- Windows 2012 R2 Update Rollups
http://social.technet.microsoft.com/wiki/contents/articles/23823.list-of-rollup-updates-for-windows-8-1-and-windows-server-2012-r2.aspx - DHCP Policies in Windows Server 2012
http://blogs.technet.com/b/teamdhcp/archive/2012/08/22/granular-dhcp-server-administration-using-dhcp-policies-in-windows-server-2012.aspx
- Ensuring High Availability of DHCP using Windows Server 2012 DHCP Failover
http://www.blogger.com/blogger.g?blogID=6182238178402557202#editor/target=post;postID=2649739028028900978
- Bringing PowerShell to DHCP Server
http://www.blogger.com/blogger.g?blogID=6182238178402557202#editor/target=post;postID=2649739028028900978
- IP Address Management (IPAM) Overview
http://technet.microsoft.com/library/hh831353.aspx
- Password Replication Policy
http://technet.microsoft.com/en-us/library/cc730883(v=ws.10).aspx
Wednesday, July 31, 2013
Windows Server 2012 Links
Following at some link to relevant articles regarding Microsoft Server 2012.
Labels:
Microsoft,
Windows 2012
Tuesday, July 30, 2013
Setup Onramp Login Requirements
Setup Onramp Login Requirements
Note: When launching the Office 365 OnRamp wizard (either from the Admin page or directly thru a URL), it is a requirement that you use a Login ID that exists both as a Office365 and AD as a UPN.
Example: Do not use the Original Tenant login for Office365, unless you have carefully created an identical account in AD that has the same UPN as the Office365 account.
Instead, set up DirSync first, and then elevate one of the AD Accounts to an Office365 Global Administrator. Then use this account to log in to your Server and to log in to Portal.microsoftonline.com. When you then run the Setup wizard you will get meaningful results.
The symptoms of an account that cannot log in to AD (don't assume that your current account is used), is that you will get an "unknown" status for all of the tests that need to talk to AD.
Also, if you are having trouble running the Office365 Setup wizard, you can enable debugging in IE to see what it is having trouble with. Prior to running the Environmental Checks, hit F12 and select Console. Look for any obvious errors in the console information.
- You need to add Office365.com as a trusted site in IE in order to be able to install the ActiveX control to run the tests
- You also need to log in to the Server and Office365 using credentials that have the same UPN.
Note: When launching the Office 365 OnRamp wizard (either from the Admin page or directly thru a URL), it is a requirement that you use a Login ID that exists both as a Office365 and AD as a UPN.
Example: Do not use the Original Tenant login for Office365, unless you have carefully created an identical account in AD that has the same UPN as the Office365 account.
Instead, set up DirSync first, and then elevate one of the AD Accounts to an Office365 Global Administrator. Then use this account to log in to your Server and to log in to Portal.microsoftonline.com. When you then run the Setup wizard you will get meaningful results.
The symptoms of an account that cannot log in to AD (don't assume that your current account is used), is that you will get an "unknown" status for all of the tests that need to talk to AD.
Also, if you are having trouble running the Office365 Setup wizard, you can enable debugging in IE to see what it is having trouble with. Prior to running the Environmental Checks, hit F12 and select Console. Look for any obvious errors in the console information.
Labels:
Office365
Friday, July 26, 2013
Office 365 - Change your default email domain
Office 365 - Change your default email domain
After you set up your custom domain in Office 365 (like mycompany.ca, for example), you can change the default domain that appears for new email addresses when you Add users.
To change the default domain:
- Go to your organization’s Office 365 profile:
- Go to Admin => Office 365
- In the upper right, click your organization’s name
- Click Edit.
- Choose a new default domain from the list of domains, and then save your changes.
Friday, July 12, 2013
Office365 DIRSYNC, How to Set a Partition to limit the number of objects that are Synced from AD
The default install of DIRSYNC will synchonize your entire AD with Office365.
To my way of thinking, this is excessive and unnecessary.
During the install, at the end of following running Configuration Wizard, you will be asked if you wish to "Synchronize now". Uncheck this box and then, after a reboot, follow the instructions below:
Step 1:
Step 4:
To my way of thinking, this is excessive and unnecessary.
During the install, at the end of following running Configuration Wizard, you will be asked if you wish to "Synchronize now". Uncheck this box and then, after a reboot, follow the instructions below:
Step 1:
- Create a shortcut to C:\Program Files\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell\miiclient.exe (Synchronization Service Manager)
- Change the advanced properties to Run as Administrator.
- Launch this tool
- After the install, Open Active Directory Users and Computers and search for all users starting with "MSOL_". You will see that there is a new account called "MSOL_6b06ffadffb5" or some such giberish. The number is different on every Server.
