Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles / DevOps / deployment

TIP: Create local users when deploying an Azure Web Role

0.00/5 (No votes)
1 Nov 2012CPOL1 min read 7.8K  
Configure an Azure solution to create users during deployment

Introduction

Sometimes you want to create specific users when deploying/installing an Azure. This may be a bit tricky if you are not familiarized with IT topics. Here is a complete recipe to create a local group and local users.
Although I have tried this in an Azure solution, it may be helpful also for other kind of IIS-based platforms.

Required files

In order to run a script during installation, you need two files: a command file to launch the script, and the script file itself. In your Web Role Project, insert both files; let's name them setup.cmd and setup.ps1
It is very important to configure both them with the "Copy always" property in order to be included in the deployment package. Both files will be placed in the bin folder.

The first file is a batch file that will just launch the script with elevated permissions, so it will contain the following:

@echo off 
powershell -command "Set-ExecutionPolicy Unrestricted" 2>> err.out  
powershell .\setup.ps1 2>> err.out

Notice that if some error occurs, it will append the error message to a file called err.out You can add more information there, like the date/time of deployment.

The second file will do the real job. It defines a reusable function to create the users and attach them to a group; then it creates the group if it doesn't exists and finally invoke the user creation function for all the users needed.

# Function to create users and assign them to a group

function createuser($username, $password) 
{
   $user = $server.Create("User", $username)
   $user.SetPassword($password)
   $user.SetInfo()
   $user.psbase.invokeset("AccountDisabled", "False")
   $user.SetInfo()
   $group.add("WinNT://$servername/$username")
}

# Obtain a reference to the server object

$servername=[System.Net.Dns]::GetHostName()
$server=[ADSI]$server="WinNT://$servername"

# Create the group if it doesn't exist previously

$localGroups = $server.Children | where {$_.SchemaClassName -eq 'group'}  | % {$_.name[0].ToString()} 

if ($localGroups -NotContains "MyGroup")
{
   $group = $server.Create("Group", "MyGroup")
   $group.SetInfo()
   $group.description = "Group of users created automatically"
   $group.SetInfo()
}

# Create the users if they don't exist previously

$localUsers = $server.Children | where {$_.SchemaClassName -eq 'user'}  | % {$_.name[0].ToString()} 

if ($localUsers -NotContains "User1")   { createuser "User1"   "Password!One" }
if ($localUsers -NotContains "User2")   { createuser "User2"   "Password!Two" }

# etcetera

In order bring those files to life, you have to define a Task in your Azure's Cloud Project. Look for the file called ServiceDefinition.csdef and insert a Task tag into the WebRole section:

XML
<ServiceDefinition xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition" schemaversion="2012-05.1.7" name="MyCloud">
  <WebRole name="YourServiceName" vmsize="Small">
    <Startup priority="1">
      <Task taskType="simple" executionContext="elevated" commandLine="setup.cmd" />
    </Startup>
  </WebRole>

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)