Enjoy Sharing

Latest

Setting Up An EMS Lab in ARM (Azure Resource Manager) Step-By-Step – Part 6

Now that we’ve come this far, it is time to setup synchronization with the on-premises Active Directory. Before that, back to the classic portal. We need to first turn on directory sync on the newly created directory.

Go to the directory and click on the Directory Synchronization tab. Then on the Directory Sync, click on ACTIVATED. Click Save.

image

 

At the prompt, click Yes.

image

 

Directory Sync is not activated. Now we can begin installing the AD Connect tool. The easiest way to get the latest version of the Azure AD Connect tool is from the classic portal. Alternatively, you can go here to download it. For more details about all the other previous versions of the tool, go here.

image

 

Once downloaded, double-click on the installer to begin installation. At the Welcome page, select I agree to the license terms and privacy notice. Then click Continue.

image

 

At the Express Settings page, click Customize.

image

 

These settings are really up to you. I have specified a custom installation location and an existing service account. Then click Install.

image

 

In this post I am not going to cover setting up single sign-on with ADFS thus we will just install a single AD Connect server. At the User Sign-In page, select Password Synchronization then click Next.

image

 

Enter an Azure AD Global Admin account user name and password then click Next.

image

 

At the Connect Directories page, enter a user account to connect to your on-premises Active Directory, then click Add Directory.

image

 

The directory is added, click Next.

image

 

At the Azure AD sign-in page, click Next.

image

 

At the Domain/OU Filtering page, keep the defaults if you want to sync all objects in your on-premises AD, then click Next.

image

 

At the Identifying users page, keep the defaults and then click Next.

image

 

At the Filtering page, keep the defaults and then click Next.

image

 

At the Optional Features page, select Password synchronization and Password writeback and then click Next.

image

 

The default is to start the synchronization right after the install is complete. There is a second option to enable staging mode. This is a scenario where you can have a second AD Connect server to be kept in case of disaster which can be used to quickly get another AD Connect server up and running. Click Next.

image

 

Once the configuration is complete, you can click Exit.

image

 

 

 

Enjoy!!!

Setting Up An EMS Lab in ARM (Azure Resource Manager) Step-By-Step – Part 5

Now that we have purchased a domain name, it is time to add that as a custom domain. Back to the Office 365 portal https://portal.office.com > Settings > Domains. Click + Add Domains.

image

 

Enter your newly purchased domain name then click Next.

image

 

Note the TXT value. You’ll need it for the next steps.

image

 

Back to your domain hosting site. https://1and1.com. Once you’re logged in click on Domains on the left side of the page.

image

 

Click on the down-arrow to expand the newly purchased domain name.

image

 

Click Edit DNS Settings.

image

 

Scroll down the page to the TXT and SRV Records section. Click Add Record.

image

 

Enter the TXT value from the Office 365 portal as the value in the TXT record, then click Add.

image

 

The TXT record is created. Click the Save button and then we wait for the record to be replicated across the Internet.

image

 

Back to the Office 365 portal and depending on the time it takes record to be replicated across, you can occasionally click the Verify button to verify the ownership of the domain.

image

 

Select I’ll manage my own DNS records, then click Next.

image

 

Scroll down to the bottom of the page, click to select Skip this step, then click Skip.

image

 

Click Finish.

image

 

 

 

Enjoy!!!

Setting Up An EMS Lab in ARM (Azure Resource Manager) Step-By-Step – Part 4

Now that we’re ready to add a custom domain, let’s go and purchase a domain name. We’re basically using this domain name for a test lab so unless you want to spend a lot of money for a domain name, I’ve found where you can get a domain name for as low as $0.99. Bear in mind I am in no way affiliated or receive any payment from this company. To date I have already bought several domains from 1 and 1. Yes, that’s the name. This step-by-step guide is going to be based on purchasing and configuring a custom domain from 1 and 1.

So, first things first, go to https://www.1and1.com/ on your browser. If you’re a first time customer, register for an account. I won’t go through the steps for that. But if you already have an account, go ahead and login at the top right of the page.

image_thumb[11]

 

I shouldn’t have to tell you how to log in. Tip: If you’ve got an existing domain name with them, you can log in using that as the username too.

image_thumb[13]

 

Once logged in, click on Domains, on the left hand side of the page.

image_thumb[15]

 

This is where you will have to spend some time searching for domain names that are available and picking the one you want. If you want to browse a list of prices for each different domain names, then click Domain Price List. I’ve found the cheapest ones are .space and .xyz which are $0.99 for the first year. Of course if you want to spend a little more for the one you love, go ahead.

image_thumb[19]

 

After some time, I finally decided on my domain name so I’m just going to add that to cart.

