Windows Azure PowerShell: One script to rule them all

Are you in mobility and you have lots of SQL Azure DB Servers to manage? Does your public IP address change often and you’re sick of having to manually change the SQL Azure firewall rules?

Good news, I’m going to show you a PowerShell script to automatically add a firewall rule to ALL your SQL Azure servers in ALL your subscriptions for your current public Internet IP Address.

PowerShellDownloadBefore start, just be sure that you have installed the latest Windows Azure PowerShell package, that you can download from

Setup your WA PowerShell subscriptions

The first part after downloading the Windows Azure PowerShell package is to setup the subscriptions you have access to. You will need to do this process only once, since the configuration settings will be stored in your profile, but perhaps you would like to revisit it later to add more subscriptions.

Configuring subscriptions by importing a .publishsettings file

The fastest way to setup the subscriptions is by importing a .publishsettings file containing an encoded management certificate data and subscription Ids:

1) Download your publish settings file:

PS C:> Get-AzurePublishSettingsFile

This will open a browser that, after introducing your LiveId, will automatically download your .publishsettings file. This file contains credentials to administer your subscriptions and services, so be sure to store it in a secure location or delete after use.

2) Import your .publishsettings file:

PS C:> Import-AzurePublishSettingsFile MyAzureCredentials.publishsettings

These settings will be stored inside “C:Users<UserName>AppDataRoamingWindows Azure PowerShell” folder.

Configuring subscriptions by using self-signed management certificate

Another way to setup your subscriptions would be to use your own self-signed management certificates, to avoid the automatic creation of management certificates in all your subscriptions and giving you more control on which subscriptions you are going to manage via PowerShell.

1) Create and Upload a Management Certificate for Windows Azure. Follow the instructions described in this MSDN article.

2) Run the following PowerShell script to access your subscription from PowerShell:

$subscriptionId = '<type your subscriptionId here>'

$subscriptionName = '<type a subscription name here>'

$thumbprint = '<paste your management certificate thumbprint here>'


$mgmtCert = Get-Item cert:\CurrentUserMy$thumbprint

Set-AzureSubscription -SubscriptionName $subscriptionName -SubscriptionId $subscriptionId -Certificate $mgmtCert

You can repeat this operation for each subscription you want to manage from PowerShell.

Finally, with both ways of configuring your Azure Subscriptions, you can verify which subscriptions you have setup by running “Get-AzureSubscription” Cmdlet.


One script to rule them all

Now that we have setup the subscriptions, the intention is to create a firewall rule in ALL the SQL Azure servers under ALL my subscriptions for my current public IP address, in order to manage them by using SQL Server Management Studio or whatever other tool.

Based on Alexander Zeitler’s blog post on the matter, I have added some modifications to build the following script that you can save in .ps1 file (I have called it RuleThemAll.ps1 Smile).

# Set a RuleName

$ruleName = "David Laptop"


# Get your public Internet IP Address

$externalIP = (New-Object net.webclient).downloadstring("") -replace "[^d.]"


# Loop all your subscriptions

Get-AzureSubscription | ForEach-Object { 

    Select-AzureSubscription $_.SubscriptionName


    # Loop all your SQL DB servers

    Get-AzureSqlDatabaseServer | ForEach-Object {

        $rule = Get-AzureSqlDatabaseServerFirewallRule -ServerName $_.ServerName -RuleName $ruleName

        if (!$rule) {

            New-AzureSqlDatabaseServerFirewallRule $_.ServerName -RuleName $ruleName -StartIpAddress $externalIP -EndIpAddress $externalIP 


        else {

            Set-AzureSqlDatabaseServerFirewallRule $_.ServerName -RuleName $ruleName -StartIpAddress $externalIP -EndIpAddress $externalIP 




After a while, you will have the rule enabled in all your servers in all your subscriptions.


Hope this helps,

David Rodriguez

DNN Azure Accelerator 2013 Q3 Released

DNNPoweredByAzureHi, today I have released a new version of the DNN Azure Accelerator, the tool to deploy DNN Platform instances on Windows Azure by using cloud services (PaaS model).

You can download the latest version from CodePlex:

New features

The new features included in this release need deeper details:

  • Packages and solution upgraded to Azure SDK 2.1: all the packages has been rebuilt by using the latest Azure SDK version available, that comes with more features and support for the latest cloud services features. Check the Azure SDK 2.1 release notes for more information. Note that the previous Accelerator packages were built using the SDK 1.8;
  • Changed the use of a mapped network drive for a symbolic link: to avoid remapping issues executing “net.exe use” and “net.exe delete” commands, the new method for mapping the network location has been introduced by using a symbolic link to the network share. As a consequence, you will no longer see the X: mapped network drive. To access the drive contents:
    • From the webrole that mounted the drive, you can access the drive contents by browsing F: drive (or B: if it’s the first mount)
    • From any webrole, included the one that mounted the drive, you can access the drive contents by browsing “C:ResourcesDirectory<RoleDeploymentId>.DNNAzure.SitesRootroot”. Note that the alias “C:ResourcesDirectorysitesroot” is also available, and it’s the one being used by IIS
  • Support for Web Platform Installer custom feeds: now you can specify a custom feed Url for Web Platform Installer, so you can automate the installation of custom addons using this way. To build your own custom feeds, check this blog post.

Another important thing that changed on this release, is that Azure Connect is no longer supported in favor of Virtual Network, so the Connect step in the Wizard has been removed. The new step to setup Virtual Network through the wizard has not been included in this release, but you can get it working by including your virtual network settings directly on the .cscfg files before starting to create the cloud service. For more information about how this can be achieved, check the Windows Azure Virtual Network Configuration Schema documenation.

Release notes

New Features

  • Packages and solution upgraded to Azure SDK 2.1
  • Changed the use of a mapped network drive for a symbolic link to avoid remapping issues (you will not see the mapped X: drive anymore)
  • Support for Web Platform Installer custom feeds
  • Rebranding changes


  • Fix for the CA2 certificate thumbprint that was being ignored
  • Fix for WebDeploy and FTP services while working on HA mode
  • Fixes around the drive unmount/mount logic when a failure is detected
  • Fix to include the databaseOwner and objectQualifier settings while creating the portal aliases for the Offline site
  • Fix to shorten the symbolic link path length (see for more info)
  • Implemented the RoleEnvironment.StatusCheck to programatically change the instance status from Busy to Ready after successfully setting up the IIS
  • Fix on the Compete for the lease process, causing a “Value cannot be null” exception after a deployment upgrade
  • Fix to modify the default connection limit to a higher value to avoid inrole caching connection timeouts
  • Fix to avoid 404 errors while calling the automatic installation process
  • Fix to add support for East US and West US in the accelerator Wizard


  • Azure Connect has been deprecated in favor of Virtual Networks. All Azure Connect support has been removed


Un saludo y happy coding!