Today’s Tip…

Windows 10 has been our best release of Windows ever. We have more customers who have upgraded to Windows 10 and more continue to do so. To make the transition from a down-level OS and troubleshoot issues that are encountered during the upgrade. We published a new TechNet article discussing the upgrade process, and troubleshooting issues arising during the upgrade. If you would like a One-Stop solution for all upgrade issues, you should see this:

Resolve Windows 10 upgrade errors

https://technet.microsoft.com/en-us/itpro/windows/deploy/resolve-windows-10-upgrade-errors

Today’s Tip…

Use Azure AD PowerShell to promote Azure AD guest users to a member. To do this, run the following similar cmdlet…

Set-MsolUser -UserPrincipalName john@contoso.com -UserType Member

This could be useful to assign an administrative role to the user since administrative roles can only be assigned to members of the directory and not to guest users.

Today’s Tip…

This is an extension of a previous tip.

Another way to check if domain is available by copying and pasting the following URL string to a web browser:

https://login.microsoftonline.com/getuserrealm.srf?login=user@contoso.com&xml=1

Note – Replace the “bolded” part with the domain you want to check.

Review the results and really pay attention to the NameSpaceType value.

Scenario: If the domain does not exist in Office 365/Azure AD…

<?xml version=”1.0″?>

<RealmInfo Success=”true”>

<State>4</State>

<UserState>1</UserState>

<Login>user@fakedomain.com</Login>

<NameSpaceType>Unknown</NameSpaceType>

</RealmInfo>

Scenario: Domain is verified and not federated…

<?xml version=”1.0″?>

<RealmInfo Success=”true”>

<State>4</State>

<UserState>1</UserState>

<Login>user@williamfiddes.com</Login>

<NameSpaceType>Managed</NameSpaceType>

<FederationBrandName>WILLIAMFIDDES.COM</FederationBrandName>

</RealmInfo>

Scenario: Domain is verified and federated…

<?xml version=”1.0″?>

<RealmInfo Success=”true”>

<State>1</State>

<UserState>2</UserState>

<Login>user@willfid.msftonlinerepro.com</Login>

<NameSpaceType>Federated</NameSpaceType>

<DomainName>WILLFID.MSFTONLINEREPRO.COM</DomainName><FederationGlobalVersion>-1</FederationGlobalVersion>

<AuthURL>https://sts.willfid.msftonlinerepro.com/adfs/ls/</AuthURL>

<IsFederatedNS>true</IsFederatedNS>

<STSAuthURL>https://sts.willfid.msftonlinerepro.com/adfs/services/trust/2005/usernamemixed</STSAuthURL><FederationTier>0</FederationTier>

<FederationBrandName>WILLFID.MSFTONLINEREPRO.COM</FederationBrandName>

<AllowFedUsersWLIDSignIn>false</AllowFedUsersWLIDSignIn>

<Certificate>MIIC+jCCAeKgAwIBAgIQFnePUJ582Y9I6SQvgH5UgDANBgkqhkiG9w0BAQsFADA5MTcwNQYDVQQDEy5BREZTIFNpZ25pbmcgLSBzdHMud2lsbGZpZC5tc2Z0b25saW5lcmVwcm8uY29tMB4XDTE1MDIyMDIyMzUwNFoXDTE2MDIyMDIyMzUwNFowOTE3MDUGA1UEAxMuQURGUyBTaWduaW5nIC0gc3RzLndpbGxmaWQubXNmdG9ubGluZXJlcHJvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALt5DTbhIMj08G11GvIFW3SzzzFT4TemNQ91xwDt7gQJvCuBoBqM2gKQ05RMgEkFbXk/U8PCYkE1pDmdGoQhY1nfZWBFDk0bWiQn/JonUcyZHqWkoJHk7JpOy22dqy3VMTyQZQu0oApVaxPan5jiaYrHb9RmM3bO1WiGY92e2Bys8O/fn2Q7GVX4KW+3NaRKUjbmxev5FI07RPR55Um8kYI6VSCWQvMiuMw6K8vFT93X/CEkZSr0bBDl3EKXUdx3FCovhtq2z3BK+cqOV4My38WtOERnIhEkY2Wg8D5lyR2VHn28ybQSmL7/7vT122UbMSJu/U3rVgeJfYCmbJSIKE8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAjsaGPkQqambOxuBVKGeoArU/c+jdlN7Vi/aaxcTihz8uBYxwb+7SEn3hTnWwl8rCGcBLXNSeyPdH/1sQWIhKjh9wr3YbpkF8kK+n6P3Vy0ksxZ6mzbdXJtD8qwVz6VgaV1Oy/AXc2+MqVkB5bA3HQ+V1AFIx/InO5iqSKp6Frbk2fegzHjx6dX7io5YDpcEKBHsZcMtpfgObFkDfXqw6RJYMrdkSx+UypIt3lf+sZ+r1u028HdUpTLYDgSVCGYqoGZ/JF9Q+FuYxgbVfVx7o6Oaqg/OdSeMG4SgcylUTJsQF7yNrodQ0MAABh+pR7WOE35muTigYbOevfSJfR/sYUg==</Certificate>