- Change the password on this account to something secure, that you can enter in the Service Manager
- In Synchronization Service Manager, click on the Management Agents button, and highlight Active Directory Connector.
- Click Actions and then Properties
- Click on the "Connect to Active Directory Forest" menu on the left.
- Enter the Password that you assigned to the default account
- Click "Configure Directory Partitions". It will verify the AD credentials and change to the "Configure Directory Partitions" menu.
- Click on the Containers button
- Uncheck the select at the root of the Domain, and instead select the appropriate OU(s) that you wish to sync.
Step 4:
- Verify DirSync. Do this by opening up Powershell, and adding the snapin
ADD-PSSnapin Coexistence-Configuration - Type Start-OnlineCoexistenceSync
- Watch the Status screen of the Synchronization Service Manager
- Make sure that you see "Success" for each of the 4 tasks.
Office365 DIRSYNC Password Sync Scenario
This entry demonstrates a successful implementation of DIRSYNC with Password Sync.
Step 1:
First, you need to install the DIRSYNC that was released on June21, 2013. If you are not sure which version that you are currently running, see http://aerobatgeek.blogspot.ca/2013/07/office365-dirsync-versions.html
Note that in order to be successful, you will need to uninstall any previous version, and also be sure to reboot after the uninstall.
Step 2:
Install DIRSYNC, including Password Sync. I will leave details to other posts.
Remember to Reboot after the install.
Also, it is my advice to NOT select "Synchronize Now". You should set the scope first.
For instructions on how to limit the scope of which accounts are Synced from AD, see post http://aerobatgeek.blogspot.ca/2013/07/office365-dirsync-how-to-set-partition.html
Step3:
Once the scope has been selected (in my case a single OU), then you can trigger a manual DIRSYNC.
On the DIRSYNC Server, launch Powershell with elevated Privileges.
Load the commandlet by typing the following:
PS C:\Windows\system32> Add-PSSnapin Coexistence-Configuration
then type
PS C:\Windows\system32> Start-OnlineCoexistenceSync
If you launch miicleint, you will see the Synchronization events.
Step 1:
First, you need to install the DIRSYNC that was released on June21, 2013. If you are not sure which version that you are currently running, see http://aerobatgeek.blogspot.ca/2013/07/office365-dirsync-versions.html
Note that in order to be successful, you will need to uninstall any previous version, and also be sure to reboot after the uninstall.
Step 2:
Install DIRSYNC, including Password Sync. I will leave details to other posts.
Remember to Reboot after the install.
Also, it is my advice to NOT select "Synchronize Now". You should set the scope first.
For instructions on how to limit the scope of which accounts are Synced from AD, see post http://aerobatgeek.blogspot.ca/2013/07/office365-dirsync-how-to-set-partition.html
Step3:
Once the scope has been selected (in my case a single OU), then you can trigger a manual DIRSYNC.
On the DIRSYNC Server, launch Powershell with elevated Privileges.
Load the commandlet by typing the following:
PS C:\Windows\system32> Add-PSSnapin Coexistence-Configuration
then type
PS C:\Windows\system32> Start-OnlineCoexistenceSync
If you launch miicleint, you will see the Synchronization events.
Step 3: Look in the Event viewer to see if the passwords were synced.
Notice Event ID's 656,657, and then 653,654, indicating a fully successful sync.
Step 4:
If the above command does NOT trigger a password sync, you can force it by following the following steps:
- Edit the Registry and set HKLM\SOFTWARE\Microsoft\MSOLCoExistence\PasswordSync\FullSyncRequired = 1
- Restart the service Forefront Identity Manager Synchronization Service
- Check the event viewer again.
If all of that doesn't work perfectly, see the following:
- Password synchronization troubleshooting guide for Office 365 =>
http://support.microsoft.com/kb/2855271
Office365 Dirsync Version(s)
Microsoft released a new version of DIRSYNC recently that now includes Password Sync.
This does not replace ADFS for User Authentication (especially "Single Signon"), but does provide "same signon".
The big issue that I found was how to determine what version of DIRSYNC that I had installed, and how to determine if a new download was required.
It turns out that this is not so easy. To be honest, as much as I admire Microsoft for how thoroughly they have documented Office365, they are painful in their inconsistency on some things.
Normally I would assume that at the very least that the install of any version would have a version number in "Programs and Features".
I installed what was the current version on June 2, (this was released Jan 30,2013) and this is what is displayed:
This is a version that is even older, and has a different icon. I mention this because this show up in some blogs.
