Share this:

 

Celebrate World Backup Day & WIN with Altaro!

We all remember how grateful we were to have backup software when facing so many data loss mishaps and near-catastrophes.

If you manage your company’s Office 365 data, celebrate this World Backup Day with Altaro. All you have to do is sign up for a 30-day free trial of Altaro Office 365 Backup. If you share your biggest backup mishap with them, you get a chance to WIN one of the Grand Prizes:

· DJI Mavic Mini Drone FlyCam Quadcopter,

· Google Stadia Premiere Edition,

· Ubiquity UniFi Dream Machine

· Logitech MX Master 3 Advanced Wireless Mouse.

And guess what? For any eligible subscription they give you a guaranteed Amazon voucher!

What are you waiting for? Sign up now!

Good luck & happy World Backup Day!

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Share this:

Share this:

Recently a new option for AD sync is in preview Azure AD Connect cloud provisioning, Azure AD Connect Cloud Provisioning can run in a tenant already using Azure AD Connect Sync, Support for synchronizing to an Azure AD tenant from a multi-forest disconnected Active Directory forest environment. This is currently not possible with AD connect. and many organizations are struggling with this.

Simplified installation with light-weight provisioning agents: The agents act as a bridge from AD to Azure AD, with all the sync configuration managed in the cloud.

• Multiple provisioning agents can be used to simplify high availability deployments, particularly critical for organizations relying upon password hash synchronization from AD to Azure AD.

The common scenarios include merger & acquisition, where the acquired company’s AD forests are isolated from the parent company’s AD forests and companies that have historically had multiple AD forests.

Multiple provisioning agents can be used to simplify high availability deployments, particularly critical for organizations relying upon password hash synchronization from AD to Azure AD.

Here I have a sample of 3 the same used accounts but different domain, now with the Azure Active Directory (Azure AD) Connect Cloud Provisioning they are synced into a single AAD.

If there is a firewall between your servers and Azure AD, configure the following items:

Ensure that agents can make outbound requests to Azure AD over the following ports:

Port number and How it’s used

• 80  Downloads the certificate revocation lists (CRLs) while validating the SSL certificate
• 443 Handles all outbound communication with the service
• 8080(optional) Agents report their status every 10 minutes over port 8080, if port 443 is unavailable. This status is displayed on the Azure AD portal.

Also the Following URL’s need to be unblocked.

• exception for:
  • *.msappproxy.net
  • *.servicebus.windows.net
  • login.windows.net
  • login.microsoftonline.com
  • mscrl.microsoft.com
  • crl.microsoft.com
  • ocsp.msocsp.com
  • http://www.microsoft.com
  • or if you can’t manage URL you need to allow the Azure IP address (see https://www.microsoft.com/download/details.aspx?id=41653) But this could be a big list.

You can test access using the test portal  https://aadap-portcheck.connectorporttest.msappproxy.net/

Now that I know that all the ports are open we can start with the deployment.

Go to the Azure portal and open the Active directory Blade.

https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/AzureADConnect

When clicking the Provisioning link the new window opens with the download Agent in the ribbon.

Now that we have downloaded the Agent we can start the installation, Keep in mind if you don’t have installed the latest .NET version you need to install this and it will take a kernel reboot.

A quick setup and our next step is the Configuration.

Us a service account for the Sync, and keep in mind that your domain settings are correct else all the accounts got synced with the *.onmicrosoft.com

My local Active directory domain.

In this demo I use the Administrator but don’t use this account in you production site. Create a proper account for this.

Now that the AD is connected we can kick off the sync and move on to the next steps/

The Agent is creating two services on the sync server.

In the Azure portal you can see the sync status. I did already do a couple of installs so no panic if your layout is different.

Now we are checking if the Agent is running and use review all agents as default there is an extra step to take

 

In previews you can always give feedback so when the product is GA there is a good chance that the menu’s will change.

As you can see it is active, If it is not active check the Services on the on-premises server where you installed the Agent

You can also your external public IP

You can also check the services state:

• Microsoft Azure AD Connect Agent Updater (in charge of updating to the latest agent version)
• Microsoft Azure AD Connect Provisioning Agent (in charge of the synchronization)

Our next step is configuring the Azure AD Connect cloud provisioning, using password hash and setup a notification email.