<MEXURL>https://sts.willfid.msftonlinerepro.com/adfs/services/trust/mex</MEXURL>

<SAML_AuthURL/>

<PreferredProtocol>1</PreferredProtocol>

<EDUDomainFlags>0</EDUDomainFlags>

</RealmInfo>

Today’s Tip…

NAP support was introduced to the DHCP Server role with Windows Server 2008 and is supported in Windows client and server operating systems prior to Windows 10 and Windows Server 2016. Though Network Access Protection (NAP) was officially deprecated in Windows Server 2012 R2 the DHCP server role still supported NAP policies. In Windows Server 2016, DHCP servers will not enforce NAP policies, and DHCP scopes cannot be NAP-enabled.

Nap-capable DHCP client computers will still send a statement of health (SoH) with the DHCP request, however:

• If the DHCP server is running Windows Server 2016, these requests will be treated as if no SoH is present and will grant a normal DHCP lease.
• If servers running Windows Server 2016 are RADIUS proxies that forward authentication requests to a Network Policy Server (NPS) that supports NAP, these NAP clients will be evaluated as non NAP-capable.

For more information, see Features Removed or Deprecated in Windows Server 2012 R2

Today’s Tip…

Time synchronization accuracy in Windows Server 2016 has been improved substantially, while maintaining full backwards NTP compatibility with older Windows versions. Under reasonable operating conditions you can maintain a 1 ms accuracy with respect to UTC or better for Windows Server 2016 and Windows 10 Anniversary domain members.

• Improvements
• Measurements
• Best Practices

High Level Overview Video – https://channel9.msdn.com/Blogs/windowsserver/Time-Improvements-in-Windows-Server-2016

Today’s Tip…

There’s a new type of memory dump that filters out a bunch of stuff (where stuff = pages not important in diagnosing most issues), making the dump file much smaller and easier to save and /or copy. It has been described as “more compact than a complete memory dump, while containing ‘active memory’ in kernel and user mode space,” (Ge, 2014). The blog post below has additional information and configuration steps via the registry and PowerShell.

References:

Bhattacharya, B. S. (2015, May 18). Windows Server 2016 Failover Cluster Troubleshooting Enhancements – Active Dump. Retrieved October 18, 2016, from https://blogs.msdn.microsoft.com/clustering/2015/05/18/windows-server-2016-failover-cluster-troubleshooting-enhancements-active-dump/

Ge, C. T. (2014, October 2). Windows 10 – Active Memory Dump. Retrieved October 18, 2016, from https://chentiangemalc.wordpress.com/2014/10/02/windows-10active-memory-dump/

The Contoso in the Microsoft Cloud poster has been updated with a new page for enterprise cloud scenarios that address Contoso’s business problems.

The first enterprise cloud scenario is Contoso’s upgrade to SQL Server 2016 and the use of Stretch Database to offload and store cold transactional data to Azure, which was covered in the CAAB August 2016 webinar.

The Moving historical transaction data to the cloud enterprise scenario describes Contoso’s business and IT needs, the process of adoption, and the resulting infrastructure and benefits.

What do you think?

• Are these enterprise scenarios interesting to see how cloud features and services solve business and IT problems?
• Are there additional enterprise cloud scenarios you would like to see for the Contoso Corporation?

Please let us know by leaving a comment on this blog post or sending a quick email to caab@microsoft.com.

Thanks in advance for your feedback.

The Contoso in the Microsoft Cloud poster is now available as a set of articles on TechNet, which you can access here.