This does not replace ADFS for User Authentication (especially "Single Signon"), but does provide "same signon".
The big issue that I found was how to determine what version of DIRSYNC that I had installed, and how to determine if a new download was required.
It turns out that this is not so easy. To be honest, as much as I admire Microsoft for how thoroughly they have documented Office365, they are painful in their inconsistency on some things.
Normally I would assume that at the very least that the install of any version would have a version number in "Programs and Features".
I installed what was the current version on June 2, (this was released Jan 30,2013) and this is what is displayed:
Note that the Size and Version are blank. (Cheeses guys).
Anyway, now that I have downloaded and installed the version available today ( or more accurately as of June 21,2013) you will see that it properly displays a version, 1.0.6411.007.
This information is also in the Details of the install file DIRSYNC.EXE.
Here are the details regarding 3 versions of DIRSYNC.EXE that I am aware of.
This is the latest version, release June 21, that includes Password Sync
This is the previous version, release Jan 13, 2013. This version allowed me to configure a scope for synchronization, using miiclient.exe
Tuesday, July 9, 2013
Office 365 Powershell command(s) for DIRSYNC
I had an interesting session with the Office365 technical Support team and learned a few new commands today.
The first this to remember is that there are 3 possible system scenarios for running Powershell command:
At one point, the Support Technician wanted me to run "Get-Mailbox" and also "Start-OnlineCoexistenceSync".
GET-MAILBOX
The Get-Mailbox commandlet sounds easy, but remember that this is for Office365, not the on-premise Exchange.
To run this commandlet, we were able to perform the task on any PC. (It does not need to be in the domain of the Dirsync server.)
Type to following commands:
PS C:\Windows\system32> Set-ExecutionPolicy unrestricted
PS C:\Windows\system32> $cred = Get-Credential
PS C:\Windows\system32> $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionURI https://ps.outlook.com/powershell/ -Credential $cred -Authentication Basic -AllowRedirection
PS C:\Windows\system32> Import-PSSession $session
PS C:\Windows\system32> Get-Mailbox
Start-OnlineCoexistenceSync
The Start-OnlineCoexistanceSync commandlet needs to be run on the server that has DIRSYNC installed. It also must be run in Powershell with Elevated Previledges.
PS C:\Windows\system32>Add-PSsnapin Coexistence-Configuration
(Note: for this step, there is a PSC1 file in C:\Program Files\Microsoft Online Directory Sync, but the above command works.)
PS C:\Windows\system32> Start-OnlineCoexistenceSync
Note that you will not get any feedback from this command, but if you launch
"C:\Program Files\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\Bin\MIICLIENT.EXE", you will see 3 events that occur when a synchronization occurs.
The first this to remember is that there are 3 possible system scenarios for running Powershell command:
- A system with DIRSYNCinstalled
- An On-Premise Exchange management System
- Any other computer with Neither of the able installed.
At one point, the Support Technician wanted me to run "Get-Mailbox" and also "Start-OnlineCoexistenceSync".
GET-MAILBOX
The Get-Mailbox commandlet sounds easy, but remember that this is for Office365, not the on-premise Exchange.
To run this commandlet, we were able to perform the task on any PC. (It does not need to be in the domain of the Dirsync server.)
Type to following commands:
PS C:\Windows\system32> Set-ExecutionPolicy unrestricted
PS C:\Windows\system32> $cred = Get-Credential
PS C:\Windows\system32> $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionURI https://ps.outlook.com/powershell/ -Credential $cred -Authentication Basic -AllowRedirection
PS C:\Windows\system32> Import-PSSession $session
PS C:\Windows\system32> Get-Mailbox
Start-OnlineCoexistenceSync
The Start-OnlineCoexistanceSync commandlet needs to be run on the server that has DIRSYNC installed. It also must be run in Powershell with Elevated Previledges.
PS C:\Windows\system32>Add-PSsnapin Coexistence-Configuration
(Note: for this step, there is a PSC1 file in C:\Program Files\Microsoft Online Directory Sync, but the above command works.)
PS C:\Windows\system32> Start-OnlineCoexistenceSync
Note that you will not get any feedback from this command, but if you launch
"C:\Program Files\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\Bin\MIICLIENT.EXE", you will see 3 events that occur when a synchronization occurs.
Friday, July 5, 2013
Be Careful upgrading Hyper-V Integration Services. Can Break Exchange 2007
Scenario:
We are running a hosting environment of Windows 2012 Hyper-V, with Virtual Servers running Windows 2008 R2. In this environment, we also are running Exchange 2007.
