Skip to content

Commit

Permalink
updates
Browse files Browse the repository at this point in the history
  • Loading branch information
@danycontre
danycontre committed Oct 16, 2023
1 parent c8fbaff commit 13643b5
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 26 deletions.
28 changes: 11 additions & 17 deletions workload/arm/deploy-baseline.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
"_generator": {
"name": "bicep",
"version": "0.17.1.54307",
"templateHash": "11881349639014510533"
"templateHash": "8577237797049463431"
},
"name": "AVD Accelerator - Baseline Deployment",
"description": "AVD Accelerator - Deployment Baseline"
Expand Down Expand Up @@ -12582,9 +12582,7 @@
"identityServiceProvider": {
"value": "[parameters('avdIdentityServiceProvider')]"
},
"securityPrincipalIds": {
"value": "[array(parameters('securityPrincipalId'))]"
},
"securityPrincipalIds": "[if(not(empty(parameters('securityPrincipalId'))), createObject('value', array(parameters('securityPrincipalId'))), createObject('value', createArray()))]",
"tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'))), createObject('value', variables('varAvdDefaultTags')))]",
"alaWorkspaceResourceId": "[if(parameters('avdDeployMonitoring'), if(parameters('deployAlaWorkspace'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Monitoring-{0}', parameters('time'))), '2022-09-01').outputs.avdAlaWorkspaceResourceId.value), createObject('value', parameters('alaExistingWorkspaceResourceId'))), createObject('value', ''))]",
"hostPoolAgentUpdateSchedule": {
Expand Down Expand Up @@ -15062,9 +15060,7 @@
"createStorageDeployment": {
"value": "[variables('varCreateStorageDeployment')]"
},
"securityPrincipalIds": {
"value": "[array(parameters('securityPrincipalId'))]"
},
"securityPrincipalIds": "[if(not(empty(parameters('securityPrincipalId'))), createObject('value', array(parameters('securityPrincipalId'))), createObject('value', createArray()))]",
"tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'))), createObject('value', variables('varAvdDefaultTags')))]"
},
"template": {
Expand Down Expand Up @@ -32104,9 +32100,7 @@
"value": "[variables('varOuStgPath')]"
},
"managedIdentityClientId": "[if(variables('varCreateStorageDeployment'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Identities-And-RoleAssign-{0}', parameters('time'))), '2022-09-01').outputs.managedIdentityStorageClientId.value), createObject('value', ''))]",
"securityPrincipalName": {
"value": "[parameters('securityPrincipalName')]"
},
"securityPrincipalName": "[if(not(empty(parameters('securityPrincipalName'))), createObject('value', parameters('securityPrincipalName')), createObject('value', ''))]",
"domainJoinUserName": {
"value": "[parameters('avdDomainJoinUserName')]"
},
Expand Down Expand Up @@ -32143,7 +32137,7 @@
"_generator": {
"name": "bicep",
"version": "0.17.1.54307",
"templateHash": "5936570404205322394"
"templateHash": "1142525422127830618"
}
},
"parameters": {
Expand Down Expand Up @@ -32340,7 +32334,8 @@
],
"varWrklStoragePrivateEndpointName": "[format('pe-{0}-file', parameters('storageAccountName'))]",
"vardirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]",
"varStorageToDomainScriptArgs": "[format('-DscPath {0} -StorageAccountName {1} -StorageAccountRG {2} -StoragePurpose {3} -DomainName {4} -IdentityServiceProvider {5} -AzureCloudEnvironment {6} -SubscriptionId {7} -DomainAdminUserName {8} -CustomOuPath {9} -OUName {10} -ShareName {11} -ClientId {12} -SecurityPrincipalName {13} -StorageAccountFqdn {14} ', parameters('dscAgentPackageLocation'), parameters('storageAccountName'), parameters('storageObjectsRgName'), parameters('storagePurpose'), parameters('identityDomainName'), parameters('identityServiceProvider'), variables('varAzureCloudName'), parameters('workloadSubsId'), parameters('domainJoinUserName'), parameters('storageCustomOuPath'), parameters('ouStgPath'), parameters('fileShareName'), parameters('managedIdentityClientId'), parameters('securityPrincipalName'), parameters('storageAccountFqdn'))]"
"varSecurityPrincipalName": "[if(not(empty(parameters('securityPrincipalName'))), parameters('securityPrincipalName'), 'none')]",
"varStorageToDomainScriptArgs": "[format('-DscPath {0} -StorageAccountName {1} -StorageAccountRG {2} -StoragePurpose {3} -DomainName {4} -IdentityServiceProvider {5} -AzureCloudEnvironment {6} -SubscriptionId {7} -DomainAdminUserName {8} -CustomOuPath {9} -OUName {10} -ShareName {11} -ClientId {12} -SecurityPrincipalName {13} -StorageAccountFqdn {14} ', parameters('dscAgentPackageLocation'), parameters('storageAccountName'), parameters('storageObjectsRgName'), parameters('storagePurpose'), parameters('identityDomainName'), parameters('identityServiceProvider'), variables('varAzureCloudName'), parameters('workloadSubsId'), parameters('domainJoinUserName'), parameters('storageCustomOuPath'), parameters('ouStgPath'), parameters('fileShareName'), parameters('managedIdentityClientId'), variables('varSecurityPrincipalName'), parameters('storageAccountFqdn'))]"
},
"resources": [
{
Expand Down Expand Up @@ -36313,9 +36308,7 @@
"value": "[variables('varOuStgPath')]"
},
"managedIdentityClientId": "[if(variables('varCreateStorageDeployment'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Identities-And-RoleAssign-{0}', parameters('time'))), '2022-09-01').outputs.managedIdentityStorageClientId.value), createObject('value', ''))]",
"securityPrincipalName": {