To join the CAAB, become a member of the CAAB space in the Microsoft Tech Community and send a quick email to CAAB@microsoft.com to introduce yourself. Please feel free to include any information about your experience in creating cloud-based solutions with Microsoft products or areas of interest. Join now and add your voice to the cloud adoption discussion that is happening across Microsoft and the industry.

We now have some quick demos (<5 minutes) published on Channel 9 which provide you with good insights of new features of Virtual Machine Manager 2016. They’re definitely worth checking out and you can find complete list below.

• Deploy Network Controller: In this video tutorial you will see how you can use the service template-based mechanism, provided by VMM 2016, for deployment and horizontal scaling of Software Defined Networking components – Network Controller, Gateway, and Software Load Balancer. Network Controller is a new server role in Windows Server 2016 that provides a centralized and programmable point to automate network configuration.
• Setup hyper-converged cluster: In this video, you will see how you can use VMM 2016 to seamlessly deploy hyper-converged Storage Spaces Direct cluster that provide highly available and scalable storage solutions using local disks. You will see how the existing cluster creation wizard is extended to deploy hyper-converged clusters by simply checking a check box.
• Create & set Port ACLs: In this video tutorial, you will see the how Port ACLs help you control the network traffic going in/out of your datacenter and will learn how you can create and set Port ACLs in VMM 2016. Port ACL serves as a collection of access control entries or ACL rules. An ACL can be attached to any number (zero or more) of VMM networking primitives, such as a VM network, VM subnet, virtual network adapter, or the VMM management server itself. An ACL can contain any number (zero or more) of ACL rules. Each compatible VMM networking primitive (VM network, VM subnet, virtual network adapter, or VMM management server) can have either one port ACL attached or none.
• Cluster Rolling Upgrade: Using Cluster Rolling Upgrade functionality in SCVMM 2016, you can now upgrade your Windows Server 2012 R2 clusters to Windows Server 2016 clusters with no downtime to running workloads. Watch this video to learn about the pre-requisites and the see how VMM automates the entire process of upgrading the nodes in the cluster.
• Increase memory of a running VM: With VMM 2016, you can now modify the memory configuration of a running VM that uses static memory. This functionality helps in eliminating downtime to running workloads due to memory reconfiguration. You can increase or decrease the memory allocation, or switch the virtual machine to dynamic memory. Watch this video to see how it can be done in VMM 2016.
• Create & set Storage QoS: With VMM 2016 you can set the quality of service (min or max IOPS, max bandwidth) for virtual machine storage so that applications running on the VMs receive the performance they require. This video tutorial provides a walkthrough of how you can create & set Storage Quality of Service policies in VMM 2016 which help you avoid noisy neighbor problems in your workloads.
• Bare Metal Deployment of Nano Server: With System Center 2016 Virtual Machine Manager you can now provision bare metal machines to Nano Server-based hosts/clusters. The Nano Server-based operating system deployment is very similar to a Full Server deployment. Watch this video tutorial to learn how you can do it in VMM 2016.
• Creating a Shielded VM using System Center 2016 Virtual Machine Manager (VMM): In this video, you will see the new Shielded VM feature. You can see how to create a shielded using System Center 2016 Virtual Machine Manager (VMM) and how data at rest or in transit, cannot be snooped or tampered by malicious fabric admins.

Ashish Mehndi | Senior Program Manager | Microsoft

Today’s Tip…

Time synchronization accuracy in Windows Server 2016 has been improved substantially, while maintaining full backwards NTP compatibility with older Windows versions. Under reasonable operating conditions you can maintain a 1 ms accuracy with respect to UTC or better for Windows Server 2016 and Windows 10 Anniversary domain members.

• Improvements
• Measurements
• Best Practices

High Level Overview Video – https://channel9.msdn.com/Blogs/windowsserver/Time-Improvements-in-Windows-Server-2016

Today’s Tip…

Certificate Based Authentication, released to GA on December 14th, enables Users to be authenticated by Azure Active Directory with a client certificate on an Android or iOS device when connecting their Exchange online account to:

• Office mobile applications such as Microsoft Outlook and Microsoft Word
• Exchange ActiveSync (EAS) clients

Configuring this feature eliminates the need to enter a username and password combination into certain mail and Microsoft Office applications on a mobile device.