Now that the configuration is complete we are ready for production

we save this config and check the agent health status.

For testing you can use the Cloud applications portal. https://myapps.microsoft.com

When logging in you will see the apps that are assigned to that user.

Configuration changes are synced every 2 minutes while the provisioning interval is every 40 minutes.

All agent activities are logged into the Applications and Services Logs\Microsoft\AzureADConnect\ProvisioningAgent\Admin

AgentUpdater for any agent updated activities (you will see there if there has been an update) or ProvisioningAgent for any provisioning activities.

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Share this:

ALTARO FREE WEBINAR

Microsoft Azure Certifications Explained – A Deep Dive for IT Professionals in 2020 

It’s common knowledge, or at least should be, that certifications are the most effective way for IT professionals to climb the career ladder and it’s only getting more important in an increasingly competitive professional marketplace. Similarly, cloud-based technologies are experiencing unparalleled growth and the demand for IT professionals with qualifications in this sector are growing rapidly. Make 2020 your breakthrough year – check out this free upcoming webinar hosted by two Microsoft cloud experts to plan your Azure certification strategy in 2020.

The webinar features a full analysis of the Microsoft Azure certification landscape in 2020, giving you the knowledge to properly prepare for a future working with cloud-based workloads. Seasoned veterans Microsoft MVP Andy Syrewicze and Microsoft cloud expert Michael Bender will be hosting the event which includes Azure certification tracks, training and examination costs, learning materials, resources and labs for self-study, how to gain access to FREE Azure resources, and more.

Altaro’s webinars are always well attended and one reason for this is the encouragement for attendee participation. Every single question asked is answered and no stone is left unturned by the presenters. They also present the event live twice to allow as many people as possible to have the chance of attending the event and asking their questions in person!

For IT professionals in 202, and especially those with a Microsoft ecosystem focus, this event is a must-attend!

The webinar will be held on Wednesday February 19, at 3pm CET/6am PST/9am EST and at again 7pm CET/10am PST/1pm EST. I’ll be attending so I’ll see you there!

Save your free webinar seat 

 

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Share this:

This Blog post is about Azure Arc, how to set this up and get you started with Azure Arc. For customers who want to simplify complex and distributed environments across on-premises, edge and multi cloud, Azure Arc enables deployment of Azure services anywhere and extends Azure management to any infrastructure.

So Azure Arc is not a replacement for the old Azure Server manager tools! So no remote RDP or open MMC only log analytics, policy’s, CLI etc. https://robertsmit.wordpress.com/2016/08/25/azure-server-management-tools-manage-your-servers-from-anywhere-servermgmt-azure-smt/

That could be a really nice add on to Windows Admin center #WAC best tools available in Azure and on premise.

The hybrid management could be done with Windows admin center on a VM running into Azure. https://robertsmit.wordpress.com/tag/windows-admin-center/

Azure Arc is in preview At this time, there is no cost to use this service. as long as it is in Preview. Configuring this is been done from the Azure portal. And get your non Azure servers also connected to Policy’s and security center.

Starting with Azure Arc is done in a few easy steps.

Sign up for the preview  https://aka.ms/hybridmachineportal

first we open the Azure portal and go to Azure Arc or use the url https://aka.ms/hybridmachineportal

I signed up for the Organize & govern across environments so go to manage servers to get into the next menu.

Sign up for the preview  https://aka.ms/hybridmachineportal

First we need to add the Server ( register the server to Azure Arc)

Adding the server to Azure Arc can be done with a provided PowerShell script

The downloaded script contains the following.

$sp = New-AzADServicePrincipal -DisplayName "Arc-for-servers" -Role "Azure Connected Machine Onboarding"

$sp

New-AzRoleAssignment -RoleDefinitionName "Azure Connected Machine Onboarding" -ServicePrincipalName $sp.ApplicationId

$credential = New-Object pscredential -ArgumentList "temp", $sp.Secret
$credential.GetNetworkCredential().password

# Download the package
Invoke-WebRequest -Uri https://aka.ms/AzureConnectedMachineAgent -OutFile AzureConnectedMachineAgent.msi

# Install the package
msiexec /i AzureConnectedMachineAgent.msi /l*v installationlog.txt /qn | Out-String

As you can see the agent is downloaded and installed as a new App registration so make sure you have to proper Azure Rights when doing this.

