This project demonstrates how to automate the installation of the DNS Server role on a non-Azure Windows Server by leveraging Azure Arc, Azure Storage Account, and the Custom Script Extension.
The target server was Arc-enabled and managed from the Azure Portal. A PowerShell script was hosted in Azure Storage and executed remotely using Azure Arc extension services to configure DNS.
- Azure Arc for Servers
- Windows Server 2022
- PowerShell
- Azure Storage Account (Blob)
- Azure CLI
- Azure Custom Script Extension
- Role-Based Access Control (RBAC)
- Azure Arc agent installed on the on-premises server.
- Server registered and visible in Azure Arc (Connected Machine).
- PowerShell script uploaded to Azure Storage Blob.
- Custom Script Extension triggered via Azure CLI.
- Script pulled from storage and executed on the server.
- DNS Server role installed, and DNS zone + sample record configured.
- Used public blob access only for demo purposes.
- In production, consider using SAS tokens or private endpoints.
- Applied Azure RBAC to limit extension deployment rights.
flowchart TD
LocalMachine[On-Prem Windows Server]
AzureArc[Azure Arc Agent]
Azure[Azure Portal]
Blob[Azure Storage Account<br>Blob Container]
Script[Install-DNS.ps1]
Extension[Custom Script Extension]
LocalMachine --> AzureArc --> Azure
Azure --> Extension
Extension --> Blob
Blob --> Script
Script --> LocalMachine