We recommending viewing the following:

• #AzureAD Certificate Based Authentication is Generally Available!
• Get started with certificate based authentication on…
  • Android
  • iOS

Hello everyone, I welcome all of you to our TNWiki Article Spotlight of Tuesday.

Logging is one of the most powerful tools in toolbox of a programmer. It gives you data about what your code is doing, it helps you manage complexity and allow you to rapidly develop and debug software.

It’s terribly underutilized tool that can provide tremendous benefits as it provides data about code which helps you gain insights into what your code is doing and how it’s doing with increased visibility into code. 

If I talk about streaming diagnostics logs of an ASP.NET website hosted on Microsoft Azure (PaaS). There are many ways to do it, you may get stream using PowerShell,or maybe you are more convenient with Visual Studio or maybe you can try KUDU. This very article,

Streaming Diagnostics Logs of ASP.NET Web App Hosted on Azure App Service using KUDU, PowerShell and Visual Studio 2015

would help you out discover about streaming live diagnostics of a Web App in many ways. You may choose the way you like and may be some of they might be the ones untapped by you and they could make your development live easy. 

Hope you all liked it, we will e-meet again next week with another interesting blog post.

Wiki Ninja – Saad Mahmood

[Blog | Twitter | LinkedIn | Profile]

I find myself currently writing tools to both support my and other organization projects, as well as looking for ways to refine existing tools and scripts, make my life easier for future migrations, and provide additional resources to the community to help other customers more successfully use our products.

Today’s tool fulfills all of those goals.

While working with a particular customer, I’ve found it necessary to migrate them from one legacy EOP instance in our commercial space to an integrated Office 365 (with EOP) tenant in the GCC space.  There are a number of things that need to be captured to do this, and TN article at https://technet.microsoft.com/en-us/library/dn801047%28v=exchg.150%29.aspx does an excellent job at capturing a lot of those.

However, I ran into a number of issues with the script provided in TN.

I know.  Say it ain’t so.

Some of the problems I ran into included transport rules failing to import due to encryption not being enabled in the target tenant, options requiring Enable-OrganizationCustomization to be run, attributes that can’t be imported (even though you can export them), and certain fields that weren’t escaped properly so possible attribute values would cause an error in the cmdlets.

Additionally, the documented TN script and process required you to save/create multiple scripts for exporting and importing settings, as well as an intermediary script to take the exports and process them into a functional import script.  I have taken the functions and steps of the script, and wrapped it into a single script.  The new, bigger package that includes functions for connecting to source and target tenants (both EOP and Office 365, since they have different endpoints and cmdlets available to them), enabling organization customization (which is required for some rules to work properly), checking your exported transport rules to see if any of them require Office 365 Message Encryption (and attempting to enable AADRM if you have licensing for it), and then some additional nice-to-have features that you would also find yourself needing in a tenant migration, such as adding new domains to the target tenant and creating DNS verification records for the network team.  I also added a function to only import the transport rules (since that seems to be the item that fails most commonly).

A quick break down of the features and how to use them:

.PARAMETER AADRM
Enable Azure AD Rights Management for tenant. Valid parameters:
- GCC - US Government Community Cloud
- NA - North America
- EU - European Union
- AP - Asia / Pacific
- SA - South America

This parameter will tell the tool to attempt to enable Azure AD Rights Management in the target tenant.  Users must have a license that support ADRMS in order to be able to use this feature, but you should be able to configure it regardless.  The valid values for an RMS TPD are mapped to the various allowed values in the AADRM parameter (GCC, NA, EU, AP, and SA).  That will set the RMS Publishing Domain to the correct value.

.PARAMETER EOP
Identifies source environment as EOP (different target endpoint)

You would would a want to use this parameter if you’re migrating from a legacy EOP-only tenant (which would most likely have been a legacy FOPE tenant).  It has a different endpoint (ps.protection.outlook.com vs ps.outlook.com).

.PARAMETER SourceTenantCredential
Standard PSCredential object for connecting to source environment.

You can save a credential (via Get-Credential) and pass it to SourceTenantCredential.

.PARAMETER TargetTenantCredential
Standard PSCredential object for connecting to target environment.

You can save a credential (via Get-Credential) and pass it to TargetTenantCredential.

