Tagging Azure Arc Connected Machines

Introduction

Tagging your resources in Azure is an essential practice to ensure proper organization, cost management, and governance. If you have rolled out Azure Arc for server agents but forgot to tag the resources, it’s not too late to start. In this post, we’ll walk through a simple PowerShell script to tag Azure Arc-connected servers using the Az and Az.ConnectedMachine modules.

First, we need to ensure that both the Az and Az.ConnectedMachine modules are installed. The script then defines a custom function, Get-ADTieringLevel, which retrieves the tiering level of a server based on its Organizational Unit (OU) in Active Directory. Next, the script queries Azure Arc-connected servers in a specified resource group and tags each server with its tiering level using the New-AzTag cmdlet.

				
					<#
    =================================================================================
    DISCLAIMER:
    This script is provided "as-is" with no warranties. Usage of this script is at
    your own risk. The author is not liable for any damages or losses arising from
    using this script. Please review the full legal disclaimer at:
    https://kaidojarvemets.com/legal-disclaimer/
    =================================================================================
#>
Connect-AzAccount
Set-AzContext XXXXX-XXXXX-XXXX-XXXX-XXXXXXX

Install-Module -Name Az.ConnectedMachine -Force -Verbose
Install-Module -Name Az -Force -Verbose

Function Get-ADTieringLevel
{

    Param(
        $ServerName
    )

    $OU = ([adsisearcher]"(&(name=$ServerName)(objectClass=computer))").FindOne().path
                
    If($OU.Contains("Domain Controllers") -or $OU.Contains("Tier0")){
        "TIER-0"
    }
    ElseIf($OU.Contains("Tier1")){
        "TIER-1"
    }
    ElseIf($OU.Contains("Tier2")){
        "TIER-2"
    }
    Else{
        "TIERING MISSING"
    }

}


$ResourceGroup = "RG-PROD-IT-AZURE-ARC-WE"
$ARCConnectedMachines = Get-AzConnectedMachine -ResourceGroupName $ResourceGroup

foreach($ARCMachine in $ARCConnectedMachines){

    $ADTieringLevel = Get-ADTieringLevel -ServerName $ARCMachine.DisplayName
    $Tags = @{
        "ADTieringLevel" = $ADTieringLevel;
    }

    New-AzTag -ResourceId $ARCMachine.Id -Tag $Tags

}

By using this script, you can quickly and easily tag your Azure Arc-connected servers based on their Active Directory tiering level. If you haven’t started tagging your resources, we encourage you to do so to improve resource organization and management.

Contact me

If you’re interested in learning about Tagging Azure Arc Connected Machines. I can help you understand how this solution can benefit your organization and provide a customized solution tailored to your specific needs.