Adding this to a resource group and a Region.

Make sure you select the proper OS.

I add also the server Tags to the servers just as I do this for the Azure VM’s.

Now we can download the complete PowerShell script

# Download the package
Invoke-WebRequest -Uri https://aka.ms/AzureConnectedMachineAgent -OutFile AzureConnectedMachineAgent.msi

# Install the package
msiexec /i AzureConnectedMachineAgent.msi /l*v installationlog.txt /qn | Out-String

# Run connect command
& "$env:ProgramFiles\AzureConnectedMachineAgent\azcmagent.exe" connect –resource-group "MVPRSG-Azure-Arc" –tenant-id "xxxxxxxxxxxx" –location "westus2" –subscription-id "xxxxxxxxxxxx" –tags "Arc=Server-DC01"

After running this script there is a URL https://microsoft.com/devicelogin and you will need the CODE provided by the script

https://microsoft.com/devicelogin

This will add the Azure AD and you will need to sign in.

When correctly signed in the message is successfully.

Looking in the Portal the machine is Connected.

At this point you can set Azure policy’s and send data to the Azure log analytics.

In the Azure resources Overview you can see the Servers and the Type with a different Icon.

For Now Azure Arc is a bit limited for the windows servers, If this will be combined with the Old Server Management tools then you have a great option to manage the on premise servers. Currently it is still in preview so I expect a lot of changes during the year.

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

 

Share this:

 

FREE eBook – The SysAdmin Guide to Azure Infrastructure as a Service

Many system administrators have been working with on-premises infrastructure for their whole careers so moving to a cloud-based environment can feel like a leap of faith. However, making the leap to Azure doesn’t have to be daunting. With the right preparation it can be a smooth transition, consistent with your current on-premises configuration.

This free eBook written by veteran IT consultant and Microsoft Certified trainer Paul Schnakenberg covers all aspects of setting up and maintaining a high-performing Azure IaaS environment. It starts from the very basics, introducing key terms and features you need to get started, including migration, and goes on to explain everyday maintenance and best practices before covering more advanced features.

To get the best results from this eBook, it is recommended to follow along with the step-by-step tutorials using your own Azure subscription. If you don’t currently have access, the eBook explains how to set up a free 30-day trial alongside $200 worth of Azure resources to use and 12 months of additional free resources!

Altaro consistently delivers high-quality eBooks that are packed full of valuable guidance for system administrators and this latest eBook is no exception. If you currently use Azure IaaS or are planning to use it, this is an awesome free resource that you definitely should not miss.

Download your free eBook today

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

WVD service principal name Powershell

Windows virtual desktop is GA and already there are tons of blog post on how to install windows virtual desktop, first steps on windows virtual desktop.

I see a huge demand on WVD, Customers wants to try this and see the difference between the traditional RDS setup.  And yes its all Azure but thanks can be build and tested. and there comes all the different builds and setups. Different places to go, and management is a pain no GUI available from Microsoft there is only PowerShell. Not a bad thing but testing the windows virtual desktop leaves me multiple tenants and host pools dead.

Well I thought lets do a Step By Step windows virtual desktop, Well not exactly I’ll believe you can follow the wizard in Azure and Do all the prereq’s by your self. In this blog post it could be that not all host pools and tenant names are the same as I had a lot of test WVD configs.

As we all know the Infrastructure that is needed for windows virtual desktop, we also know that a lot can go wrong and then where to look ?

So to start with windows virtual desktop I created a little Powershell script that does step 1

Install-Module -Name Microsoft.RDInfra.RDPowerShell
Import-Module -Name Microsoft.RDInfra.RDPowerShell

#Setup Settings, TenantName of WVD tenant, Hostpool name
$Hostpool       = “WVDpool01”
$HPFriendlyName  = “Win10 + O356”
$TenantName     = “ClusterMVP”
$TenantGroupName = “Default Tenant Group”
$AppGroupName    = “Desktop Application Group”
$AadTenantId    = “111111-2222222-33333”
$subscriptionId = “111111-2222222-33333″
$UPN=”adminclu@clustermvp.local”

#Sign in to Windows Virtual Desktop
Add-RdsAccount -DeploymentUrl “https://rdbroker.wvd.microsoft.com”

#New Tenant Keep in mind that Access rights need to be set before doing the next step.
New-RdsTenant -Name $tenantName -AadTenantId $AadTenantId -AzureSubscriptionId $subscriptionId
#
#Hostpool
#Create new Hostpool
New-RdsHostPool -TenantName $tenantName -FriendlyName $HPFriendlyName -name $hostpool -ValidationEnv $true
Get-RdsHostPool -TenantName $tenantName

 

When Doing these steps I already got errors not on the script but on the basic steps

Get-RdsTenant : User is not authorized to query the management service.

