Connecting to Office365 using PowerShell for Remote Management

You can using PowerShell from an on-premise server to manage an instance of Office365 in Microsoft's cloud. It can be useful to manage more of the complex Exchange, Lync and SharePoint configuration settings that are available.

Firstly open an Administrative PowerShell box, I did this from Windows Server 2012 R2 copy and paste the following command into the PowerShell window.

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.outlook.com/powershell/" -Credential $cred -Authentication Basic -AllowRedirection

This will invoke a credentials window that you must enter the Global Administrator account for the Office365 subscription. It should be in the format username@domain with the corresponding password.

The next command is the following to create a new session;

Import-PSSession $session

Once this command has completed you can use the following two PowerShell commands to create to see what commands are available in the Office365 PowerShell module that has been imported.

Get-Module ModuleName

Get-Command –Module ModuleName

To confirm it is working I did a Get-Mailbox and PowerShell returned a list of all of the Office365 mailboxes active on the subscription. 

Configuring DirSync for Syncrhonization Between Azure Active Directory and Traditional On-Premise Active Directory

The purpose of the Azure Active Directory DirSync tool is to allow your on-premise users the ability to take advantage of Single Sign On (SSO) when using cloud-based applications in Microsoft Azure. Microsoft Azure Active Directory is different from a traditional Active Directory as it is a service offered by Microsoft.

Do not confuse Azure Active Directory with having Domain Controller VM's running in Azure that are configured to replicate between your on-premise domain. Azure AD is a managed cloud service from Microsoft.

The first step is to download and install the Azure Active Directory DirSync tool from the Technet website the following link will take you to the correct place http://technet.microsoft.com/en-us/library/jj151800.aspx, please note that the DirSync tool should be installed on a member server within the on-premise Active Directory and not a Domain Controller.

The installation is straight forward, click Next.

Accept the EULA and click Next.

Choose an installation folder and click Next.

The installation can take up to 10 minutes to complete.

While the DirSync tool is being installed return to the Azure Management Console and click Active Directory and then double click on the Azure Active Directory you want to configure the DirSync.

Click Users and then Add to create a new users within the Azure Active Directory.

Configure this user with a username and use the arrow button to continue.

Populate the user profile fields with the corresponding information, the import part here is that the Role must be set to Global Administrator this is required to configure DirSync.

The wizard will output a temporary password that will need to be reset.

Take note of the tempoary password as you will need it to reset the password before the account will work with DirSync.

Go over to the Azure Active Directory login website and use the e-mail address and temporary password to login. 

You will be prompted to reset the tempoary password, if you miss this step the Global Administrator account you configured will not work with the DirSync tool.

The next step is to ensure that Integration with Local Active Directory is activated on the Azure AD instance you can do this by going to the Properties of the Azure AD and selecting the Director Integration tab. From here select the Active button and ensure you Save the changes.

Accept the prompt about the impact of enabling activation by clicking the arrow.

The next step is to configure the Azure Active Directory DirSync tool, by default this will launch after it completes installation on the member server. 

Click Next.

Now you must specify that Global Administrator account that was created previously, click Next to continue.

You will next be prompted for an Active Directory Enterprise Administrator credential set, this is for the on-premise Active Directory. Click Next.

At this stage I have not enabled the Hybrid Deployment, click Next.

Ensure the Password Sync box is ticked and click Next.

The DirSync tool will configure all the required components.

On completion you will be asked if you want to perform the first directory sync, by default this happens every 3 hours.

To ensure the DirSync tool is working correctly return to the Azure Active Directory screen and click on Users this should then be populated with all the users you currently have in the on-premise domain.

Domain Upgrade to Server 2012 R2: DNS Servers ""The server with this IP address is not authoritiative for the required zone." & “An unknown error occurred while validating the server.” when Configuring Cross Forest Name Resolution

After a recently domain upgrade from Windows Server 2008 to Windows Server 2012 R2 a number of inconsistent DNS issues have started causing issues for users accessing resources in a remote domain. At present there are two domains (which are the forest root domains) in separate forests, there is a two-way trust between these domains. For it to function correctly each domain should host a secondary zone containing a copy of the trusted domains Forward Lookup Zone.