If you examine the status of a VM in the Hyper-V manager, you may notice that the Integration Services is running in a "degraded" state and is not fully functional. Example: it does not show the IP address of the VM.
Note that the version of Integration Services that comes in Windows 2008 R1 is reported as version 6.1. Hyper-V 2012 would have you install version 6.2.
Well, I elected to install the newer version by simply clicking the menu to select to install the new version from the mounted disk.
The Problem:
A reboot was required to complete the Integration Services upgrade.
After the reboot, Exchange would not mount one of the databases.
The error was, in part, in the event log said "Error -546, unable to read the header of log file E01.log".
Also, when a repair is attempted, "JET_errorLogSectorSizeMismatch, -546".
An examination of the database that would not mount showed that it was in a Dirty-Shutdown status.
All attempts to run eseutil to repair or cleanup the problem resulted in the above errors. Error -546.
The Solution:
We theorized that the Integration Services upgrade had caused the problem, but how to confirm this?
Easy: we shut down the VM, mounted the disks temporarily on a VM of the same OS but with the original Integration Services, and low and behold! We were able to easily run the eseutil commands to clean up the database and return it to a "Clean Shutdown" state.
Root Cause:
See this article regarding disk geometry, and you will quickly see that there is an opertunity to create a disk on new OS's, that is not compatible with some older applications, such as dare I say, Exchange 2007.
Now this is not a problem unless you have a database that is in a "Dirty-Shutdown" state and it needs files that were saved using the "old" disk geometry, but reside on the new Geometry.
See http://support.microsoft.com/kb/2510009
It appears that Exchange (at least version 2007 ) is one of the "incompatible applications" mentioned in the above link.
My advice? Do not upgrade the Integration Services unless you have tested EVERYTHING. Don't assume that it will all be ok.
Additional References:
http://blogs.technet.com/b/exchange/archive/2013/04/24/exchange-2010-database-availability-groups-and-disk-sector-sizes.aspx
We are running a hosting environment of Windows 2012 Hyper-V, with Virtual Servers running Windows 2008 R2. In this environment, we also are running Exchange 2007.
If you examine the status of a VM in the Hyper-V manager, you may notice that the Integration Services is running in a "degraded" state and is not fully functional. Example: it does not show the IP address of the VM.
 |
| Hyper-V Manager on a Windows 2012 showing the Networking status of a VM which has the original version of Integration Services in a Windows 2008 R2 Server, out of the box. |
Note that the version of Integration Services that comes in Windows 2008 R1 is reported as version 6.1. Hyper-V 2012 would have you install version 6.2.
Well, I elected to install the newer version by simply clicking the menu to select to install the new version from the mounted disk.
The Problem:
A reboot was required to complete the Integration Services upgrade.
After the reboot, Exchange would not mount one of the databases.
The error was, in part, in the event log said "Error -546, unable to read the header of log file E01.log".
An examination of the database that would not mount showed that it was in a Dirty-Shutdown status.
All attempts to run eseutil to repair or cleanup the problem resulted in the above errors. Error -546.
The Solution:
We theorized that the Integration Services upgrade had caused the problem, but how to confirm this?
Easy: we shut down the VM, mounted the disks temporarily on a VM of the same OS but with the original Integration Services, and low and behold! We were able to easily run the eseutil commands to clean up the database and return it to a "Clean Shutdown" state.
Root Cause:
See this article regarding disk geometry, and you will quickly see that there is an opertunity to create a disk on new OS's, that is not compatible with some older applications, such as dare I say, Exchange 2007.
Now this is not a problem unless you have a database that is in a "Dirty-Shutdown" state and it needs files that were saved using the "old" disk geometry, but reside on the new Geometry.
See http://support.microsoft.com/kb/2510009
It appears that Exchange (at least version 2007 ) is one of the "incompatible applications" mentioned in the above link.
My advice? Do not upgrade the Integration Services unless you have tested EVERYTHING. Don't assume that it will all be ok.
Additional References:
http://blogs.technet.com/b/exchange/archive/2013/04/24/exchange-2010-database-availability-groups-and-disk-sector-sizes.aspx
Wednesday, July 3, 2013
How to remove hidden devices (Network Card)
To display devices when you click Show hidden devices:
- Click Start, point to All Programs, point to Accessories, and then click Command Prompt.
- At a command prompt, type the following command , and then press ENTER: set devmgr_show_nonpresent_devices=1
- Type the following command a command prompt, and then press ENTER: start devmgmt.msc
- Troubleshoot the devices and drivers in Device Manager.
NOTE: Click Show hidden devices on the View menu in Device Managers before you can see devices that are not connected to the computer.
Subscribe to:
Posts (Atom)