Skip to content
/ ArcEnabledServersGroupPolicy Public

Guidance and sample code to perform at-scale onboarding of servers to Arc via Group Policy

License

MIT license
9 stars 15 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Azure/ArcEnabledServersGroupPolicy

BranchesTags

Repository files navigation

Arc Deployment by GPO

Arc GPO Deployment project contains the necessary files to onboard Non Azure machines to Azure Arc automatically, using a GPO

More information can be found here

Content

  • DeployGPO.ps1: PowerShell script to deploy the GPO in a certain AD domain
  • EnableAzureArc.ps1: PowerShell script that has to be placed in the network share and will execute the onboarding process.
  • RenewSPSecretDPAPI.ps1: PowerShell script to renew the secret from the Service Principal used for the onboard of Azure Arc Servers.
  • ParseArcOnboardingPrerequisites.ps1: PowerShell scripts that parses the information of the machines that didn't meet the onboard requirements.
  • ArcGPO: Folder structure that contains the GPO settings to be imported in AD
  • ARMTemplates: Folder with Azure Function Template to monitor Azure Arc Agent version updates.
  • Workbooks: Folder with Azure Workbooks to monitor your Azure Arc onboarding Status and your Azure Arc Servers
  • ScheduledTask: Folder with a scheduled task that can, programmatically, upload on-prem XMLs report files to Azure Log Analytics

Prerequisites

  • Create a Service Principal and give it Azure Arc onbarding permissions, following this article: Create a Service Principal for onboarding at scale

  • Register Microsoft.HybridCompute, Microsoft.GuestConfiguration and Microsoft.HybridConnectivity as resource providers in your subscription, following this article: Register Resource Provider

  • Create a Network Share,e.g. AzureArcOnboard that will be used for deployment and reporting files, with the following permissions:

    Domain Controllers, Domain Computers and Domain Admins: Change Permissions

  • Copy the 'AzureConnectedMachineAgent.msi' file to the shared folder.

    You can download it from https://aka.ms/AzureConnectedMachineAgent

Installation

Group Policy Deployment

  • Copy the project structure to a local folder of a Domain Controller.

  • Execute the deployment script DeployGPO.ps1, with the following syntax:

      .\DeployGPO.ps1 -DomainFQDN contoso.com -ReportServerFQDN Server.contoso.com -ArcRemoteShare AzureArcOnBoard -ServicePrincipalSecret $ServicePrincipalSecret 
 -ServicePrincipalClientId $ServicePrincipalClientId -SubscriptionId $SubscriptionId --ResourceGroup $ResourceGroup -Location $Location -TenantId $TenantId 
 [-AgentProxy $AgentProxy]

    Where:

    • DomainFQDN is the fully qualified domain name of the domain

    • ReportServerFQDN is the Fully Qualified Domain Name of the host where the network share resides.

    • ArcRemoteShare is the name of the network share you've created

    • ServicePrincipalSecret is the secret from the Service Principal created previously.

    • ServicePrincipalClientId is the client id from the Service Principal created previously

    • SubscriptionId, ResourceGroup, Location, TenantId corespond to where your Arc Servers are going to be onboarded

    • AgentProxy [optional] is the name of the proxy if used

About

Guidance and sample code to perform at-scale onboarding of servers to Arc via Group Policy

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

9 stars

Watchers

5 watching

Forks

15 forks
Report repository

Releases 10

1.0.10 Latest
Feb 20, 2025
+ 9 releases

Packages

No packages published

Contributors 4

Languages