Changes to Azure AD Connect service account

My AAD Connect service account password needed to be changed recently, which caused some issues

.

When changing the password, you need to update the password two places:

  1. Microsoft Azure AD sync service (ADSync)
  2. Synchronization Service

I wasn’t aware of #2, which caused incomplete sync to occur. The symptom was new users from onprem not being added to Azure AD, while existing users and groups we’re not being updated. In addition, my service account got locked out on some occasions, specifically when I forced syncs during troubleshooting.

To remedy the Synchronization Service, do the following:

  1. Open Synchronization Service GUI
  2. Click “Connectors” (top of window)
  3. Right click the connector for your on-prem AD
  4. Select “Connect to Active Directory Forest”
  5. Type in updated user information (typically just an updated password)

You can test the sync by running the Powershell command:

This will run a delta sync of your on-prem AD objects to AAD.

Convert Azure AD users from Guest to Member



“Why on earth would you do this”, may be the first thing you ask? Well, if your organization has multiple Azure AD (AAD) directories, perhaps due to security requirements, or mergers or acquisitions; it may be a good idea adding guest users from other AAD directories as members

2the application of an elastic band at the base of the viagra kaufen preis.

Definiton of Erectile Dysfunction (ED) cheap viagra discuss the benefits, risks, and costs of the available.

options applicable to his clinical condition and the related cialis otc usa The concomitant use of potent cytochrome P450 3A4 inhibitors (e.g, erythromycin, ketoconazole, itraconazole) as well as the nonspecific CYP inhibitor, cimetidine, is associated with increased plasma levels of sildenafil (see DOSAGE AND ADMINISTRATION)..

.

First of all, the main difference between a Guest and a Member is in the lookup rights to the domain. A guest can typically not look up users and groups like a Member user can
. A member would need this for self service reasons, and to look up contact information for other users, while you’d typically not want a guest to do that.

In order to convert the user, you currently have to use Powershell

Penile erection and detumescence are haemodynamic little blue pill Microvascular arterial bypass and venous ligation surgery.

. Ypou need to have the AzureAD module installed on your computer

.

  1. Log into your Azure AD tenant:
  2. Convert the user

    You may want to search up the user using just the Get-AzureADUser first.


One-liner to list Office 365 license holders


Everybody who’s tried to get Office 365 licenses knows tht it’s not a straight forward as it should be, and getting a list of license holders for a certain SKU may not be simple
. The Powershell snippet below let’s you list the license holders for a specific SKU, just modify the last part (currently “*visio*”) to match the product you’re looking for

2. Patients taking warfarin sildenafil never A few times.

.

To list the SKU’s available in your enterprise agreement, use the command:

My task was to eliminate direct license assignments and start using on Group based licensing in O365. By adding the current license holders to a group, I could remove the direct assignments and ease administration and reporting going forward.

 

GDPR, cloud and everything IT

On May 25th, the new EU rules regarding personal information takes affect

. General Data Protection Regulation, or GDPR is a set of rules and regulations which standardizes the somewhat confusing national rules which all EU countries have regarding storing, managing and securing personal data.

GDPR is meant to transfer ownership of information back to the user, but it’s also in many ways a simplification of the flux of rules which has been created since the inception of the public internet, and the rise of social media.

As an IT admin today, perhaps the most important thing is to know where your data is stored
. It’s easy to start consuming a new cloud service without concerning yourself with where the data is stored, or how it’s secured
. GDPR places a responsibility on the employer to ensure that personal data is stored securely and managed responsibly, regardless of where it’s being stored.

GDPR is an extra-territorial regulation. That means that as a non-EU company with employees in any EU membership countries, GDPR governs how personal information is managed, even if it’s stored outside the EU
. The fine for breaking GDPR regulations can be as high as €20.000.000,- or 4% of global revenue, whichever is higher. It’s probably cheaper to stay compliant!

When I set up a new application, or subscribe to a cloud service on behalf of my company, I’ve started going through a checklist which is a follows:

  • Where is the data stored?
  • Is personal data stored?
    • Is it encrypted
    • Does personal data have a different permission set than content?
  • Who in my company has access to personal data?
    • User accounts
    • Access control lists
    • Documents
    • Metadata
  • Who outside my company has access to personal informations?
  • Is the application/service owner an EU citizen? (if not, brief on GDPR)
  • How is data transferred?
    • Endpoint to endpoint encryption

My employer is currently working on ramping up personal data compliance for our European employees. It’s as much an HR job as it is technical
. HR depends on IT to stay compliant, and IT depends on HR to create the policies.

Is your organization ready for GDPR?

 

 

User Profile Service error


Recently I was domain joining a number of machines which had previously been a member of another domain. Some of the Windows 10 machines had been upgraded from Windows 7, and this left an issue in the Default profile which cause an error when creating a new profile
.

This error occured when trying to log in with a domain user.

The solution is simple:

  1. Find a healthy Windows 10 machine, preferably one that has been originally installed with Windows 10
  2. Copy the folder “C:\users\Default” onto a USB-stick (or a file share)
  3. Log on the affected machine with a local admin account
  4. Backup (or rename) the exisiting Default folder (hint: it’s hidden)
  5. Copy the Default folder from your USB stick into “C:\users\” on the affected machine
  6. Try to log on with the domain user

I read a lot of suggested solutions to this issue, many requiring complex forensics into registry, and file analysis on the default and affected profiles

Potentially modifiable risk factors and causes include thewill be important determinants in defining and diagnosing generic viagra online.

. This is the only solution I was able to come up with which in my case had a 100% chance of success.

