Azure PowerShell samples for Azure Lab Services
This article includes the sample Azure PowerShell scripts for Azure Lab Services.
Note
We recommend that you use the Azure Az PowerShell module to interact with Azure. See Install Azure PowerShell to get started. To learn how to migrate to the Az PowerShell module, see Migrate Azure PowerShell from AzureRM to Az.
This sample requires Azure PowerShell Az 1.0 or later. Run Get-Module -ListAvailable Az to see which versions are installed.
If you need to install, see Install Azure PowerShell module.
Run Connect-AzAccount to sign in to Azure.
This article includes the following samples:
| Script | Description |
|---|---|
| Add an external user to a lab | This PowerShell script adds an external user to a lab in Azure DevTest Labs. |
| Add marketplace images to a lab | This PowerShell script adds marketplace images to a lab in Azure DevTest Labs. |
| Create a custom image from a virtual hard drive (VHD) | This PowerShell script creates a custom image in a lab in Azure DevTest Labs. |
| Create a custom role in a lab | This PowerShell script creates a custom role in a lab in Azure Lab Services. |
| Set allowed virtual machine sizes in a lab | This PowerShell script sets allowed virtual machine sizes in a lab. |
Prerequisites
All of these scripts have the following prerequisite:
- An existing lab. If you don't have one, follow this quickstart on how to Create a lab in Azure portal.
Add an external user to a lab
This sample PowerShell script adds an external user to a lab in Azure DevTest Labs.
# Values to change
$subscriptionId = "<Enter Azure subscription ID here>"
$labResourceGroup = "<Enter lab's resource name here>"
$labName = "<Enter lab name here>"
$userDisplayName = "<Enter user's display name here>"
# Log into your Azure account
Login-AzAccount
# Select the Azure subscription that contains the lab.
# This step is optional if you have only one subscription.
Select-AzSubscription -SubscriptionId $subscriptionId
# Retrieve the user object
$adObject = Get-AzADUser -SearchString $userDisplayName
# Create the role assignment.
$labId = ('subscriptions/' + $subscriptionId + '/resourceGroups/' + $labResourceGroup + '/providers/Microsoft.DevTestLab/labs/' + $labName)
New-AzRoleAssignment -ObjectId $adObject.Id -RoleDefinitionName 'DevTest Labs User' -Scope $labId
This script uses the following commands:
| Command | Notes |
|---|---|
| Get-AzADUser | Retries the user object from Microsoft Entra ID. |
| New-AzRoleAssignment | Assigns the specified role to the specified principal, at the specified scope. |
Add a marketplace image to a lab
This sample PowerShell script adds a marketplace image to a lab in Azure DevTest Labs.
param
(
[Parameter(Mandatory=$true, HelpMessage="The name of the DevTest Lab to update")]
[string] $DevTestLabName,
[Parameter(Mandatory=$true, HelpMessage="The array of Marketplace Image names to enable")]
[Array] $ImagesToAdd
)
function Get-Lab
{
$lab = Get-AzResource -ResourceType 'Microsoft.DevTestLab/labs' -ResourceNameEquals $DevTestLabName
if(!$lab)
{
throw "Lab named $DevTestLabName was not found"
}
return $lab
}
function Get-PolicyChanges ($lab)
{
#start by finding the existing policy
$script:labResourceName = $lab.Name + '/default'
$existingPolicy = (Get-AzResource -ResourceType 'Microsoft.DevTestLab/labs/policySets/policies' -Name $labResourceName -ResourceGroupName $lab.ResourceGroupName -ApiVersion 2016-05-15) | Where-Object {$_.Name -eq 'GalleryImage'}
if($existingPolicy)
{
$existingImages = [Array] (ConvertFrom-Json $existingPolicy.Properties.threshold)
$savePolicyChanges = $false
}
else
{
$existingImages = @()
$savePolicyChanges = $true
}
if($existingPolicy.Properties.threshold -eq '[]')
{
Write-Output "Skipping $($lab.Name) because it currently allows all marketplace images"
return
}
$allAvailableImages = Get-AzResource -ResourceType Microsoft.DevTestLab/labs/galleryImages -Name $lab.Name -ResourceGroupName $lab.ResourceGroupName -ApiVersion 2017-04-26-preview
$finalImages = $existingImages
# loop through the requested images and add them to the finalImages list if they arent already there
foreach($image in $ImagesToAdd)
{
$imageObject = $allAvailableImages | Where-Object {$_.Name -eq $image}
if(!$imageObject)
{
throw "Image $image is not available in the lab"
}
$addImage = $true
$parsedAvailableImage = $imageObject.Properties.imageReference
foreach($finalImage in $finalImages)
{
# determine whether or not the requested image is already allowed in this lab
$parsedFinalImg = ConvertFrom-Json $finalImage
