Blog Categories

Subscribe to RSS feed


Follow Microsoft Technologies on Pinterest

Archive for the ‘Active Directory’ Category

Anglebrackets Conference – Day 2

I have been fortunate to attend this year’s Anglebrackets conference in Las Vegas. (See my coverage of Day 1 here.)

The following are my notes from the Day 2 keynote, The Integration of Technologies with Office 365. The speaker: Rob Leffers, the director of program management for the Office 365 apps team.

– Our vision
– What’s next
– Futures
– Calls to action

– Office
– Visual Studio
– Azure

Connect to Office 365 services
– Users and groups
– Files
– Mail
– Calendar
– Contacts

Build using an open platform
– Azure
– .Net
– Android
– iOS
– Html5
– Xamarin

Robust Office 365 APIs
– designed for openness and flexibility
– Consistent development platform
– Powering a world of devices

Read the rest of this post »

Spaces in Binding String Causes Issues in Sitecore AD Module

Recently working with a client in which we installed the Sitecore Active Directory Module version 1.1 with a Sitecore 7.1 implementation. So after configuring the AD module in the client’s authoring environment, two issues existed. The first was we received a .NET error as follows -> [ArgumentException: Provider name cannot be null or empty.]. We wanted to include additional fields in Sitecore from AD such as telephone number. Once we reverted out profile configuration, we also realized that roles from AD were not being integrated.

Spaces in Binding String Causes Issues in Sitecore AD ModuleSo after a lot of trial and error, and a couple of rounds through Sitecore support, the culprit ended up being a space character. Our specific space character was in the organizational unit similar to OU=Corporate Users. So Sitecore support developed a quick patch to work around the issue. We installed the new assembly and made some configuration changes:

<add name=”ad” type=”LightLDAP.Support.SitecoreADProfileProviderFixed, Sitecore.Support.403508″ connectionStringName=”ad” … …/> – change the profile provider definition

<add name=”ad” type=”LightLDAP.Support.SitecoreADRoleProviderFixed, Sitecore.Support.403508″ connectionStringName=”ad” … …/> – change the role provider definition

If you run into such an issue in your implementation, don’t hesitate to contact Sitecore support to get the patch. Make reference to issue ID 417172.

What’s New in Microsoft Azure Active Directory

Azure Active Directory is a comprehensive identity and access management cloud solution. It combines core directory services, advanced identity governance, security, and application access management. Azure AD also offers developers an identity management platform to deliver access control to their applications, based on centralized policy and rules.

In the last few months there’s been significant changes to the Azure Active Directory (AAD) features and capabilities and this post will give you a taste to some of them.

Subscription Management

Easier now for large teams to share a single subscription due to increased support for up to 200 co-administrators per subscription, a big change from 10.

Administration Roles include Billing, Service, User, & Password Administrator













Read the rest of this post »

Busy Pre-Build week for Microsoft and Azure!

The Microsoft Build Conference is set to kick off next week but the company got off to an early start this week with several different announcements.

Windows Azure now generally available in China
This may not sound like a huge accomplishment worthy of being called out individually but a little known fact is that Windows Azure is the first major public cloud service that China has made available.  This opens Azure up to an enormous user base that cloud competitors Google and Amazon don’t yet have access to.

Windows Azure will soon be re-branded Microsoft Azure
In an effort to strengthen the Azure brand, Microsoft is removing “Windows” from the name.  This is the help emphasize that the Azure platform is completely open and a variety of technologies can utilize it, not just Microsoft and Windows based technology.  The name “Windows Azure” has been a source of confusion since its introduction.  People who are new to cloud computing often did not know if only technologies supported by Windows were designed to work on the Azure platform.  This name change should clear up any lingering confusion.

Office for iPad debuts along with Enterprise Mobility Suite 
On Thursday Microsoft announced a fully functional, touch friendly edition of their Office suite tailored for iPads.  This has been a long time coming as millions of iPad users have had to find other methods of editing documents on their tablets.  The entire Office suite is free to download and use to view documents and presentations.  In order to edit documents an Office 365 subscription is needed, priced at $99 a year.  This subscription also provides you with desktop versions of Office 2013 as well as an Exchange Online account.

The Enterprise Mobile Suite is aimed to bring Single Sign On to all users for a variety of devices across services.  This would allow an Android tablet, iPad or Windows 8 machine using Azure Active Directory to authenticate against Office 365, Dynamics CRM and Windows Intune  as well as a variety of already available third party products.  This allows Microsoft technologies to be at the very core of the Enterprise Cloud while allowing users to “Bring Your Own Device”.

Microsoft is sure to provide more insight into this strategy next week at the Build Conference, in addition to their future road map for Windows!

The fast and easy way to get your on-premise users into Yammer!

Does your company have a freemium Yammer environment that pre-dates your latest Enterprise Agreement?  Do you want to have the same set of users in Yammer as you do in your on-premise Active Directory?  Wonder no longer, dear readers.

We now have some recommended reading for anyone who finds themselves trying to rationalize a pre-existing Yammer environment with their SharePoint 2013 investment– or the rest of their Microsoft infrastructure.

Microsoft has just released a new TechNet posting on syncing up your Yammer users with your on-premise AD.  Check it out!

