. More information can be found here: https://aka.ms/azps-migration-guide."
**********************
Command start time: 20200411083945
**********************
PS>TerminatingError(Import-Module): "AzureRM.Profile already loaded. Az and AzureRM modules cannot be imported in the same session or used in the same script or runbook. If you are running PowerShell in an environment you control you can use the 'Uninstall-AzureRm' cmdlet to remove all AzureRm modules from your machine. If you are running in Azure Automation, take care that none of your runbooks import both Az and AzureRM modules. More information can be found here: https://aka.ms/azps-migration-guide."
**********************
Command start time: 20200411083946
**********************
PS>TerminatingError(Import-Module): "AzureRM.Profile already loaded. Az and AzureRM modules cannot be imported in the same session or used in the same script or runbook. If you are running PowerShell in an environment you control you can use the 'Uninstall-AzureRm' cmdlet to remove all AzureRm modules from your machine. If you are running in Azure Automation, take care that none of your runbooks import both Az and AzureRM modules. More information can be found here: https://aka.ms/azps-migration-guide."
**********************
Command start time: 20200411083947
**********************
PS>TerminatingError(Import-Module): "AzureRM.Profile already loaded. Az and AzureRM modules cannot be imported in the same session or used in the same script or runbook. If you are running PowerShell in an environment you control you can use the 'Uninstall-AzureRm' cmdlet to remove all AzureRm modules from your machine. If you are running in Azure Automation, take care that none of your runbooks import both Az and AzureRM modules. More information can be found here: https://aka.ms/azps-migration-guide."
**********************
Command start time: 20200411083948
**********************
PS>TerminatingError(Import-Module): "AzureRM.Profile already loaded. Az and AzureRM modules cannot be imported in the same session or used in the same script or runbook. If you are running PowerShell in an environment you control you can use the 'Uninstall-AzureRm' cmdlet to remove all AzureRm modules from your machine. If you are running in Azure Automation, take care that none of your runbooks import both Az and AzureRM modules. More information can be found here: https://aka.ms/azps-migration-guide."
**********************
Command start time: 20200411083949
**********************
PS>TerminatingError(Import-Module): "AzureRM.Profile already loaded. Az and AzureRM modules cannot be imported in the same session or used in the same script or runbook. If you are running PowerShell in an environment you control you can use the 'Uninstall-AzureRm' cmdlet to remove all AzureRm modules from your machine. If you are running in Azure Automation, take care that none of your runbooks import both Az and AzureRM modules. More information can be found here: https://aka.ms/azps-migration-guide."
**********************
Command start time: 20200411083950
**********************
PS>TerminatingError(Import-Module): "AzureRM.Profile already loaded. Az and AzureRM modules cannot be imported in the same session or used in the same script or runbook. If you are running PowerShell in an environment you control you can use the 'Uninstall-AzureRm' cmdlet to remove all AzureRm modules from your machine. If you are running in Azure Automation, take care that none of your runbooks import both Az and AzureRM modules. More information can be found here: https://aka.ms/azps-migration-guide."
**********************
Windows PowerShell transcript end
End time: 20200411084318
**********************

Rahul_Mahajan · ‎Apr 10 2020

Thanks @Preston Parsard

One more thing need to be addressed :

=================

Get-AzureRMPublicIpAddress : Method 'get_SerializationSettings' in type 'Microsoft.Azure.Management.Internal.Resources.ResourceManagementClient' from assembly
'Microsoft.Azure.Commands.ResourceManager.Common, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' does not have an implementation.
At C:\Users\r.shirish.mahajan\Downloads\Auto\0026-azure-automation-plus-dsc-lab-master\Deploy-AzureResourceGroup.ps1:306 char:17
+ ... $fqdnDev = (Get-AzureRMPublicIpAddress -ResourceGroupName $rg | Where ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-AzureRmPublicIpAddress], TypeLoadException
+ FullyQualifiedErrorId : System.TypeLoadException,Microsoft.Azure.Commands.Network.GetAzurePublicIpAddressCommand

=================

Fixed it by using Az command and script worked.. One last thing to bring to your notice is below warning :

WARNING: Breaking changes in the cmdlet 'Set-AzVirtualNetworkSubnetConfig' :
WARNING: - Update Property Name

WARNING: Cmdlet invocation changes :
Old Way : -ResourceId
New Way : -NatGatewayId
WARNING: - Update Property Name

WARNING: Cmdlet invocation changes :
Old Way : -InputObject
New Way : -NatGateway
WARNING: NOTE : Go to https://aka.ms/azps-changewarnings for steps to suppress this breaking change warning, and other information on breaking changes in Azure PowerShell.

============

WARNING: Breaking changes in the cmdlet 'Set-AzVirtualNetworkSubnetConfig' :
WARNING: - Update Property Name

WARNING: Cmdlet invocation changes :
Old Way : -ResourceId
New Way : -NatGatewayId
WARNING: - Update Property Name

WARNING: Cmdlet invocation changes :
Old Way : -InputObject
New Way : -NatGateway
WARNING: NOTE : Go to https://aka.ms/azps-changewarnings for steps to suppress this breaking change warning, and other information on breaking changes in Azure PowerShell.

============

Got these 2 times, anything to fix here? or Ok to ignore?