if($parsedFinalImg.offer -eq $parsedAvailableImage.offer -and $parsedFinalImg.publisher -eq $parsedAvailableImage.publisher -and $parsedFinalImg.sku -eq $parsedAvailableImage.sku -and $parsedFinalImg.osType -eq $parsedAvailableImage.osType -and $parsedFinalImg.version -eq $parsedAvailableImage.version)
{
$addImage = $false
break
}
}
if($addImage)
{
Write-Output " Adding image $image to the lab"
$finalImages += ConvertTo-Json $parsedAvailableImage -Compress
$savePolicyChanges = $true
}
}
if(!$savePolicyChanges)
{
Write-Output "No policy changes required for allowed Marketplace Images in lab $($lab.Name)"
}
return @{
existingPolicy = $existingPolicy
savePolicyChanges = $savePolicyChanges
finalImages = $finalImages
}
}
function Set-PolicyChanges ($lab, $policyChanges)
{
if($policyChanges.savePolicyChanges)
{
$thresholdValue = '["'
for($i = 0; $i -lt $policyChanges.finalImages.Length; $i++)
{
$value = $policyChanges.finalImages[$i]
if($i -ne 0)
{
$thresholdValue = $thresholdValue + '","'
}
$thresholdValue = $thresholdValue + $value.Replace('"', '\"')
}
$thresholdValue = $thresholdValue + '"]'
$policyObj = @{
status = 'Enabled'
factName = 'GalleryImage'
threshold = $thresholdValue
evaluatorType = 'AllowedValuesPolicy'
}
$resourceType = "Microsoft.DevTestLab/labs/policySets/policies/galleryimage"
if($policyChanges.existingPolicy)
{
Write-Output "Updating $($lab.Name) Marketplace Images policy"
Set-AzResource -ResourceType $resourceType -ResourceName $labResourceName -ResourceGroupName $lab.ResourceGroupName -ApiVersion 2017-04-26-preview -Properties $policyObj -Force
}
else
{
Write-Output "Creating $($lab.Name) Marketplace Images policy"
New-AzResource -ResourceType $resourceType -ResourceName $labResourceName -ResourceGroupName $lab.ResourceGroupName -ApiVersion 2017-04-26-preview -Properties $policyObj -Force
}
}
}
$lab = Get-Lab
$policyChanges = Get-PolicyChanges $lab
Set-PolicyChanges $lab $policyChanges
This script uses the following commands:
| Command | Notes |
|---|---|
| Get-AzResource | Gets resources. |
| Set-AzResource | Modifies a resource. |
| New-AzResource | Create a resource. |
Create a custom image from a VHD file
This sample PowerShell script creates a custom image from a VHD file in Azure Lab Services.
# Select the desired Azure subscription.
$subscriptionId = '<Specify your subscription ID here>'
Select-AzSubscription -SubscriptionId $subscriptionId
# Get the lab object.
$labRg = '<Specify your lab resource group name here>'
$labName = '<Specify your lab name here>'
$lab = Get-AzResource -ResourceId ('/subscriptions/' + $subscriptionId + '/resourceGroups/' + $labRg + '/providers/Microsoft.DevTestLab/labs/' + $labName)
# Get the lab storage account and lab storage account key values.
$labStorageAccount = Get-AzResource -ResourceId $lab.Properties.defaultStorageAccount
$labStorageAccountKey = (Get-AzStorageAccountKey -ResourceGroupName $labStorageAccount.ResourceGroupName -Name $labStorageAccount.ResourceName)[0].Value
# Set the URI of the VHD file.
$vhdUri = '<Specify the VHD URI here>'
# Set the custom image name and description values.
$customImageName = '<Specify the custom image name>'
$customImageDescription = '<Specify the custom image description>'
# Set up the parameters object.
$parameters = @{existingLabName="$($lab.Name)"; existingVhdUri=$vhdUri; imageOsType='windows'; isVhdSysPrepped=$false; imageName=$customImageName; imageDescription=$customImageDescription}
# Create the custom image.
New-AzResourceGroupDeployment -ResourceGroupName $lab.ResourceGroupName -Name CreateCustomImage -TemplateUri 'https://raw.githubusercontent.com/Azure/azure-devtestlab/master/Samples/201-dtl-create-customimage-from-vhd/azuredeploy.json' -TemplateParameterObject $parameters
This script uses the following commands:
| Command | Notes |
|---|---|
| Get-AzResource | Gets resources. |
| Get-AzStorageAccountKey | Gets the access keys for an Azure Storage account. |
| New-AzResourceGroupDeployment | Adds an Azure deployment to a resource group. |
Create a custom role in a lab
This sample PowerShell script creates a custom role to use in a lab in Azure DevTest Labs.
$rgName = <Specify your lab's resource group name>
$subscriptionId = <Specify your subscription ID>
$labName = <Specify your lab name>
‘List all the operations/actions for a resource provider.
Get-AzProviderOperation -OperationSearchString "Microsoft.DevTestLab/*"
‘List actions in a particular role.
(Get-AzRoleDefinition "DevTest Labs User").Actions
‘Create custom role.