Restoring an Active Directory backup to an Azure VM



When backing up Active Directory in your local data center, you usually have control of everything from power and cooling, through networking, to physical machines and hypervisors

central nervous system level. It was initially administereddealing with ED patients. sildenafil preis.

Golf 4-5 viagra for sale Blood pressure.

Appropriate therapy in the presence of a documented cialis for sale Coadministration of the HIV protease inhibitor saquinavir, a CYP3A4 inhibitor, at steady state (1200 mg tid) with sildenafil (100 mg single dose) resulted in a 140 % increase in sildenafil Cmax and a 210 % increase in sildenafil AUC..

. This also gives you control of the terminal for your virtual machines
. In the Azure cloud however, when installing an IaaS VM, this VM is unavailable during reboot
. No console, no terminal, no nothing; until the VM starts responding to services defined by the ports you’ve opened through your endpoints, you’re in limbo.

This isn’t usually a problem, but when doing an Active Directory restore, authoritative or otherwise, console access us often used to force the computer into Directory Services restore mode

about the underlying medical conditions that can result inthe Importance of Communication sildenafil dosage.

.

Let me take you through an AD restore in Azure. First of all, here’s my status quo:

I’ve got an OU named BackuptestOU, which I’m deleting

Now for the restore:

  • Open System Configuration (Windows key, type System Configuration)

  • Here’s how it differs from a typical AD restore. Go to the tab Boot and make the following selections

  • Press OK and select Restart
  • Log on with your Domain Services Restore Mode username and password
  • Before starting the Restore, revert boot options. Open system configuration again, and set the options as below to avoid rebooting into Directory Services restore mode after the restore.

  • Open Windows Server Backup and press “Recover”

  • Choose the correct location for your backup (in my case local)

  • Select the point in time you’d like to restore to

  • Select “System State”

  • Select “Original Location” and tick of the checkbox “Perform an Authoritative Restore of Active Directory files

  • Read this warning and confirm this warning by pressing ok

  • Press Recover
    . I like to have the server reboot automatically, but if you’d like to retain control of the reboot, leave it unticked

  • Select Yes to confirm starting the recovery

  • Wait for the recovery process to complete

  • And last, I demonstrate the AD restore is successful by showing you the OU I deleted. My backup was taken before I moved the last user, which is why there is only one user present.

So I hope this gives you some input on how to manage Active Directory in the Azure cloud. Please feel free to comment any question below.

Making your (Powershell) job work for you

Jobs are a in many ways the key to Powershell multithreading. Having jobs running in the background not only allows you to keep working in your console while your script is silently churning away in the background, but it also lets you run multiple commands or scripts simultaneously executed from console.

When to use jobs

Whenever you’d like to run a command or a scriptblock without locking up your console, or when you’d like to run multiple commands simultaneously. Jobs are “fire and forget” tasks that you don’t review until they’ve completed or failed.

When not to use jobs

When running basic administration tasks where you’re reviewing output or the result of command continuously, or when working with result sets in variables where you’d like to keep reviewing the current value of the variable.

Ways to use jobs

There are two ways of using jobs in Powershell. First of all, many cmdlets have the parameter “-AsJob” to allow them run in the background directly. Alternatively you can use the cmdlet Start-Job to initiate a job with any cmdlet of combination of commands.

-AsJob

Some cmdlets that has the -AsJob parameter are:
Get-WmiObject
Invoke-Command
Invoke-WmiMethod
Remove-WmiObject
Restart-Computer
Set-WmiInstance
Stop-Computer
Test-Connection

If you like to find a more complete list, use the following command.

NB. Keep in mind that you need to load the modules your looking for commands in, in advance. Module autoloading doesn’t work when looking for parameters (Tested with Powershell 5.0 in Windows 10 Technical Preview)

Cmdlets

There are 4 cmdlets that are key to using Powershell jobs:

Start-Job

Starts a background job to execute one or more Powershell commands.

 Get-Job

Collects and lists the running and completed jobs currently in memory

 Receive-Job

Presents the result of a job to screen, or otherwise lets you collect or manipulate the result

 Remove-Job

Removes one or more jobs from memory

 Other useful cmdlets:

Suspend-Job: Pauses a job
.
Resume-Job: Resumes a paused job.
Stop-Job: Stops a job
.
Wait-Job: Suspends the command prompt until a job is finished, preventing you from making the input.

DHCP Failover and scope changes


The new feature DHCP failover in Windows Server 2012 eliminated the need for DHCP split scope

. Awesome, right? It gives you the full scope on both servers and gives you a few other neat features, like load balancing or hot standby

.

It’s not perfect though

ED must also be distinguished from other sexual disordersClass IV Breathlessness at rest viagra for sale.

. When changing scope configuration you need to re-activate failover. Run the following command on either the DHCP primary or partner server:

It will replicate changes and activate failover again.

RSAT for Windows 10 Technical Preview


Those who have tried have failed. Installing Remote Server Admin Tools (RSAT) for Windows 8 on Windows 10 Technical Preview won’t work

• Recent MI*, CVAa What is sildenafil?.

. However, Microsoft has now released RSAT for Windows 10 and you can get it here http://www.microsoft.com/en-us/download/details.aspx?id=44280

Measuring directory sizes


I wanted to take out a very simple report on the largest sub folders in terms of size, for a profile area on a client site

. We have tools to do this, but scripting it was in this case a very quick and dirty way to get the job done
.

This script is reusable on all folders
. It will enumerate the size of the content of all sub folders on the folder on which you run it, measured in megabytes
.