Tag: powershell

TOTD: How to manually move Azure VMs to another subscription

Here is a new tip of the day. We’ll discuss only the Azure Resource Manager. Azure Service Management (ASM or classical) won’t be covered.

Azure portal has a simple built-in tool to migrate resources between subscriptions/resource groups and it’s available under Resource Group – Move

azure move in portal

Or using PowerShell :  Move-AzureRmResource

It’s also well described @MSDN and there are some main limitations that we need to consider:

  • Move in Azure Portal works only for subscriptions/resources groups in the same tenant (the most important!)
  • Not any resources can be migrated. For example, it’s not supported to move VPN Gateway or Recovery vaults. So we need to create and configure the new ones in the target subscription.
  • There are different limitations for ASM (classical deployments) and ARM. Check them before migration.

If the tenant IDs for the source and destination subscriptions are not the same, you can attempt to change the directory for the subscription. This operation requires Service Administrator which sometimes are not available for user. For example, migration from CSP to EA.
In this case, manual migration is required.

To get list of subscriptions and TenantIDs associated with them use PowerShell:

get azure subscriptions and tenants

In this example, the first two subscriptions are in the same tenant and migration between them can be done through Azure portal using Move option.

However, moving resources between the subscriptions “Visual Studio Premium..” and “Microsoft Azure Sponsorship” requires manual migration steps (look at the TenantID..they are different).

So, how to move? It’s quiet simple if you are familiar with AzCopy and Azure PowerShell.

The process of migration consists of several simple steps:

  • Prepare your target subscription (general services like storage accounts and networks)
  • Download and install AzCopy, stop VMs, copy VHDs of each VM to the target
  • Install AzureRM module, create VMs using the copied VHDs
  • Add additional resources such as VPN Gateways/S2S connections and Recovery vaults (optional)

Some details

1) To copy (asynchronously) VHDs use the following command

AzCopy /Source:<Source URI>  /Dest:<Dest URI>  /SourceKey:<Source Key> /Pattern:<sorcevhdname.vhd>

<Source Key>  is one of the access keys (Storage Account – Access Keys or use PowerShell):

List of all storage accounts in the source subscription


Get-AzureRmStorageAccount|Ft ResourceGroupName,StorageAccountName

list of azure storage accounts

List of source storage account keys (example). Use one of the keys value with AzCopy

Get-AzureRmStorageAccountKey -ResourceGroupName <resource group name> -Name <storage account name>|ft -AutoSize

azure storage account keys

To get URIs and VHDs name (Storage Account – Containers – <name of container>):

(Get-AzureRmStorageAccount -Name <stor acc name> -ResourceGroupName <rg name>|Get-AzureStorageContainer|Get-AzureStorageBlob).ICloudBlob.uri.AbsoluteUri

azure uri and vhds

Stop VM or VMs and run copy in AzCopy then. Wait while AzCopy finishes initiated process.

Tip: prepare script for all VMs before stopping them. simultaneous copies are allowed.

2) Open PowerShell ISE with installed AzureRM module, replace values (variables and subID) with yours and run:

#Open new Azure session
Login-AzureRMAccount

#Target subscription details
$sub=(Get-AzureRMSubscription -SubscriptionName "your subscription name" ).TenantId
Select-AzureRmSubscription -SubscriptionId $sub

#Variables
$rgname = "your rg name"
$vmsize = "required VM size <Example:Standard_A4>"
$vmname = "your vm name"
$locName="location (example:East US)"
$nicName="VMName_Nic"
$vnetName="Virtual Network Name"
$SubName = "Subnet Name"
$osDiskName = "vmdiskname"
$osDiskVhdUri = "https://destination.blob.core.windows.net/vhds/name.vhd"

#New VM config
$newvm = New-AzureRmVMConfig -VMName $vmname -VMSize $vmsize

#Get virtual network
$vnet=Get-AzureRmVirtualNetwork -Name $vnetName -ResourceGroupName $rgName

#Get subnet
$subnet = $vnet.Subnets | Where-Object { $_.Name -eq $SubName}

#New Public IP
$publicip=New-AzureRmPublicIpAddress -Name $nicName -ResourceGroupName $rgName -Location $locName -AllocationMethod Dynamic

#New nic for VM
$nic=New-AzureRmNetworkInterface -Name $nicName -ResourceGroupName $rgName -Location $locName -SubnetId $subnet.Id  -PublicIpAddressId $publicip.Id

#Update VM config
$newvm = Add-AzureRmVMNetworkInterface -VM $newvm -Id $nic.Id

#Attach copied disk to VM (sample. just one OS disk)
$newvm = Set-AzureRmVMOSDisk -VM $newvm -VhdUri $osDiskVhdUri -name $osDiskName -CreateOption attach -Windows

#Create VM
New-AzureRmVM -ResourceGroupName $rgname -Location $locName -VM $newvm

Verify that VM is running in the target subscription and all disks are attached.

Note: latest AzureRM (3.5.0) module doesn’t output status of VM creation (it’ll be corrected in future releases). Use Azure Portal instead.

FAQ

How to run synchronous copy in AzCopy?