$policyRoleDef = (Get-AzRoleDefinition "DevTest Labs User")
$policyRoleDef.Id = $null
$policyRoleDef.Name = "Policy Contributor"
$policyRoleDef.IsCustom = $true
$policyRoleDef.AssignableScopes.Clear()
$policyRoleDef.AssignableScopes.Add("/subscriptions/" + $subscriptionId)
$policyRoleDef.Actions.Add("Microsoft.DevTestLab/labs/policySets/policies/*")
$policyRoleDef = (New-AzRoleDefinition -Role $policyRoleDef)
$user=Get-AzADUser -SearchString "SomeUser"
$scope = '/subscriptions/' + subscriptionId + '/resourceGroups/' + $rgName + '/providers/Microsoft.DevTestLab/labs/' + $labName + '/policySets/default/policies/AllowedVmSizesInLab'
New-AzRoleAssignment -ObjectId $user.ObjectId -RoleDefinitionName "Policy Contributor" -Scope $scope
This script uses the following commands:
| Command | Notes |
|---|---|
| Get-AzProviderOperation | Gets the operations for an Azure resource provider that are securable using Azure role-based access control. |
| Get-AzRoleDefinition | Lists all Azure roles that are available for assignment. |
| New-AzRoleDefinition | Creates a custom role. |
Set allowed virtual machine sizes
This sample PowerShell script sets allowed virtual machine sizes in Azure Lab Services.
param
(
[Parameter(Mandatory=$true, HelpMessage="The name of the DevTest Lab to update")]
[string] $DevTestLabName,
[Parameter(Mandatory=$true, HelpMessage="The array of VM Sizes to be added")]
[Array] $SizesToAdd
)
function Get-Lab
{
$lab = Find-AzResource -ResourceType 'Microsoft.DevTestLab/labs' -ResourceNameEquals $DevTestLabName
if(!$lab)
{
throw "Lab named $DevTestLabName was not found"
}
return $lab
}
function Get-PolicyChanges ($lab)
{
#start by finding the existing policy
$script:labResourceName = $lab.Name + '/default'
$existingPolicy = (Get-AzResource -ResourceType 'Microsoft.DevTestLab/labs/policySets/policies' -ResourceName $labResourceName -ResourceGroupName $lab.ResourceGroupName -ApiVersion 2016-05-15) | Where-Object {$_.Name -eq 'AllowedVmSizesInLab'}
if($existingPolicy)
{
$existingSizes = $existingPolicy.Properties.threshold
$savePolicyChanges = $false
}
else
{
$existingSizes = ''
$savePolicyChanges = $true
}
if($existingPolicy.Properties.threshold -eq '[]')
{
Write-Output "Skipping $($lab.Name) because it currently allows all sizes"
return
}
# Make a list of all the sizes. It needs all their current sizes as well as any from our list that arent already there
$finalVmSizes = $existingSizes.Replace('[', '').Replace(']', '').Split(',',[System.StringSplitOptions]::RemoveEmptyEntries)
foreach($vmSize in $SizesToAdd)
{
$quotedSize = '"' + $vmSize + '"'
if(!$finalVmSizes.Contains($quotedSize))
{
$finalVmSizes += $quotedSize
$savePolicyChanges = $true
}
}
if(!$savePolicyChanges)
{
Write-Output "No policy changes required for VMSize in lab $($lab.Name)"
}
return @{
existingPolicy = $existingPolicy
savePolicyChanges = $savePolicyChanges
finalVmSizes = $finalVmSizes
}
}
function Set-PolicyChanges ($lab, $policyChanges)
{
if($policyChanges.savePolicyChanges)
{
$thresholdValue = ('[' + [String]::Join(',', $policyChanges.finalVmSizes) + ']')
$policyObj = @{
subscriptionId = $lab.SubscriptionId
status = 'Enabled'
factName = 'LabVmSize'
resourceGroupName = $lab.ResourceGroupName
labName = $lab.Name
policySetName = 'default'
name = $lab.Name + '/default/allowedvmsizesinlab'
threshold = $thresholdValue
evaluatorType = 'AllowedValuesPolicy'
}
$resourceType = "Microsoft.DevTestLab/labs/policySets/policies/AllowedVmSizesInLab"
if($policyChanges.existingPolicy)
{
Write-Output "Updating $($lab.Name) VM Size policy"
Set-AzResource -ResourceType $resourceType -ResourceName $labResourceName -ResourceGroupName $lab.ResourceGroupName -ApiVersion 2016-05-15 -Properties $policyObj -Force
}
else
{
Write-Output "Creating $($lab.Name) VM Size policy"
New-AzResource -ResourceType $resourceType -ResourceName $labResourceName -ResourceGroupName $lab.ResourceGroupName -ApiVersion 2016-05-15 -Properties $policyObj -Force
}
}
}
$lab = Get-Lab
$policyChanges = Get-PolicyChanges $lab
Set-PolicyChanges $lab $policyChanges
| Command | Notes |
|---|---|
| Get-AzResource | Gets resources. |
| Set-AzResource | Modifies a resource. |
| New-AzResource | Create a resource. |
Next steps
For more information on Azure PowerShell, see Azure PowerShell documentation.
Feedback
Submit and view feedback for