"value": "[parameters('securityPrincipalName')]"
},
"securityPrincipalName": "[if(not(empty(parameters('securityPrincipalName'))), createObject('value', parameters('securityPrincipalName')), createObject('value', ''))]",
"domainJoinUserName": {
"value": "[parameters('avdDomainJoinUserName')]"
},
Expand Down Expand Up @@ -36352,7 +36345,7 @@
"_generator": {
"name": "bicep",
"version": "0.17.1.54307",
"templateHash": "5936570404205322394"
"templateHash": "1142525422127830618"
}
},
"parameters": {
Expand Down Expand Up @@ -36549,7 +36542,8 @@
],
"varWrklStoragePrivateEndpointName": "[format('pe-{0}-file', parameters('storageAccountName'))]",
"vardirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]",
"varStorageToDomainScriptArgs": "[format('-DscPath {0} -StorageAccountName {1} -StorageAccountRG {2} -StoragePurpose {3} -DomainName {4} -IdentityServiceProvider {5} -AzureCloudEnvironment {6} -SubscriptionId {7} -DomainAdminUserName {8} -CustomOuPath {9} -OUName {10} -ShareName {11} -ClientId {12} -SecurityPrincipalName {13} -StorageAccountFqdn {14} ', parameters('dscAgentPackageLocation'), parameters('storageAccountName'), parameters('storageObjectsRgName'), parameters('storagePurpose'), parameters('identityDomainName'), parameters('identityServiceProvider'), variables('varAzureCloudName'), parameters('workloadSubsId'), parameters('domainJoinUserName'), parameters('storageCustomOuPath'), parameters('ouStgPath'), parameters('fileShareName'), parameters('managedIdentityClientId'), parameters('securityPrincipalName'), parameters('storageAccountFqdn'))]"
"varSecurityPrincipalName": "[if(not(empty(parameters('securityPrincipalName'))), parameters('securityPrincipalName'), 'none')]",
"varStorageToDomainScriptArgs": "[format('-DscPath {0} -StorageAccountName {1} -StorageAccountRG {2} -StoragePurpose {3} -DomainName {4} -IdentityServiceProvider {5} -AzureCloudEnvironment {6} -SubscriptionId {7} -DomainAdminUserName {8} -CustomOuPath {9} -OUName {10} -ShareName {11} -ClientId {12} -SecurityPrincipalName {13} -StorageAccountFqdn {14} ', parameters('dscAgentPackageLocation'), parameters('storageAccountName'), parameters('storageObjectsRgName'), parameters('storagePurpose'), parameters('identityDomainName'), parameters('identityServiceProvider'), variables('varAzureCloudName'), parameters('workloadSubsId'), parameters('domainJoinUserName'), parameters('storageCustomOuPath'), parameters('ouStgPath'), parameters('fileShareName'), parameters('managedIdentityClientId'), variables('varSecurityPrincipalName'), parameters('storageAccountFqdn'))]"
},
"resources": [
{
Expand Down
8 changes: 4 additions & 4 deletions workload/bicep/deploy-baseline.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -960,7 +960,7 @@ module managementPLane './modules/avdManagementPlane/deploy.bicep' = {
startVmOnConnect: (avdHostPoolType == 'Pooled') ? avdDeployScalingPlan : avdStartVmOnConnect
workloadSubsId: avdWorkloadSubsId
identityServiceProvider: avdIdentityServiceProvider
securityPrincipalIds: array(securityPrincipalId)
securityPrincipalIds: !empty(securityPrincipalId)? array(securityPrincipalId): []
tags: createResourceTags ? union(varCustomResourceTags, varAvdDefaultTags) : varAvdDefaultTags
alaWorkspaceResourceId: avdDeployMonitoring ? (deployAlaWorkspace ? monitoringDiagnosticSettings.outputs.avdAlaWorkspaceResourceId : alaExistingWorkspaceResourceId) : ''
hostPoolAgentUpdateSchedule: varHostPoolAgentUpdateSchedule
Expand All @@ -987,7 +987,7 @@ module identity './modules/identity/deploy.bicep' = {
enableStartVmOnConnect: avdStartVmOnConnect
identityServiceProvider: avdIdentityServiceProvider
createStorageDeployment: varCreateStorageDeployment
securityPrincipalIds: array(securityPrincipalId)
securityPrincipalIds: !empty(securityPrincipalId)? array(securityPrincipalId): []
tags: createResourceTags ? union(varCustomResourceTags, varAvdDefaultTags) : varAvdDefaultTags
}
dependsOn: [
Expand Down Expand Up @@ -1167,7 +1167,7 @@ module fslogixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if
deployPrivateEndpoint: deployPrivateEndpointKeyvaultStorage
ouStgPath: varOuStgPath
managedIdentityClientId: varCreateStorageDeployment ? identity.outputs.managedIdentityStorageClientId : ''
securityPrincipalName: securityPrincipalName
securityPrincipalName: !empty(securityPrincipalName)? securityPrincipalName: ''
domainJoinUserName: avdDomainJoinUserName
wrklKvName: varWrklKvName
serviceObjectsRgName: varServiceObjectsRgName
Expand Down Expand Up @@ -1210,7 +1210,7 @@ module msixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if (cr
deployPrivateEndpoint: deployPrivateEndpointKeyvaultStorage
ouStgPath: varOuStgPath
managedIdentityClientId: varCreateStorageDeployment ? identity.outputs.managedIdentityStorageClientId : ''
securityPrincipalName: securityPrincipalName
securityPrincipalName: !empty(securityPrincipalName)? securityPrincipalName: ''
domainJoinUserName: avdDomainJoinUserName
wrklKvName: varWrklKvName
serviceObjectsRgName: varServiceObjectsRgName
Expand Down
4 changes: 2 additions & 2 deletions workload/bicep/modules/storageAzureFiles/deploy.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,8 +108,8 @@ var varAvdFileShareMetricsDiagnostic = [
]
var varWrklStoragePrivateEndpointName = 'pe-${storageAccountName}-file'
var vardirectoryServiceOptions = (identityServiceProvider == 'AADDS') ? 'AADDS': (identityServiceProvider == 'AAD') ? 'AADKERB': 'None'