.PARAMETER Mode
Modes available:
- Export (Exports all settings and domains)
- ExportDomains (Exports only domains from source tenant)
- ImportDomains (Imports only domains from source tenant)
- ConfirmDomains (confirms domains in target tenant)
- Import (Imports all settings except domains)
- ImportTransportRulesOnly (Imports transport rules; useful for re-running if initial import failed)

This is the important stuff.  You’ll always need to specify Mode and then one of the following values:

• Export – This will create an export file for each of the different data types (Connection Filter Policy, Content Filter Policy, Content Filter Rules, Outbound Spam Filter Policy, Malware Filter Policy, Malware Filter Rules, Inbound Connectors, Outbound Connectors, Transport Rules, and Domains).
• Export Domains – This runs an export, but only selects domains from the source tenant.
• Import Domains – This runs an import of the domains only into the target tenant, utilizing the XML file generated from Export Domains.  It will generate a DNS verification file that has the data necessary to be added as DNS TXT records for domain verification.
• ConfirmDomains – You can use this after the ImportDomains process.  It will attempt to confirm all of the domains in the tenant.  Do NOT do this until after the domains have been removed from the previous tenant, or you will end up having to create new DNS verification records.
• Import – This imports all exported settings, except for domains.
• ImportTransportRulesOnly – This setting only imports the transport rules.  This is particularly useful if some of the transport rules failed import due to security or encryption settings in the target tenant and you have resolved the issues.  ImportTransportRulesOnly can be used with the AADRM parameter to attempt to configure AADRM.

You can find the new script with guidance here: https://gallery.technet.microsoft.com/Migrate-EOP-Settings-9d480325.  Be sure to let me know what you think–what’s working, what’s not, and what suggestions you might have.

This blog post brought to you by eighteen year veteran Microsoft Premier Field Engineer David Morgan.

Goal of this Post

In this post, I’ll be showing you one method you can build out an entire environment that you can use to deploy servers, clients, Microsoft and third party applications; i.e. anything that can be deployed on Windows Server Hyper-V on a single desktop class computer you might find on Craigslist or some other technology source. The only expense in this post will be purchasing a computer and not even that as you may already have an old desktop laying around that will work.

The tasks in this post require the user to have a minimum ~200 level knowledge of and experience with Windows Server products. The steps herein to attain the desired results are not exquisite in detail and may require some personal intuition and/or research. Also note that I’ve recommended a File-Share Witness configuration instead of the normal Disk Witness a two node cluster would be best suited for. The reason I’ve done so is this document does not go through the configuration of iSCSI or other methods for supplying storage to the cluster built here. (Sounds like another blog post opportunity.) For the widest clustering experience, you’ll want to learn how to use iSCSI. You can do so by configuring iSCSI Target on your Host machine or Domain Controller.

Once you have a suitable computer, all the Microsoft software you might wish to use is free by using evaluation versions of Windows Server, System Center, SQL, Exchange, etc. Many third party products also provide free evaluation software you can use as well.

First: Hardware

This is what this document will build:

You’ll need to make a decision on what versions of Windows Server Hyper-V you wish to use as a base platform; your Host machine. Windows Server 2012 R2 and Windows Server 2016 have slightly different hardware requirements; the biggest difference is 2012 R2 and below do not require SLAT and Windows Server 2016 does (there are additional requirements for 2016 if you wish to use some of the new advanced features; Nested Hyper-V, Hot Add NICs, Hot Add/Subtract Memory, etc.).

Here are the official requirements page for Servers 2012 R2 and 2016:

• Windows Server 2012 R2 Hyper-V Hardware Requirements:
  
  • https://technet.microsoft.com/en-us/jj647784(v=ws.11).aspx
    
• Windows Server 2016 Hyper-V Hardware Requirements:
  
  • https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/system-requirements-for-hyper-v-on-windows
    

Out of all the requirements above the basic needs for this post are:

• Windows Server 2012 R2 Hyper-V:
  
  • BIOS support for Virtualization
    
• Windows Server 2016 Hyper-V:
  
  • BIOS support for Virtualization
    
  • SLAT (Second-Level Address Translation)
    
• A minimum of 8 GB of system memory
  
• A minimum of three hard disks; one OS & two data
  
• A minimum of one network interface adapter
  
• As always, the more capabilities and capacity you have the better performing your system will be; multiple processors, faster storage and more memory will improve your experience but you can get by just fine with the basics above.
  

