Azure Automation Runbook Run Script on Arc Enabled Server

Andres Bohren
Azure Automation Runbook Run Script on Arc Enabled Server

Hi All,

I use several PowerShell Runbooks on a Azure Automation Account. That includes Maniuplation in Sharepoint, EntraId, Teams and Exchange Online. For Exchange Online, Teams and EntraID you can use Managed Identity.

In this Article, i will show you how to run an Azure Runbook from an Azure Automation Account on a Azure Arc Enabled Server.

From the Documentation it looks pretty easy

Azure Automation Agent-based User Hybrid Runbook Worker (Windows and Linux) will retire on 31 August 2024 and wouldn’t be supported after that date. You must complete migrating existing Agent-based User Hybrid Runbook Workers to Extension-based Workers before 31 August 2024. Moreover, starting 1 November 2023, creating new Agent-based Hybrid Workers wouldn’t be possible.

Source: Deploy an agent-based Windows Hybrid Runbook Worker in Automation

Automation Account

Let’s check out the Automation Account and the Hybrid Worker Groups > Create hybrid worker group

Give it a Name

I can only select a Virtual Machine running on Azure

Azure Arc Enabled Machine

Let’s switch over to the Arc Enabled Machine under Extensions > Add

I can select “Azure Automation Windows Hybrid Worker” but nothing happens if i click on “Next”

It took me many hours of troubleshooting to figure out how it works.

Finally i stumbled across this Thread

You have to fill out all those Variables

###############################################################################
# Create a HyridWorkerGroup with an Azure Arc Enabled Machine - ExtensionBased
# https://learn.microsoft.com/en-us/answers/questions/720043/how-to-deploy-arc-extension-microsoft-azure-automa
###############################################################################
$subscriptionId = "42ecead4-eae9-4456-997c-1580c58b54ba" #Automation Account sub id  
$resourceGroupName = "RG_DEV" #Automation Account RG  
$automationAccountName = "icewolfautomation" #Automation account name 
$token = (get-azaccesstoken).Token  
$hybridRunbookWorkerGroupName = "HyridWorkerGroupDemo" # HRWG group to be created  
$ARCSubscriptionId = "62585cfc-6e5b-48f7-bcb9-72cfad8dac0d" #ARC machine sub id  
$ARCresourceGroupName = "RG_ARC" #ARC machine RG  
$ARCmachineName = "ICESRV04" #ARC machine name  
$ARCMachinelocation = "westeurope" # ARC Machine location  
$ARCServerResourceId = "/subscriptions/62585cfc-6e5b-48f7-bcb9-72cfad8dac0d/resourceGroups/RG_ARC/providers/Microsoft.HybridCompute/machines/ICESRV04" #/subscriptions/$ARCSubscriptionId/resourceGroups/$ARCresourceGroupName/providers/Microsoft.HybridCompute/machines/$ARCmachineName

Now let’s run the Script

#Connect to Azure
Write-Host "Connect to Azure" -ForegroundColor Green
Connect-AzAccount

#Create HRW Group URI
Write-Host "Create Hybrid Worker Group" -ForegroundColor Green
$headers = @{Authorization = "Bearer $token"}
$createHRWGroupuri = "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Automation/automationAccounts/$automationAccountName/hybridRunbookWorkerGroups/$($hybridRunbookWorkerGroupName)?api-version=2021-06-22"
$contentType = "application/json"
$body = @{} | ConvertTo-Json
$response = Invoke-WebRequest -Uri $createHRWGroupuri -Method PUT -Headers $headers -Body $body -ContentType $contentType  
$response.Content
  
#To Confirm HRW Group Creation
Write-Host "Confirm Hybrid Worker Group" -ForegroundColor Green
(Invoke-WebRequest -Uri $createHRWGroupuri -Method Get -Headers $headers).Content
  
#Generate HRW id
$hrwId = New-Guid
  
#Create HRW URI
Write-Host "Create Hybrid Worker Group URI" -ForegroundColor Green
$createHRWuri = "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Automation/automationAccounts/$automationAccountName/hybridRunbookWorkerGroups/$hybridRunbookWorkerGroupName/hybridRunbookWorkers/$($hrwId)?api-version=2021-06-22"

$body = @"
{
"properties":{"vmResourceId": "$ARCServerResourceId"}
}
"@

$response = Invoke-WebRequest -Uri $createHRWuri -Method PUT -Headers $headers -Body $body -ContentType $contentType
$response.Content

#To Confirm HRW Creation make a get
Write-Host "Confirm Hybrid Worker Group" -ForegroundColor Green
(Invoke-WebRequest -Uri $createHRWuri -Method Get -Headers $headers).Content
  
##### HRW is not Visible yet in the portal#####
Write-Host "Add Azure Automation Windows Hybrid Worker Extension to Arc Machine" -ForegroundColor Green
#Retrieve Automation Account Hybrid URL
$automationAccountInfouri = "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Automation/automationAccounts/$($automationAccountName)?api-version=2021-06-22"  
$automationHybridServiceUrl = ((Invoke-WebRequest -Uri $automationAccountInfouri -Method Get -Headers $headers).Content) | ConvertFrom-Json | Select -expand properties | Select -expand automationHybridServiceUrl  
$automationHybridServiceUrl
  
$CreateARCExtensionUri = "https://management.azure.com/subscriptions/$ARCSubscriptionId/resourceGroups/$ARCresourceGroupName/providers/Microsoft.HybridCompute/machines/$ARCmachineName/extensions/HybridWorkerExtension?api-version=2021-05-20"
$CreateARCExtensionBody = @{
    'location'   = $($ARCMachinelocation)
    'properties' = @{
        'publisher'               = 'Microsoft.Azure.Automation.HybridWorker'
        'type'                    = 'HybridWorkerForWindows'
        'typeHandlerVersion'      = '1.1.13'
        'autoUpgradeMinorVersion' = $false
        'enableAutomaticUpgrade'  = $true
        'settings'                = @{
            'AutomationAccountURL' = $automationHybridServiceUrl
        }
    }
} | ConvertTo-Json -depth 2

#Create the Extension  
Invoke-WebRequest  -Uri $CreateARCExtensionUri -Method PUT -Headers $headers -Body $CreateARCExtensionBody -ContentType $contentType

The “HybridWorkerExtension” is installed but has an Update (I’ve updated the Script on top, so that you don’t have to install the Update)

Select the “HybridWorkerExtension” and hit “Update”

Confirm the installation of the Update

Now the HybridWorkerExtension is i good shape

Azure Automation Account

On the Azure Automation Account the Hybrid worker Group has been created

There is one Hybrid Worker attached

And it is the Azure Arc Enabled Server

Runbook

Let’s add a simple Runbook for testing

Give it a name and select PowerShell 5.1

I used the following PowerShell code to verify the Script runs on my Azure Arc Enabled Server > Hit “Test pane” to Run the Script

$env:computername
Get-NetIPAddress | Where {$_.AddressFamily -eq "IpV4" -and $_.AddressState -eq "preferred"} | select IPAddress

Select “Hybrid Worker” and hit “Start”

The Script was running on the Azure Arc Server

You can add Credentials

And should be able to use those Credentials on the Hybrid Worker Settings

Didn’t work in my case - the Jobs did run long and ended in Suspension. Works for my Requirements so far - so i don’t investigate furhter.

Regards
Andres Bohren

Azure Logo

PowerShell Logo