Latest Entries »

This article walks you through assigning product licenses to a group of users in Azure Active Directory (Azure AD) and then verifying that they’re licensed correctly:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-licensing-group-assignment-azure-portal

 

 

 

Advertisements

Azure AD Resources

Azure AD B2B: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-b2b-what-is-azure-ad-b2b

Azure AD what’s new: https://docs.microsoft.com/en-us/azure/active-directory/whats-new

 

Azure AD Blog: http://blogs.technet.com/b/ad/

Azure RMS blog: http://blogs.msdn.com/b/rms/

‘In the Cloud’: http://blogs.technet.com/b/in_the_cloud/

Office blog: http://blogs.office.com/

Intune blog: http://blogs.technet.com/b/microsoftintune/

Azure Active Directory Videos/Demos: http://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos

Getting Started with Azure Active Directory: https://msdn.microsoft.com/en-us/library/azure/dn499825.aspx

Set up Windows Azure ADhttp://blogs.technet.com/b/keithmayer/archive/2013/04/09/step-by-step-provisioning-windows-azure-active-directory-free-for-production-use.aspx

Azure AD connect: http://blogs.technet.com/b/ad/archive/2014/08/04/connecting-ad-and-azure-ad-only-4-clicks-with-azure-ad-connect.aspx

How to setup a new Windows forest in Azure: http://azure.microsoft.com/en-us/documentation/articles/active-directory-new-forest-virtual-machine/

How to assign Azure AD licenses to user accounts: http://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/How-to-assign-Azure-AD-Premium-Licenses-to-user-accounts

Assign EMS/Azure AD Premium licenses with PowerShell: http://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/Assign-EMS-Azure-AD-Premium-lics-with-PowerShell

Here are list of tip and tricks to use the AADSync tool:

AADSync technet ref: https://msdn.microsoft.com/en-us/library/azure/dn790204.aspx

AADSync blog: http://blogs.technet.com/b/aadsyncsupport/

Tips and tricks to manage Hyper-V server remotely from another computer in a workgroup:

In that example, the server and the client are in a workgroup. As a consequence there is no domain controller and by consequence kerberos is not possible. How to remotely manage hyper-V server from this client computer?

Reference article:

https://www.ivobeerens.nl/2015/08/28/manage-hyper-v-in-a-workgroup-remotely/

Configuration steps:

Both computers must be in the member of the same WORKGROUP

Both computers must have the same local username/password. And it must be member of local administrators group.

Create a local user to manage the hyperV service and put this account member of hyper-V administrators. On the client computer create also the same account with the same password.

Both computers must have the same time/date ; you can use net time \\server /set /y to synchronize the time

On hyper-V server:

On the server BIOS, enable the Virtualization support (CPU settings):

How to check if hyper-V hypervisor is running: https://technet.microsoft.com/en-us/library/ee941154(v=ws.10).aspx

RAID:  It is recommended to create the RAID using the Storage array directly on the server (at the boot time, by entering the Raid adapter tool). But to manage the hyperV storage remotely from the client (using Computer management “compmgmt.msc”): https://blogs.technet.microsoft.com/wincat/2012/05/02/what-needs-to-be-configured-to-do-remote-disk-management-of-a-server-core-installation-in-windows-server-2012-via-powershell/

Other article: https://www.pandatech.co/2015/04/remote-disk-management-on-windows-server-2012-core/

From a command line on the server start: SCONFIG

a.      Set Computer Name

b.      Joined Domain

c.      Set Network settings

d.      Downloaded updates

e.      Enable Remote Management   ( or from powershell: enable-PSRemoting)

f.      Enable RDP

g.      Enable Ping

h.      Telemetry Settings = security

2.      View Firewall Rules PowerShell

a.      Get-netfirewallrule | format-table name, displaygroup, action, direction, enabled -autosize

3.      Ran powershell: enable-netfirewallrule -DisplayGroup “File and Printer Sharing”

5.      Powershell: enable-netfirewallrule -DisplayGroup “Remote Event Log Management”

6.      Powershell: enable-netfirewallrule -DisplayGroup “Remote Volume Management”

7.      Powershell: enable-netfirewallrule -DisplayGroup “Remote Service Management”

8.      Cmd: netsh advfirewall firewall set rule group = “Windows Firewall Remote Management” new enable=yes

9.      winrm s winrm/config/client “@{TrustedHosts=”client”}”

10.      Set Virtual Disk Service to Auto Start and start it

 

 

On client computer (management computer):

1. Test to ping the hyper-V server (and vice versa)

2. Install the HyperV management tools and the management stack

3. On powershell: enable-PSremoting

4. allow Windows remote managenent: winrm s winrm/config/client “@{TrustedHosts=”server”}”

5. netsh advfirewall firewall set rule group=”Remote Volume Management” new enable=yes

 

6. DCOM configuration on client computer:

Open c:\windows\system32\dcomcnfg.exe, expand My Computer, properties, Security tab and allow ‘anonymous logon’ for local and remote access.