The user is global admin uber god in Azure and in the domain. Well you need to give the account that you are using for the installation access. in the Virtual Desktop APP.

I like to see what happened so often I use an extra Get- to see the values .

But these errors I hate them, Why can it be so hare to deploy some machines and use RDS, Well it’s a 3 fase installer.

• Granting the Domain + subscription
• Powershell stuff to prep things
• Install Azure VM’s

And then the setup needs to embed in your infrastructure. Think I saw a lot of issues, during the first RDMI rollouts I thought this is complicated a created a full rollout script, but things changed during the program and at some points I could not get windows virtual desktop Installed several tries etc not good,

Tons of failure on all kind of errors samples are below.

—————————————————————————————–

VM has reported a failure when processing extension ‘joindomain’

the error is Deployment error: “VMExtensionProvisioningError”.
Details error message are:
{“code”:”DeploymentFailed”,”message”:

Operation ‘Update VM’ is not allowed on VM ‘FIBWVD-0’ since the VM is marked for deletion.

“The resource operation completed with terminal provisioning state ‘Failed’.”

statusCode”: “Conflict”,

“VM has reported a failure when processing extension ‘joindomain’. Error message:
\”Exception(s) occured while joining Domain

Error message: \\\”DSC Configuration

——————————————————————————————–

Well I have multiple Domain names added to my Azure AD and Running a VM as DC with multiple domain names.  Azure Connect syncs them to Azure AD but standard well it depends, That’s why I thought lets create a backwards blog about windows virtual desktop #WVD.

More about errors can be found here 

https://docs.microsoft.com/en-us/azure/virtual-desktop/diagnostics-role-service#common-error-scenarios

 

During all my test I noticed my Tenant Names where in use and different all meshed up. Removing them is easy but also in steps.

First my sample here

Get-RdsHostPool -TenantName ACACOMPUTERS

This shows you the host pools for the login user

get-RdsAppGroup -TenantName ACAComputers -HostPoolName ACA-HostPool

So removing the hostpool is not

Remove-RdsHostPool -TenantName ACAComputers -HostPoolName ACA-HostPool

That seems logical, then lets see the application groups

get-RdsAppGroup -TenantName ACAComputers -HostPoolName ACA-HostPool

There are Two application Groups : the default one and an extra created.

AppGroupName    : Desktop Application Group

AppGroupName    : MVP-WVD

Remove-RdsAppGroup -TenantName ACAComputers -HostPoolName ACA-HostPool -Name “MVP-WVD” –Verbose

even with the verbose nothing no warning no error.

Remove-RdsHostPool -TenantName ACAComputers -HostPoolName ACA-HostPool -Verbose

Now the Hostpool can be removed and no warning

 

Setting up a fresh new installation of WVD is easy, but the first setup is a bit painful but if you follow the steps you can’t go wrong.

GO to the  https://rdweb.wvd.microsoft.com Add the Azure AD ID keep in mind if you are running a CSP subscription or you are not the owner it may that your account is blocked to create enterprise apps then this will fail and you can’t setup WVD.

Do this for Client and Server

Then give the users access to the Windows Virtual Desktop App, these are the installation accounts.

Open the app and add users or groups.

 

Now you can sign in and start the deployment

#Sign in to Windows Virtual Desktop
Add-RdsAccount -DeploymentUrl https://rdbroker.wvd.microsoft.com

 

 

 

You can also use a service principal name

#############

Set users or Create service principal name

# create the service principal:
$aadContext = Connect-AzureAD
$svcPrincipal = New-AzureADApplication -AvailableToOtherTenants $true -DisplayName “Windows Virtual Desktop Svc Principal”
$svcPrincipalCreds = New-AzureADApplicationPasswordCredential -ObjectId $svcPrincipal.ObjectId