Here are the basic steps:

• Configure your hardware
  
• Install the Operating System and Hyper-V role
  
• Configure necessary Hyper-V networks
  
• Create a virtual machine with the Domain Controller role installed
  
• Create two virtual machines to be cluster nodes with Failover Cluster feature installed
  
• Configure your cluster
  
• Configure your desired clustered resources
  
• Go Play ……………….
  

Here are the steps in detail:

• Configure your host machine’s hardware
  
  • Verify or enable virtualization in the BIOS
    
  • If possible, place your disk drives on separate controllers
    
• Download the evaluation version of your desired operating system:
  
  • Windows Server 2012 R2
    
    • https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2012-r2
      
  • Windows Server 2016
    
    • https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016
      
  • Burn this .iso to a DVD or a USB drive
    
• Boot your new server to the DVD or USB image you created above
  
  • Install the Operating System and Hyper-V role
    
  • The host server can remain in a workgroup
    
  • Configure necessary Hyper-V networks
    
    • Press Windows Key : Type Hyper-V Manager
      
      • Click : Virtual Switch Manager in the right Actions pane
        
        • Create a new External virtual switch named Internet
          
        • Create a new Private virtual network switch named Private
          
• Create a virtual machine with the Domain Controller role installed
  
  • In the Hyper-V console action pane:
    
    • Click : New : Virtual Machine
      
    • Name this machine DC1 (store this VM on your C: drive)
      
    • Next : Choose Generation 2
      
    • Next : Leave the memory settings as default
      
    • Next : Connect the Private network
      
    • Next : Accept the defaults for VHD
      
    • Next : Choose install and operating system from a bootable image file and point to the evaluation .iso you downloaded earlier
      
    • Next : Choose finish
      
    • Next : Start and Connect VM DC1
      
    • Next : Configure the IPv4 NIC to:
      
      • IP 192.168.16.1, Subnet 255.255.255.0, GW 192.168.16.1
        
    • Next : Install the Active Directory Domain Services feature
      
    • Next : After the feature install completes:
      
      • Configure your domain controller in a new Forest, I.e Demo.Local
        
      • Follow the prompts; allow DNS installation, etc., restart
        
• Create two virtual machine cluster nodes with Failover Cluster feature installed
  
  • Click : New : Virtual Machine
    
  • Name this machine Node1 (store this VM on a data disk)
    
  • Next : Choose Generation 2
    
  • Next : Set memory to 2048 and uncheck Dynamic Memory
    
  • Next : Connect the Private network
    
  • Next : Accept the defaults for VHD
    
  • Next : Choose install and operating system from a bootable image file and point to the evaluation .iso you downloaded earlier
    
  • Next : Choose finish
    
  • Next : Start and Connect VM Node1
    
  • Next : Configure the IPv4 NIC to:
    
    • IP 192.168.16.11, Subnet 255.255.255.0, GW 192.168.16.1
      
  • Next : Join Node1 to your domain
    
  • Repeat for the second node but:
    
    • Name the second Node2
      
    • Store Node2 on a separate data disk from DC1 & Node1
      
    • Next : Configure the IPv4 NIC to:
      
      • IP 192.168.16.12, Subnet 255.255.255.0, GW 192.168.16.1
        
• Configure your cluster
  
  • Validate your configuration:
    
    • Test-Cluster -Nodes Node1,Node2
      
  • Create the cluster:
    
    • New-Cluster -Name MyCluster -Nodes Node1,Node2 -StaticAddress 192.168.16.10
      

Conclusion:

• You are now ready to proceed with cluster & Hyper-V learning exercises, troubleshoot customer issues, explore, whatever. I’ve used failover clustering here just as an example; once you have the host server and the domain controller you can configure any supportable virtual machine and application resources you desire.
  
• Now; go have fun!

Microsoft PowerApps and Microsoft Flow are two software-as-a-service (SaaS) services from Microsoft that provide opportunities for you to create value added vertical solutions that meet the specific business needs of your customers. They are part of a common application platform for building custom business apps and automated workflows that work on any device.

PowerApps and Microsoft Flow provide a low- or no-code experience to build SaaS apps, forms, and workflows that can be published and shared across an organization. The power of this is that it lets individual users create their own personal or departmental apps, and it also allows organizations to rapidly create more complex custom business applications. For example, an Office 365 user can create a simple application that reads and updates information in a SharePoint list, or enter time off from their mobile device.