 

 

 

 

 

https://www.codetwo.com/admins-blog/how-to-change-language-in-office-365-portal-in-hybrid-environment

https://answers.microsoft.com/en-us/office/forum/office_365hp-office_account/office-365-how-do-i-change-my-default-language-not/00c77858-5eed-4058-8f95-81fc40e802d9?auth=1

How to dedicate DC to Exchange? and It is recommended to exclude the DC PDC server:

 To be performed on all exchange servers:

set-exchangeserver exchangesrv1.domain.local -StaticDomainControllers:NewDC1,NewDC2

set-exchangeserver exchangesrv1.domain.local -StaticGlobalCatalogs:NewGc1,NewGC2

set-exchangeserver exchangesrv1.domain.local -StaticExcludedDomainControllers:OldDc1,OldDC2

 

Articles:

Decommissioning WINS in a large company is not an easy task and side effects could be important:

  • Legacy applications
  • Legacy Windows systems, Samba-based servers
  • Old appliances, legacy SAN/NAS devices
  • Short names (and not FQDN) hardcoded in legacy or in-house developped applications
  • My Network Places (or Network Neighborhood) to quickly repopulate this browse list as the Browser service is still based on NetBIOS.
  • Any third-party network applications that leverage the browse list to find network resources users can attach to.
  • Microsoft DFS referrals (see below: The default behavior of DFS is to use NetBIOS names for all target servers in the namespace)
  • WINS could be necessary also for client vpn subnets (that need to resolve netBios names).

How to detect Wins traffic on a network using Firewall logs:

  • TCP 42 to detect WINS replications
  • The WINS Server services listen on UDP port 137 for incoming NetBIOS name resolution requests (to detect client computers/servers using WINS)

Very good article: http://techgenix.com/wins-still-needed/

Impact and changes:

  • Change DHCP scopes (removing option 44 on scopes)
  • Change local TCP/IP properties on all computers, servers to remove Wins servers
  • The default behavior of DFS is to use NetBIOS names for all target servers in the namespace:

https://saltwetbytes.wordpress.com/2007/08/30/windows-dfs-without-wins/

My personal recommendations:

WINS is not deprecated in 2012 R2 and in 2016 neither:

(https://docs.microsoft.com/en-us/windows-server/get-started/deprecated-features)

If you are configuring a new company from scratch try to not install WINS, else for an existing company with Windows applications and computers (100% in reality!), I would say that WINS is not necessary, but it is recommended. It is easy to install and to maintain. It is a faster to resolve and robust. Administration tasks are close to zero!

Reference article: https://blogs.technet.microsoft.com/office_resource_kit/2014/01/21/managing-updates-for-office-365-proplus-part-1/

Extracts:

Q1. Well…how do automatic updates work? Can I control them?

A1.  A default install of Office 365 ProPlus is configured to update automatically from the cloud.  Separately, each month a new build of Office 365 ProPlus is released in the cloud.  When a computer with Office 365 ProPlus detects that a new build is available, the difference – or delta – between the new build and the existing one is streamed down in the background.  Updates are then installed when Office apps/processes aren’t running. So, with the default configuration Office 365 ProPlus, you will always be up-to-date. IT Pros can customize the configuration by controlling if updates are searched and applied automatically and/or from which source this will happen.  (More on this in Managing Updates for Office 365 ProPlus – Part 2.)

 …

Q4. I use WSUS and/or System Center Configuration Manager to manage Office updates today.  Can I continue to use these products to update Office 365 ProPlus?

A4.  Automatic updates is a servicing model built into Office 365 ProPlus, and provides the ability to be always up to date, or “evergreen”, with security and functionality enhancements.  Office 365 ProPlus updates are not provided via Windows Update.  Some environments may prefer to use their existing software distribution tool to manage updates for Office 365 ProPlus, and this can be facilitated using the Office Deployment Tool.  Check out the References section below for more information.

….

How to use ODT for O365?

https://support.office.com/en-us/article/Overview-of-the-Office-2016-Deployment-Tool-bb5b62d9-1168-47e9-9d54-15a958acfcca?ui=en-US&rs=en-US&ad=US

Netsh command reference:

https://technet.microsoft.com/fr-fr/library/cc754516(v=ws.10).aspx

Examples:

https://networking.ringofsaturn.com/PC/netsh.php

Using Netsh to redirect a port to another computer:

https://technet.microsoft.com/fr-fr/library/cc731068(v=ws.10).aspx

How to create a wifi hotspot with netsh:

https://www.wikihow.com/Create-a-WiFi-Hotspot-Using-the-Command-Prompt

Using netsh with DHCP:

http://tipsforitpros.blogspot.com/2007/10/using-netsh-with-dhcp.html

 

 

Did you know that you can virtualize your Windows Server 2016 Essentials? Instead of hacking into Windows Server Essentials itself and using that as a Hyper-V host we go ahead and do it the official way and download Microsoft Hyper-V Server 2016 for free. Some administrators don’t like a server without a GUI (server core) but it has a lot of benefits compared to a full blown server with the GUI and roles installed.

  • It requires less resources.
  • It is more secure because the attack surface is smaller.
  • Reduced management.
  • Requires much less updates from Windows Update so less reboots needed.

For managing the Server Core with Hyper-V only we use a normal workstation with Windows 10 + RSAT (Remote Server Administration Tools). OK, admitted it is a little bit more complicated but it outweighs the benefits!

If you want to learn more Hyper-V Server 2016 I suggest What’s new in Hyper-V on Windows Server 2016 at Technet. Probably most important new feature is Windows PowerShell Direct. This allows you to run Windows PowerShell commands in a virtual machine from the host without an actual network connection. More reading here Manage Windows virtual machines with PowerShell Direct

Here are list of technical ressources to clone an old physical server/computer to a VM:

https://www.veeam.com/blog/fr/how-to-convert-physical-machine-hyper-v-virtual-machine-disk2vhd.html

others:

https://www.tutos-informatique.com/disk2vhd-transformer-ordinateur-physique-machine-virtuelle/

http://chrtophe.developpez.com/tutoriels/p2v/