#Here are the three credentials you should write down and the cmdlets you need to run to get them
$svcPrincipalCreds.Value
$aadContext.TenantId.Guid
$svcPrincipal.AppId

#Set Rolassignment
New-RdsRoleAssignment -RoleDefinitionName “RDS Owner” -ApplicationId $svcPrincipal.AppId -TenantName $tenantName

#Sign in with the service principal
$creds = New-Object System.Management.Automation.PSCredential($svcPrincipal.AppId, (ConvertTo-SecureString $svcPrincipalCreds.Value -AsPlainText -Force))
Add-RdsAccount -DeploymentUrl “https://rdbroker.wvd.microsoft.com” -Credential $creds -ServicePrincipal -AadTenantId $aadContext.TenantId.Guid

This is All perfect But often I noticed that the WVD host where added to the domain but failed in something, the VM was fine and there was a folder with the deployment agent. and this got me thinking what If you install this on what ever OS, You could even use the WVD portal to connect to your own laptop.

 

Manual ADDING New WVD (Windows virtual desktop) Host to the Pool or a failed on.

The manual add Server to the host pool is also a process when you start with 1 server and add later extra servers to the pool.

but we will need a token to add the WVD host to the pool, like in RDS add the Role not the Role is an agent that is running on the VM

There are several ways to export the key I like them to capture this in screen and to the clipboard.

$WVDToken = New-RdsRegistrationInfo -TenantName $tenantName -HostPoolName $hostpool -ExpirationHours 2
$WVDToken.Token | Set-Clipboard
##
$WVDToken.Token

#When using the Clipboard then use this.
Export-RdsRegistrationInfo -TenantName $tenantName -HostPoolName $hostpool | Select-Object -ExpandProperty Token | Set-Clipboard

Now we have the key but it is only valid for 2 hours.

Now I go to my failed Windows 10 host and start the installation of the Agent.

If you don’t have the Agent installer you can download it. In this case I use a failed WVD host during deployment.

Download and install the Windows Virtual Desktop Agent.

• Download the Windows Virtual Desktop Agent.

Use the Token in the installer

The next installer is the bootloader 

Download and install the Windows Virtual Desktop Agent Bootloader.

• Download the Windows Virtual Desktop Agent Bootloader.

 

Now that the Agent and the Bootloader is installed. We need two more steps.

Download the Windows Virtual Desktop side-by-side stack and run the installer.

As a final step – Download this script to activate the side-by-side stack. Save this as powershell script “ps1” or run this directly.

After running the SxS components you and use the portal  https://rdweb.wvd.microsoft.com/webclient/index.html

In this setup I used the Full desktop – This is also default –

Running this in a Window or use the Remote app in your Windows

• Download the Remote Desktop client here.
• Install the client. You don’t need administrator privileges if you are only installing it for your own user account.
• Open the newly installed Remote Desktop app.
• On the Let’s get started screen, click Subscribe to subscribe to a feed.

Installation source on a failed WVD host

 

[!IMPORTANT] To help secure your Windows Virtual Desktop environment in Azure, we recommend you don’t open inbound port 3389 on your VMs. Windows Virtual Desktop doesn’t require an open inbound port 3389 for users to access the host pool’s VMs. If you must open port 3389 for troubleshooting purposes, we recommend you use just-in-time VM access.

 

 

 

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Share this:

This year, win your gifts with  the #AltaroHolidayContest

This Holiday Season, Altaro is helping you out with your Holiday Shopping: they’re giving you the chance to WIN fantastic gifts that you can give to your loved ones!

It’s no secret that Holiday shopping can be stressful and very time-consuming. So this year, whether you need a present for your partner, your children, your parents and in-laws, or your friends… Altaro’s got your back. Enter and share it on socials for a chance to WIN one of the Grand Prizes: a Holy Stone GPS FPV RC Drone HS100, an All-Access MasterClass pass,

Lomography Lomo’Instant San Sebastian, an Echo Plus (Smart Home Hub), a Wii Console & Mario Kart for Wii, 2x Netflix Gift Cards of $100 each, and a JBL Clip Portable Waterproof Speaker.

And guess what? For any eligible subscription they give you a guaranteed Amazon voucher!

So, if you are a Hyper-V or VMware user, download Altaro’s VM Backup and follow the instructions you will find over here to WIN these exciting prizes!

Good luck & Happy Holidays!

---