Copying Azure resource groups between different Azure subscriptions or environments

Jeff Bowles, Principal Consultant, Microsoft Services

Overview

The Azure PowerShell module includes the Move-AzureRmResource cmdlet that allows you to move a resource to a different resource group or subscription, but it requires the subscriptions to be in the same tenant. What if you want to copy or move a resource group from a personal subscription (e.g. a free Microsoft Azure Pass)  to a subscription under your corporate tenant? Or what if you have a resource group defined in the AzureCloud environment that you want to copy to another subscription? It can be done, but it requires considerable time and effort to manually recreate the network resources, copy the virtual hard disks and attach to newly created virtual machines. To eliminate the manual effort, I created a PowerShell script that does the following:

  • Takes a resource group name as a required parameter.
  • Takes source and target environment names as parameters (Defaults to AzureCloud).
  • Prompts for authentication to the source subscription.
  • Reads storage accounts, blobs, virtual machines, public IPs, load balancers, network interface cards, network security groups, virtual networks and availability sets from the source resource group.
  • Exports the resource group to a JSON file.
  • Prompts for authentication to the target subscription.
  • Creates a new resource group with same name and new storage accounts based on source names. Storage accounts are renamed (appended with short GUID) if copy is within the same environment.
  • Creates target containers based on source and starts blob copy for all VHDs and other blobs in the source storage accounts.
  • Creates new networking objects based on attributes from source. DNS label of public IP is changed if the copy is within the same environment.
  • Waits for blob copy to complete. You can exit and restart script later by using the:

– resume switch

  • Creates new Virtual Machines based on attributes from the source – attaching to copied VHDs and recreated NICs.

This first version does not yet support copying the following objects but we’re hoping to add them in future versions.

  • V1 cloud services and VMs
  • Web App related services
  • SQL Server related services
  • Azure Automation related services

If you would like to participate in the continued improvement of this community development effort, the public repository can be cloned from: https://github.com/JeffBow/AzurePowerShell.  Check the issues log for the latest information.

Prerequisites

In addition to your Azure subscriptions, you need the following to use this script.

  • Windows PowerShell version 4.0 or newer.   This script was developed and tested for Windows PowerShell version 4 or version 5.
  • Azure PowerShell Modules: Azure PowerShell is a set of modules that provide cmdlets to manage Azure with Windows PowerShell.  This script uses Azure Resource Manager (ARM) cmdlets and checks for AzureRM.Profile version 2.10 or greater.   If you don’t have Azure PowerShell installed on your client, following the directions in this article.   How to install and configure Azure PowerShell
  • Copy-AzureRmResourceGroup PowerShell script: An Azure PowerShell script that copies an ARM resource group from one Azure subscription to a different subscription in a different tenant or environment.  Download this script from GitHub and save as

Copy-AzureRmResourceGroup.ps1     Be sure you get the Copy-AzureRmResourceGroup code and not the Clone-AzureRmResourceGroup.   The latter clones resources from one resource group to a new resource group (in the same or different location) within the same Azure Subscription and Tenant.

How to use:

The script includes comment based help that can be accessed with the following PowerShell command.  Get-Help .\Copy-AzureRmResourceGroup.ps1 -Full

  1. Identify the Azure resource group you want to copy and verify that all resources are supported.
  2. Have the credentials for both the source and target subscriptions ready.
  3. Enter the following command, where CONTOSO is your source resource group name.

.\Copy-AzureRMresourceGroup.ps1 -ResourceGroupName ‘CONTOSO’

  1. If you don’t enter the -ResourceGroupName parameter, you’ll be prompted for one. You must enter a valid resource group name to continue.
  2. If you don’t specify the -OptionalSourceEnvironment name, enter a valid environment name or press <Enter> to accept AzureCloud as the default.
  3. If you don’t specify the -OptionalTargetEnvironment name, enter a valid environment name or press <Enter> to accept AzureCloud as the default.
  4. Enter the credentials for the source subscription when prompted.
  5. The script will read the resource group and list the resources it will copy.
  6. Enter the credentials for the target subscription when prompted.
  7. The script will create a new resource group (after verifying available resources by location and checking for conflicts) and create new storage accounts.
  8. The script will start the blob copy and create new network resources.
  9. After new resources are created, the script will pause after checking on the blob copy. You can continue to wait, pressing <Enter> to refresh or you can exit the script.
  10. If you exit the script, you can restart after waiting. The blob copy can take several hours depending on how large the blobs were and where you are copying them.  To restart the script, use the -Resume switch similar to the following command.

.\Copy-AzureRMresourceGroup.ps1 -ResourceGroupName ‘CONTOSO’  -Resume

  1. After waiting or restarting, the blob copy will complete and the virtual machines are recreated in the new target resource group.
  2. Use the Azure Portal to verify the resources were recreated and are in a Running state.

Next steps

If you have an issue with using the script or have other ideas on how to improve or extend the solution, please provide feedback below or on GitHub.

As always, we welcome your comments and suggestions to help us continually improve your Azure Government experience. To stay up to date on all things Azure Government, be sure to subscribe to our RSS feed and to receive emails, click “Subscribe by Email!” on the Azure Government Blog.

To experience the power of Azure Government for your organization, sign up for an Azure Government Trial.

5 comments

Discussion is closed. Login to edit/delete existing comments.

  • The Occupier 0

    Hi Jeff. This script sounds like it does a “move” and not “copy”, am I right? Is there a way that i can copy instead? I want to copy from Dev to Test. Thanks

  • Jeff Bowles 0

    It actually does a copy, leaving the orginal in place.

  • Dmitry Shylgenko 0

    Hi, Jeff.
    Thank you very much for your nice article.
    I need to copy all resources to a new subscription of a new account to make test environment.
    I have some questions related to the task:
     – Does the script stop or restart source VMs while copying?
     – Does the script generate new IP for the public IP?
     – Does the script affect even any little things in source resource group?
    Kindly answer me.
    Your answers will help me much and much.
    I’ll wait for your answers.
    Thanks so much in advance.
    PS: The VMs are not using Managed Disks.

  • Jeff BowlesMicrosoft employee 0

    Hello Dmitry.   The script checks to see if the source VMs are running. If they are, the script halts and warns the VMs must be stopped manually.   The source resource group is not modified in anyway.  To avoid conflict with the source, DNS labels on the newly created Public IPs will be renamed by appending ‘new’ to the DNS name.  It does something similar for the newly created storage accounts but uses part of a random GUID to ensure no naming conflicts.  It also supports both standard and managed disks.  HTH

  • Ross Presser 0

    Is there any straightforward way to convert this script to use the newer

    Az

    module rather than the

    AzureRm

    module?

Feedback usabilla icon