Imirce go Cruinniú Mullaigh Nuálaíoch:
Foghlaim conas is féidir le haistriú agus nuachóiriú go Azure feidhmíocht, athléimneacht agus slándáil do ghnó a threisiú, rud a chuireann ar do chumas glacadh go hiomlán le IS.Cláraigh anois
Ní thacaítear leis an mbrabhsálaí seo a thuilleadh.
Uasghrádú go Microsoft Edge chun leas a bhaint as na gnéithe is déanaí, nuashonruithe slándála, agus tacaíocht theicniúil.
You can onboard Active Directory–joined Windows machines to Azure Arc-enabled servers at scale using Group Policy.
You'll first need to set up a local remote share with the Connected Machine agent and modify a script specifying the Arc-enabled server's landing zone within Azure. You'll then run a script that generates a Group Policy Object (GPO) to onboard a group of machines to Azure Arc-enabled servers. This Group Policy Object can be applied to the site, domain, or organizational level. Assignment can also use Access Control List (ACL) and other security filtering native to Group Policy. Machines in the scope of the Group Policy will be onboarded to Azure Arc-enabled servers. Scope your GPO to only include machines that you want to onboard to Azure Arc.
Before you get started, be sure to review the prerequisites and verify that your subscription and resources meet the requirements. For information about supported regions and other related considerations, see supported Azure regions. Also review our at-scale planning guide to understand the design and deployment criteria, as well as our management and monitoring recommendations.
If you don't have an Azure subscription, create a free account before you begin.
Automatic connection for SQL Server
When you connect a Windows or Linux server to Azure Arc that also has Microsoft SQL Server installed, the SQL Server instances will automatically be connected to Azure Arc as well. SQL Server enabled by Azure Arc provides a detailed inventory and additional management capabilities for your SQL Server instances and databases. As part of the connection process, an extension is deployed to your Azure Arc-enabled server and new roles will be applied to your SQL Server and databases. If you don't want to automatically connect your SQL Servers to Azure Arc, you can opt out by adding a tag to the Windows or Linux server with the name ArcSQLServerExtensionDeployment and value Disabled when it's connected to Azure Arc.
Prepare a remote share and create a service principal
The Group Policy Object, which is used to onboard Azure Arc-enabled servers, requires a remote share with the Connected Machine agent. You will need to:
Prepare a remote share to host the Azure Connected Machine agent package for Windows and the configuration file. You need to be able to add files to the distributed location. The network share should provide Domain Controllers, and Domain Computers with Change permissions, and Domain Admins with Full Control permissions.
Assign the Azure Connected Machine Onboarding role to your service principal and limit the scope of the role to the target Azure landing zone.
Make a note of the Service Principal Secret; you'll need this value later.
Download and unzip the folder ArcEnabledServersGroupPolicy_vX.X.X from https://github.com/Azure/ArcEnabledServersGroupPolicy/releases/latest/. This folder contains the ArcGPO project structure with the scripts EnableAzureArc.ps1, DeployGPO.ps1, and AzureArcDeployment.psm1. These assets will be used for onboarding the machine to Azure Arc-enabled servers.
Execute the deployment script DeployGPO.ps1, modifying the run parameters for the DomainFQDN, ReportServerFQDN, ArcRemoteShare, Service Principal secret, Service Principal Client ID, Subscription ID, Resource Group, Region, Tenant, and AgentProxy (if applicable):
On the Group Policy Management Console (GPMC), right-click on the desired Organizational Unit and link the GPO named [MSFT] Azure Arc Servers (datetime). This is the Group Policy Object which has the Scheduled Task to onboard the machines. After 10 or 20 minutes, the Group Policy Object will be replicated to the respective domain controllers. Learn more about creating and managing group policy in Microsoft Entra Domain Services.
After you have successfully installed the agent and configured it to connect to Azure Arc-enabled servers, go to the Azure portal to verify that the servers in your Organizational Unit have successfully connected. View your machines in the Azure portal.
Tábhachtach
Once you've confirmed that your servers have successfully onboarded to Arc, disable the Group Policy Object. This will prevent the same Powershell commands in the scheduled tasks from executing when the system reboots or when the group policy is updated.
Next steps
Review the Planning and deployment guide to plan for deploying Azure Arc-enabled servers at any scale and implement centralized management and monitoring.
Learn how to manage your machine using Azure Policy for such things as VM guest configuration, verifying that the machine is reporting to the expected Log Analytics workspace, enabling monitoring with VM insights, and much more.
Understand the governance capabilities of Azure Arc-enabled servers. Learn about the benefits of and how to onboard Azure Arc-enabled servers to Azure Policy, Azure Automation, and Azure Automanage.
As a Windows Server hybrid administrator, you integrate Windows Server environments with Azure services and manage Windows Server in on-premises networks.