var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -DomainAdminUserName ${domainJoinUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId} -SecurityPrincipalName ${securityPrincipalName} -StorageAccountFqdn ${storageAccountFqdn} '
var varSecurityPrincipalName = !empty(securityPrincipalName)? securityPrincipalName : 'none'
var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -DomainAdminUserName ${domainJoinUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId} -SecurityPrincipalName ${varSecurityPrincipalName} -StorageAccountFqdn ${storageAccountFqdn} '
// =========== //
// Deployments //
// =========== //
Expand Down
12 changes: 9 additions & 3 deletions workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,10 +169,16 @@ Try {
icacls ${DriveLetter}: /grant "Creator Owner:(OI)(CI)(IO)(M)"
icacls ${DriveLetter}: /remove "Authenticated Users"
icacls ${DriveLetter}: /remove "Builtin\Users"
# AVD group permissions
$Group = $DomainName + '\' + $SecurityPrincipalName
icacls ${DriveLetter}: /grant "${Group}:(M)"
Write-Log "ACLs set"
# AVD group permissions
if ($SecurityPrincipalName -eq 'none') {
Write-Log "AD group not provided, ACLs for AD group not set"
}
else {
$Group = $DomainName + '\' + $SecurityPrincipalName
icacls ${DriveLetter}: /grant "${Group}:(M)"
Write-Log "AD group $Group ACLs set"
}

Write-Log "Unmounting drive"
# Remove-PSDrive -Name $DriveLetter -Force
Expand Down

0 comments on commit 13643b5

Please sign in to comment.