This was worked before the domain upgrade but since then I have been receiving the error "The server with this IP address is not authoritative for the required zone.” this is preventing the zone being replicated to the secondary zone within the trusted domain. 

A similar error is happening on the other domain when I try to configure a zone transfer the error on this side is “An unknown error occurred while validating the server.”

There was nothing obvious in the DNS Server Event Logs on either side so I decided to run the DNS BPA from the Windows Server 2012 Server Manager. It raised a number of alarming errors the first being “Error DNS:Zone_msdcs.domain.com is an Active Directory integrated DNS Zone and must be available. The Active Directory Integrated DNS Zone _msdcs.domain.com was not found.

After some research I came across the following TechNet article http://technet.microsoft.com/en-us/library/ff807395(v=ws.10).aspx although this was no good to be as I could not get a backup copy of the zone. I checked on the DNS server and I could see the _mcdsc zone underneath the domains Forward Lookup Zone.

I then created a new Primary Zone on the Server 2012 R2 side.

As this was the only domain in the forest I configured it to replicate To all DNS servers running on domain controllers in this domain: domain.bom.

I named the zone _msdcs.domain.com.

After a few minuted I reloaded the DNS zone and it was populated with all the required records.

The next stage was to delete the old zone folder, this was under the domains Forward Lookup Zone.

Now when I run the DNS BPA there is only two minor errors raised, both of which can be ignored at this stage.

Now when I try to configure Zone Transfers from both sides the remote servers resolve correctly.

As my new Domain Controllers had to have secondary copy of the remote domains DNS zone I created a new Secondary zone on the new DC.

I named it the same as the remote domain’s FLZ.

It resolved correctly.

Now clients and devices in each domains can resolve resources in each domains using their local DNS server.

"How to recover SA password on Microsoft SQL Server 2008 R2" by Gert Van Gorp

This is not one of my posts, it is something I came across that I used today that was very helpful. 

http://v-consult.be/2011/05/26/recover-sa-password-microsoft-sql-server-2008-r2/#comment-20767

I created a new SQL Server 2008 R2 instance to support a new EPOS system for a customer, the EPOS system required a number of SQL modification before it could be installed. I needed to have "sq" admin rights on the SQL Server before it would work, this post gives a great step-by-step guide on how to reset the "sa" password on SQL Server 2008 R2.

Hyper-V 2012 R2 "Hyper-V cannot be installed: A hypervisor is already running." when you try to install the Hyper-V role on a Virtual Machine

Recently I was setting up an environment of two Hyper-V 2012 R2 servers, my plan was to manage these instances of core Hyper-V from a full Windows Server running 2012 R2 to benefit from the GUI Hyper-V Manager. I decided to use my Domain Controller so the first step was to install the Hyper-V server role, when I did this I received the following error "Hyper-V cannot be installed: A hypervisor is already running." this was of course because my Domain Controller is actually a Virtual Machine.

The work around for me in this case was to use PowerShell to install only the Hyper-V Management Tools to allow for remote management. I used the following PowerShell command to find the exact name of the feature I had to install;

Get-WindowsFeature *rsat*

To install the management tools use the following command;

Install-WindowsFeature RSAT-Hyper-V-Tools

After a reboot you should be able to launch the Hyper-V Manager, you can then use the Connect to Server.... button to establish connections to the Hyper-V servers.

If you actually want to run Hyper-V 2012 R2 as a nested hypervisor capable of running nested Virtual Machines, please consult the following blog post http://blog.ryanbetts.co.uk/2014/06/using-vmware-workstation-10-to-run.html you basically have to add hypervisor.cpuid.v0 = "FALSE" and mce.enable = "True" to the Hyper-V VM's VMX file (if you are using VMware Workstation).