SNAGHTML30ce07a_thumb[1]

 

Once you’re ready, go ahead and click Checkout.

SNAGHTML30c5dcd_thumb[1]

 

Click Continue.

image_thumb[23]

 

Confirm your details, then click continue to checkout.

SNAGHTML31560df_thumb[1]

 

Check the box to say that you’ve read the terms and conditions, then click Order now.

SNAGHTML31dd5f8_thumb[1]

 

Congratulations, the domain name is your’s.

SNAGHTML31fe0eb_thumb[1]

 

 

 

Enjoy!!!

Setting Up An EMS Lab in ARM (Azure Resource Manager) Step-By-Step – Part 3

 

Now that we have prepared our Azure IaaS environment, created virtual machines, and setup our domain environment, it is time to create our directory in the cloud, Azure Active Directory. So, first log on to https://manage.windowsazure.com. Yes, we still have to do this part of work in the classic portal. Browse and click on Active Directory on the left pane. There you’ll see all the other directories you may already have existing, or you might have none. Click on the +NEW button on the bottom left of the screen to add a new directory.

SNAGHTML5692a8

 

Here, go to App Services > Visual Studio Team Services > Directory > Custom Create.

image

 

Select Create new directory and then enter all the other necessary details; Name, Domain Name, Country/Region. Remember the Domain Name here must be globally unique. It runs a check to see if that name is still available. If not, you just have to pick another. Then click the CheckMark sign on the bottom right.

image

 

And now, you have your new Azure Active Directory. Let’s click into it and see what we have.

SNAGHTML5805b1

 

Click the Users tab. We want to create a primary administrator user instead of using the Microsoft account as the administrator.

SNAGHTML59729e

 

At the Users tab, click the Add User button at the bottom of the screen.

SNAGHTML5b09aa

 

Select New user in your organization and then enter a user name for this new admin account. I just called it “admin”. Then click the Right-Arrow at the bottom right.

image

 

Populate all the fields; First Name, Last Name, Display Name and Alternate Email Address. For the Role, select Global Admin. Then click the Right-Arrow at the bottom right.

SNAGHTML5e423f

 

This new account will be assigned a temporary password. Click create.

image

 

A temporary password is created. Note this down somewhere, you’ll need to log in for the first time. Click the CheckMark at the bottom right.

image

 

You now have a new Admin account.

SNAGHTML615c12

 

Now let’s try to log in using that account. Browse to https://portal.office.com using the newly created account and the temporary password. Click Sign In. The reason I’m introducing the Office 365 portal is because there will be more work that will be done from this portal e.g EMS.

image

You will be asked to enter the current temporary password and a new password. Click Update password and sign in.

image

 

You’re logged in! To go to the Admin console, click on the Admin tile.

image

 

Now that you’ve got a directory set up, we’ll want to add a custom domain so that your users don’t have to log on using a user name with the onmicrosoft.com name. On the Office 365 portal, under Settings, click Domains.

image

 

This is where you can add a new custom domain for your directory. To do that, you’ll have to first purchase a domain name. That’s the next step to our setup.

image

 

 

 

Enjoy!!!

Setting Up An EMS Lab in ARM (Azure Resource Manager) Step-By-Step – Part 2

Now that we’ve got the fundamentals out of the way it is time to create some virtual machines. At the very least, we need a domain controller, a server for AD Connect and a server for SCCM.

Click on Virtual machines and then click Add.

image

 

Select Windows Server > Windows Server 2012 R2 Datacenter, then click Create.

image

 

Enter the details for the virtual machine as below. Change as required. Because I have multiple lab environments, I like to label my VMs with a prefix of “Labxx-“ where xx can be an incremental number to mark the set of VMs in the same environment.