Using System Center Automation to Manage Office 365

Manage Office 365 with Microsoft System Center Service Manager, Orchestrator, PowerShell or Custom GUI.

Working with office 365 projects one of the things I come across frequently is what are some of the ways to manage Office 365 from an on premise location. Up to now there has been a very limited tool set to do simple task. DirSync is a tool offered by Microsoft to Synchronize the User Principle Names from Local Active Directory to the Office 365 cloud. Federated Services helps create a Single Sign on to the Cloud which helps the administrators to manage passwords locally. Exchange Management console has some management functionality of Office 365 mailboxes but it requires a Hybrid Deployment. Power Shell offers the most flexible on premise management abilities. Then there are some third parties out there that provide simple management tools to do things like Synchronize passwords or Migrate mailboxes. Read the rest of this post »

Using PowerShell in Windows Server 2012 to create a simple lab

I’ve been meaning to sit down and spend some time exploring the new Active Directory cmdlets that come with Windows Server 2012 so I decided to use my lab to create some test objects and populate the mailboxes with some messages.

My lab setup is very simple:

  • 1 – Windows Server 2012 domain controller
  • 1 – Exchange 2013 server (hosted on Windows 2012)
  • 1 – Windows 8 client with Office 2013

My goal was to be able to quickly create some test users and groups in a new OU structure, populate the groups with the accounts, and finally populate the mailboxes with some test messages. Here is the script I created to do that. It should be fairly straightforward to follow. There are obviously many other ways to do this. This is just one such way. I ran the script from the Exchange 2013 Management Shell after installing the Active Directory PowerShell module.

Read the rest of this post »

Why I love PowerShell…and so should you

 This blog post is meant for both the PowerShell newbie and scripter out there looking for a reason why they should start learning aptly named PowerShell or push themselves to learn a new aspect of PowerShell they’ve been meaning to try.

It’s been a few years now since PowerShell first came to be. Remember those Monad days when we first got a glimpse at what Microsoft had up their sleeve? I’ll admit I was one of the skeptical ones, deeply entrenched in VBScript, DOS batch files, AutoIT, VB.Net, etc. I thought to myself, “Great, another programming language. This will never catch on. Microsoft did what to the administrative interface?!” I just didn’t get it at first.

When Exchange 2007 hit the market I knew they were serious. Microsoft cleverly led me (although initially it felt more like ‘forced me’) to learn this new scripting language by including helpful syntax examples whenever I would use the Exchange Management Console to do simple and sometimes complex tasks:

For example, moving a mailbox:

‘ Account1′ | move-mailbox -TargetDatabase ‘E2K7SVR1\First Storage Group\Exchange2007DB2′

Ok. That was simple enough and looking at the code, somewhat easy to follow the logic although at the time I didn’t have any clue what the syntax rules were yet or how to do anything I was used to doing with VBScript. Ah, my cherished VBScript. Not anymore! Fast-forward a few years later. Read the rest of this post »

Office 365 Remote Move “Completed with Warning” – Part 1

I’ve seen a number of different O365 forum entries on this issue, but I wanted to pull together some thoughts on what I’ve done to resolve these errors for my customers.

Normally, a mailbox remote move operation performs a copy of the on-premise mailbox content to the Office 365 mailbox. However, If the mailbox has a condition that falls outside of “acceptable Office 365 content”, such as corrupted items, large items (>25 MB), or a mailbox is too big (>25 GB) then the remote move will inevitably go to a failed state. The on-premises mailbox continues to work, Office 365 users continue to send to the on-premises mailbox, and no one is really worse for the experience – well, if you ignore the time the mailbox was unavailable to the migrating user (assuming not Exchange 2010). Really, the loser in that scenario is the administrator who will have to address the failure conditions and then attempt another move.

Read the rest of this post »

Rejoining a Domain in Less than Two Reboots

I feel a little silly just finding out this little tip recently as I can’t count how many times I’ve had to manually re-join a Windows workstation or member server to a domain in my life. This is a pretty common procedure as various issues can sometimes cause problems with the secure channel communications between workstations and domain controllers in an Active Directory domain. Rejoining the domain reestablishes the trusted partnership and in most cases resolves the issue.

The tried-and-true process has always been to remove the workstation from the domain by temporarily moving it into a workgroup and them moving it back into the domain. This requires two reboots and if you’ve learned the hard way, a new local Administrator account with a known-password just in case ;)

In a recent training class we were using multiple Virtual PC images in the test labs and a few of the guests were having problems logging into the domain. The instructors had a sidebar in the materials that mentioned if this happened to remove/rejoin the domain by using a process that I had never seen, but works in a single reboot!

It’s quite simple: basically just change the Domain name field to use the Active Directory’s other domain naming context. Meaning if the DNS value is currently entered in the setting field, then change it to the NETBIOS value, or vice-versa. This will force Windows to believe it is connecting to a new domain and allow the process to happen in a single reboot.

So, in this example I have a workstation JDSPC02 that is a member of the lab.schertz.local AD domain. The DNS name of ‘lab.schertz.local’ is currently used as shown below in the Computer Name Changes window:


I know that the NETBIOS domain name for the same AD domain is simply ‘LAB’ so I replaced the value to ‘LAB’.


All too easy:


Let it be said that I have no idea if this is a supported or even recommended action, but it’s worked fine each time I’ve tested it.