Place /SyncCopy parameter to the end of the AzCopy command above. It ensures that the copy operation will get consistent speed. AzCopy performs the synchronous copy by downloading the blobs to copy from the specified source to local memory, and then uploading them to the Blob storage destination. It’s recommended to prepare VM in the source subscription and run AzCopy from there to avoid egress cost

Should I pay for traffic during migration?

If you are moving data within the same region, you don’t have to pay for it. It’s free. Additional costs required only for moving data between different regions.

What’s the maximum speed of data transferring?

It depends on VM and storage types. Basically, for standard accounts it’s up to 60 Mb/s. Premium storage accounts can provide throughput up to 200 Mb/s. In the real world throughput can vary widely.
Example: about 1 Tb were migrated in 14 hours between subscriptions with standard accounts, VMs with Ax size and within the same region

Automate Exchange 2016 installation and DAG configuration with PowerShell DSC

Hi, folks!

Version 1.0 has already been published here (simple script for automation of Exchange 2016 installation. can be used on multiple servers).

Today’s version is a little bit improved (2 separate files for 2-node configuration, 535 and 420 strings respectively, can be easy scaled out with copy-paste to more than 2 nodes). It helps you to install Exchange, prepare environment for DAG (prestage CNO, witness and etc) and create one with at least 2 members

Each node can be configured simultaneously (it’s not needed to wait while fist node finishes all tasks and etc. just run both scripts, relax and get a cup of coffee). It’s also ideally suitable for using as a part of VMM Service Templates or other kinds of unattended installations (I’ll show you it later)

If you’d like to get script files – write me directly or leave request in the comments. I’ll send you zip-file.

Update: scripts are at my GitHub Repo. Thanks for stars and commits!

What does script do (exch01.ps1)?

  • Sets network settings (DNS, IP, GW) on targeted server
#..........
xIPAddress NewIPAddress #Set IPv4 on Ethernet adapter
        {
            IPAddress      = $ip
            InterfaceAlias = "Ethernet"
            SubnetMask     = 24
            AddressFamily  = "IPV4"
            DependsOn       = "[xDhcpClient]DisabledDhcpClient"
        }
         xDefaultGatewayAddress GW #Set GW address
        {
            Address = $gw
            InterfaceAlias = "Ethernet"
            AddressFamily = "IPv4"
            DependsOn     = "[xIPAddress]NewIPAddress"
        }
#...........
  • Installs required prerequisites for Exchange (including UCMA) and does reboot if it’s really required
#........
 WindowsFeature WebNet45
        {
            Ensure = 'Present'
            Name = 'Web-Net-Ext45'
        }
     WindowsFeature WebReq
        {
            Ensure = 'Present'
            Name = 'Web-Request-Monitor'
        }
     WindowsFeature WebSrv
        {
            Ensure = 'Present'
            Name = 'Web-Server'
        }
#.........
  • Adds server to domain and reboots it to apply changes
 xComputer DomainJoin
        {
          Name = $nodename
          DomainName = $domainname
          Credential = $creds
          DependsOn  = "[xDnsServerAddress]DNSServers"
        }
  • Setups Exchange and checks if reboot is required after installation
 xExchInstall InstallExchange
        {
            Path       = "C:\ExchInstall\Exch\Setup.exe"
            Arguments  = "/mode:Install /role:Mailbox /OrganizationName:""$netbios"" /Iacceptexchangeserverlicenseterms"
            Credential = $Creds

            DependsOn  = '[xPendingReboot]BeforeExchangeInstall'
        }
  • Adds and checks that DAG CNO is existed and required permissions are applied
#...........
SetScript = {
                    $creds = New-Object Management.Automation.PSCredential("$($using:netbios)\Administrator",(ConvertTo-SecureString $using:pass -AsPlainText -Force))
                    New-ADComputer -Name DAG01 -DNSHostName DAG01 -DisplayName DAG01 -Enabled $false -Credential $creds -verbose
                    $DC=(Get-ADDomainController -Credential $creds).HostName
                    ICM -ComputerName $DC -Credential $creds -ScriptBlock {
                    #Variables
                    $dagacc = Get-ADComputer DAG01 #-Credential $creds
                    $dagldap="LDAP" + '://' + $dagacc.DistinguishedName
                    $dagadsi = New-Object DirectoryServices.DirectoryEntry $dagldap
                    #.....
                    }
#...........
  • Configures witness server, DAG and generates status of successful completion
#........
xExchDatabaseAvailabilityGroup DAG
        {
            Name                                 = $dagSettings.DAGName
            Credential                           = $creds
            AutoDagTotalNumberOfServers          = $dagSettings.AutoDagTotalNumberOfServers
            AutoDagDatabaseCopiesPerVolume       = $dagSettings.AutoDagDatabaseCopiesPerVolume
           #.......
            WitnessDirectory                     = 'C:\FSW'
            WitnessServer                        = $dagSettings.WitnessServer
        }
#.........

Script file named as exch02.ps1 has almost the same steps with the following differences:

  1. Waits while Exchange setup initiated on the first node finishes Active Directory preparation and then starts Exchanges installation on the second node
  2. Waits while DAG becomes online and only then starts adding the second node
  3.  No witness and DAG CNO preparation (hope it’s clear)

Requirements are still the same: exchange media, UCMA package, certificates for securing MOF-files (optional). All prerequisites (except Exchange media files) are in the zip-file (all-in-one).

Thanks for reading and have a nice week!