  • Name: Lab02-DC01
  • Username: <username>
  • Password: <password>
  • Subscription: <subscription>
  • Resource group: <The resource group that was created in Part 1>
  • Location: <Location>

image

 

Choose a size of the virtual machine, then click Select. I would suggest a F1S Standard VM for a domain controller. If you don’t see it, click View All at the top right corner of the blade to display all VM sizes.

image

 

Configure the settings of the virtual machine as below:-

  • Disk type: Standard
  • Storage account: stwklab02
  • Virtual network: VNET-Lab02
  • Subnet: Subnet-01 (10.1.0.0/24)
  • Public IP address: (new) Lab02-DC01
  • Network security group: NSG-Lab02
  • Extensions: None
  • Diagnostics: Enabled
  • Diagnostics storage account: stwklab02
  • Availability set: None

image

 

Click OK.

image

 

Wait a few minutes for the virtual machine to be provisioned. Once the virtual machines has been created, it is time to add a data disk to be used for data. I normally use my data disks for program files and databases. If you want, you can choose to add more than one data disks especially for the SCCM server. The number of data disks you can add to a virtual machine depends on the virtual machine size you picked.

image

 

Repeat creating all virtual machines with the details below:-

Name

Size

Virtual Network

Subnet

Public IP

Network Security Group

Lab02-DC01

F1S

VNET-Lab02

Subnet-01

<New>

NSG-Lab02

Lab02-ADC01

F1S

VNET-Lab02

Subnet-01

<New>

NSG-Lab02

Lab02-CM01

DS2_V2

VNET-Lab02

Subnet-01

<New>

NSG-Lab02

 

Now that my virtual machines are all created, it is time to set up my domain environment. I will not walk through this step-by-step here as this is not what this post is about. What I do want to mention is that all virtual machines in Azure IaaS has a dynamic IP address by default. However, a static IP address is always recommended for a domain controller.

To set static IP address for your domain controller, click on Lab02-DC01 virtual machine which will be your domain controller, then click Network interfaces.

image_thumb1

 

You should only have one network interface on that virtual machine. Click IP addresses, change the Assignment to Static and then click Save. A reboot of the virtual machine may be required. As a best practice, always restart a virtual machine in the ARM console.

image_thumb3

 

Another thing you want to do for a domain controller is to set its DNS to point to its own IP address. Click DNS servers, click Custom DNS then enter the private IP address of the domain controller virtual machine. Click Save.

In fact do this for all the virtual machines in this lab to point to the domain controller IP address for DNS.

image_thumb[3]

In the next part, we will be looking at setting up the integration between the on-premises AD with Azure AD, domain purchase and verification.

 

 

 

Enjoy!!!

Setting Up An EMS Lab in ARM (Azure Resource Manager) Step-By-Step – Part 1

 

I’ve always wanted to do this and the thought of not needing any hardware to run my virtual machines to achieve what I want is such a cool idea. Now is the time I have the chance to do it and here’s the sharing of my experience performing it in the new Azure portal (vs the classic portal) known as the Azure Resource Manager (ARM). Hope you enjoy it.

First we would need a Resource Group. A Resource Group is defined as a container that holds related resources for an application. The resource group could include all of the resources for an application, or only those resources that are logically grouped together. You can decide how you want to allocate resources to resource groups based on what makes the most sense for your organization. Read more about Resource Groups here.

So, go ahead and create a new Resource Group. Click on Resource groups to open up the blade, then click Add.

image

 

Give your Resource Group a name. I like to have a naming conventions for resource groups with a prefix of “RG-“. Choose your subscription you want it to be created in and the location where you want the Resource Group to be created.

image

 

The Resource Group is created. Click on the newly created resource group to open up the blade where you can see information about it.

image

 

Secondly, we need a new Storage Account. An Azure storage account provides a unique namespace to store and access your Azure Storage data objects. All objects in a storage account are billed together as a group. By default, the data in your account is available only to you, the account owner.

Click on Storage Accounts, then click Add.

image

 

Storage Account names must be unique and only supports lowercase characters and numbers, so choose wisely:). I like to use a naming convention with a prefix of “st”. Use the locally-redundant storage (LRS) with Standard performance to save on cost/credits. Make sure you select the Resource Group that you just created in the previous step. Click Create to begin creating the Storage Account. Read more about Azure Storage Accounts here.