Preston Parsard · ‎Apr 16 2020

Hi Rahul @Rahul_Mahajan . Thanks for following up on these warnings and errors. It really helps us to refine the code! :)

The following issue is fixed and pushed back to the repository, as you've also already stated above in the statement "Fixed it by using Az command and script worked.. One last thing to bring to your notice is below warning :" - so this is just a reminder:

PS>TerminatingError(Get-AzureRmPublicIpAddress): "Method 'get_SerializationSettings' in type 'Microsoft.Azure.Management.Internal.Resources.ResourceManagementClient' from assembly 'Microsoft.Azure.Commands.ResourceManager.Common, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' does not have an implementation."

2. For the warnings with the messages that having the pattern below, the reason is explained in the message and a link is provided for further information and instructions on how to uninstall the legacy AzureRM modules.

PS>TerminatingError(Import-Module): "AzureRM.Profile already loaded. Az and AzureRM modules cannot be imported in the same session or used in the same script or runbook. If you are running PowerShell in an environment you control you can use the 'Uninstall-AzureRm' cmdlet to remove all AzureRm modules from your machine. If you are running in Azure Automation, take care that none of your runbooks import both Az and AzureRM modules. More information can be found here: https://aka.ms/azps-migration-guide."

3. For the warnings with the pattern: WARNING: Cmdlet invocation changes :, these can safely be ignored for now, but thanks for bringing them to my attention because they may potentially become breaking changes and I will create an issue for this in the GitHub repository to track and resolve.

4. Regarding the credential prompt based on your statement above: Please help to understand what to provide here :

This is simply the prompt for the password of the hard-coded username adm.infra.user, which must be at least 12 characters in length and meet the 3 out of 4 complexity requirements rule, which means that 3 out of four of the following types of characters are required 1) At least 1 upper case letter, 2) At least 1 lowercase letter, 3) At least 1 special character and 4) At least 1 numeric character, i.e. 1,2,3...etc. This username and password combination is the credential set used to build the 9 Windows and 1 Linux machine as the local administrative user and password.

Thanks again for reporting these and I hope these responses have been helpful.

Rahul_Mahajan · ‎Apr 16 2020

Thanks, @Preston Parsard for all the details :)

Few suggestions on automation which can help users to deploy and it will be used widely:

1) Current constraint to use this automation is the cost if any admin want to test it, as it includes 9 VMs and other things

2) This 9 VMs are rarely required for basic testing

Suggestion :

1) VM required for testing (AD and Jumbox mandatory) - SQL, Web, Linux, PKI - In this user will select whatever service is required to test and proceed to the next step. (Here not all services are required by all so you can allow to choose which service he can select- multiple selection)

2) You add the option in script "Availability Set Required" = Yes/No If yes it will continue with 2 VMs in each service as current automation and if No then it will create 1 VM each service which is requested by user.

This change will really help a lot from cost perspective which will allow users for easy implementation and testing without any worries.

Thanks again for this great automation, this is just a suggestion :)

Preston Parsard · ‎Apr 19 2020

Hi Rahul @Rahul_Mahajan. Thanks for your suggestions. For better tracking and to reflect Agile methodologies and workflows, please post any additional feedback regarding bugs or feature request as a feature request bug or issue directly at the project site. I've already submitted an issue as a feature request at the project 0026 site on your behalf here, so feel free to use this format for any future requests that you may have. This way it will be easier for us to both submit and resolve these types of requests, plus track the status and follow up using the same mechanism in GitHub. We can even check to see when updates are made to the code base by simply looking at the commit history.

I do agree with you that we can make this solution a little more flexible in terms of which workloads to deploy, so that's a great idea and I will add that to the sprint backlog. For the availability sets, I created availability sets for even single workloads to provide the option and flexibility to admins that may want to extend the solution with additional workloads in the future. At this point the implementation effort to update the code for excluding availability sets for the current single instances may not be worthwhile after-all. If anyone else would still like to have that option though, please submit an issue - feature request here and based on demand for that, we will consider implementing it. Thanks again so much for your interest and feedback :)

ShehzadUIT · ‎May 24 2020

Hi All,

I am trying to automate logging off Disconnected users from the Windows Virtual Desktop session. i have the following code so far which executes without giving me any error:

$TenantName = "<Our-Tenant-Name"
$HostPoolName = "<Our-Hostpool-Name>"

$rdsContext = get-rdscontext -ErrorAction SilentlyContinue
if ($rdsContext -eq $null) {
    try {
        Write-host "Use the login window to connect to WVD" -ForegroundColor Red
        Add-RdsAccount -ErrorAction Stop -DeploymentUrl "https://rdbroker.wvd.microsoft.com"
    }
    catch {
        $ErrorMessage = $_.Exception.message
        write-host ('Error logging into the WVD account ' + $ErrorMessage)
        exit
    }
}


Get-RdsUserSession -TenantName $TenantName -HostPoolName $HostPoolName
$AllDiscUsers = (Get-RdsUserSession -TenantName $TenantName -HostPoolName $HostPoolName | where { $_.SessionState -eq "Disconnected" }).UserPrincipalName 
Foreach ($DiscUser in $AllDiscUsers)
    {        
        Get-RdsUserSession -TenantName $TenantName -HostPoolName $HostPoolName | where { $_.UserPrincipalName -eq $DiscUser } | Invoke-RdsUserSessionLogoff -NoUserPrompt                  
    }

It executes without any error but it is not doing what it is suppose to do. i.e. to log off disconnected users:

Output Output

any ideas?

Preston Parsard · ‎May 29 2020

Hi @ShehzadUIT ,

Thanks for posting your question, however, this isn't something I already have a background in as yet. I did find this reference though, which you may find helpful. https://docs.microsoft.com/en-us/powershell/module/windowsvirtualdesktop/Invoke-RdsUserSessionLogoff

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

How to Build an Azure Automation Lab