  • Name: stxxx
  • Deployment model: Resource manager
  • Account kind: General purpose
  • Performance: Standard
  • Replication: Locally-redundant storage (LRS)
  • Subscription: <choose one>
  • Resource group: <choose>
  • Location: <choose one>

image

 

The Storage Account is created. Click on the newly created Storage Account to view the information about the Storage Account.

image

 

Next we need a new Virtual Network. An Azure virtual network (VNet) is a representation of your own network in the cloud. It is a logical isolation of the Azure cloud dedicated to your subscription. You can fully control the IP address blocks, DNS settings, security policies, and route tables within this network. You can also further segment your VNet into subnets and launch Azure IaaS virtual machines (VMs) and/or Cloud services (PaaS role instances). Additionally, you can connect the virtual network to your on-premises network using one of the connectivity options available in Azure. In essence, you can expand your network to Azure, with complete control on IP address blocks with the benefit of enterprise scale Azure provides. Read more on Virtual Networks here.

Click on Virtual networks, then click Add.

image

 

Enter all the details to create a new Virtual Network then click Create. I like to use the prefix of “VNET-” to indicate a virtual network object. Remember to select the Resource Group that you just created.

image

 

The Virtual Network is created. Click on the newly created Virtual Network to view the information about the Virtual Network.

image

 

Now we need a new Network Security Group. Network security group (NSG) contains a list of Access Control List (ACL) rules that allow or deny network traffic to your VM instances in a Virtual Network. NSGs can be associated with either subnets or individual VM instances within that subnet. When a NSG is associated with a subnet, the ACL rules apply to all the VM instances in that subnet. In addition, traffic to an individual VM can be restricted further by associating a NSG directly to that VM. Read more about Network Security Group here.

Click on Network Security Groups, then click Add.

image

 

Enter all the details to create a new Network Security Group then click Create. I like to use the prefix of “NSG-” to indicate a Network Security Group object. Remember to select the Resource Group that you just created.

image

 

The Network Security Group is now created. Click on the newly created Network Security Group to view the information about the Network Security Group.

image

 

Now that you’ve got a net Network Security Group created, we would need to configure it so that it will allow Remote Desktop to get to and from our virtual machines. Click on the Inbound security rules on the Settings blade then click Add.

image

 

Here’s what you would want to configure in your inbound rule to allow Remote Desktop into this Network Security Group. Feel free to change the name and priority to suit your situation and obviously port 3389 is the RDP port number.

  • Name: AllowRDPInbound
  • Priority: 100
  • Source: Any
  • Protocol: Any
  • Source port range: *
  • Destination: Any
  • Destination port range: 3389
  • Action: Allow

image

 

Now for the outbound rule. Similarly, now click on Outbound security rules and then click Add.

image

 

 

image

 

Now that we’ve got the Network Security Group created and configured to allow at least RDP traffic to go through it, we now need to associate it. A Network Security Group can either be associated to a network interface or to a subnet. In our case to keep it really simple we’re associating it to a subnet.

Click on Subnets and then click Associate.

image

 

Click on Virtual network then choose the Virtual Network we’ve just created for this lab.

image

 

Click Subnet then choose the subnet that is associated to the Virtual Network of your lab. When you’re done, click OK.

image

 

We’ll continue the rest of the lab setup in Part 2 of this posting.

 

 

 

Enjoy!!!

Automatically or Manually Update your Configuration Manager Agent/Client

So here’s an interesting finding. You know how Cumulative Update 1 of ConfigMgr 2012 SP2 or ConfigMgr 2012 R2 SP1 has the ability to push out clients with the latest version including the cumulative update hotfix? Well there is one catch though that most people might have missed, including myself. For a person like me who does so many of this upgrades (either in the lab or at the customer’s environment), you may have realised that the setup page is slightly different depending on which environment you run in but can’t just quite able to put my finger on exactly what the difference is. I’m gonna relief you of trying to remember and tell you that it is exactly what I just mentioned above, the ability to install the latest version of the client during either a client push or an auto-upgrade, and is exactly like the below screen shots.

 

Right after you choose to upgrade the Site database, you click Next and you get this. Here you can choose either you want it to behave just like how it has been behaving (Manually apply) or you want it to go to the latest version Automatically apply

 

Once you come to the progress page you’ll also realise the additional Action of Configuring automatic client update.

image

 

At the end of the installation, you’ll notice an additional sub-folder in the path where you client is, called ClientUpdate.

image

 

And that’s where you’ll find the .msp file that you would normally execute.

image

 

So what triggers this different setup pages I was talking about? It is at the Automatic Client Upgrade tab of the Hierarchy Settings of your site.

Checked = You get the option to choose Automatically apply or Manually apply

Unchecked = You do not get that additional option to choose.

image

 

 

 

Enjoy!!!

Follow

Get every new post delivered to your Inbox.

Join 89 other followers