February 2 Office 365 Partner Community call: Microsoft PowerApps and Microsoft Flow

Integration with SharePoint

Partners regularly create apps and forms that exchange data from SharePoint lists and other line of business systems to support business processes. Microsoft Flow automates workflow and data exchange between SharePoint and a variety of Microsoft and third-party services. PowerApps and Microsoft Flow share a common connector framework that allows you to integrate dozens of cloud services including OneDrive, Google, Mail Chimp, Twitter, Wunderlist, and more. You can also work with on-premises data from Microsoft SQL Server, SharePoint, and Microsoft Exchange using the On-Premises Data Gateway.

SharePoint integrates natively with Microsoft Flow, enabling you to create and launch flows directly from a SharePoint modern list. And from the modern list experience, you can build efficient mobile forms and apps directly from the list using the command bar. Once you have created and customized your app, it appears as a view of that list. Soon, you’ll be able to integrate PowerApps as the default in-browser experience. Users can run the app on a Windows, iOS, or Android device. We continue to add capabilities and recently announced sort, filter, and search capabilities for large SharePoint lists.

Step-by-step guide to building PowerApps for SharePoint

Watch this video online

When discussing PowerApps, I am often asked about InfoPath and SharePoint Designer. The guidance provided Microsoft Ignite was that PowerApps is the successor to InfoPath for business forms scenarios, but doesn’t seek feature parity with InfoPath. New scenarios should use PowerApps and leverage mobile-first forms that can use device capabilities and connections to multiple data sources in addition to SharePoint. InfoPath 2013 will be supported through 2026 and you can continue to use it for XML documents, ECM, and offline scenarios.

Microsoft Flow is the successor to SharePoint Designer workflows for basic automation, growing to Logic Apps where needed. Use Microsoft Flow to create new workflows and utilize a rich library of connectors.

Partner opportunity

You may be wondering how partners fit in with these services that enable citizen developers to create apps with low-code or no-code solutions. While these services are quite powerful, there are limits to what power users can do. You can support their customers by helping them to extend the capabilities of PowerApps and Microsoft Flow to do more complex operations and integrate across more systems where there are no interfaces available by creating a custom API.

These services are part of a common business application platform that includes the Microsoft Common Data Model. The Microsoft Common Data Model (CDM) is an Azure cloud-resident business database and is the key integration component for Office 365, Microsoft Dynamics 365, and third-party apps. CDM comes with hundreds of standard business entities that span productivity and business processes. This standardization of schema enables you to build innovative applications and to automate business processes across the business process spectrum with confidence that your  solutions can be deployed and used across Microsoft customers. These components, together with Microsoft Azure, provide partners the tools to create the more complex business applications based on the CDM and Azure platform services. The opportunity for you is to help customers build a common data model for their business, and then bring them new applications that drive innovation.

PowerApps and Microsoft Flow are now available for most Office 365 commercial plans.

Resources

• Learn more about Microsoft Flow
• Learn more about Microsoft PowerApps
• See what partners are doing with PowerApps
• Partner training and marketing materials
• Get listed in the Microsoft PowerApps partner directory

Community call about Microsoft PowerApps and Microsoft Flow on Thursday, February 2

Join me on the February 2 community call for an in-depth discussion about PowerApps and Microsoft Flow.

• Sign up for the February 2 community call
• Office 365 and Voice Partners Yammer group

Office 365 and Voice Partner Community

• Community call schedule
• Yammer group
• Blog series
• Training and enablement
• YouTube playlist

Hello All,

I recently ran into an issue where an administrator had left the company, and unfortunately he was the only one to know which server was the dirsync server. Prior to beginning this task of restarting the Dirsync service, we discovered that no one knew which server was running Dirsync. This particular admin had over 72 servers that they were responsible for, so rather than going through each server to look for the program or the sync service, I found another trick to find the server running dirsync.

All you need to do is go in to the Active Directory Users and Computers and find the MSOL account. In the description of the account it will list which server to which the application was ran.

1. Open Active Directory Users and Computers.
2. Search for the account “Msol”.
3. Open the description. The description will tell you where AAD Connect was installed. Scroll to the right, or copy and paste the entire description in a notepad.

Jeff Stoffel

Where do I go to get more information or training on __________ (fill in the blank) is one of the more common questions I hear from partners.  For this reason I always like to highlight upcoming technical training opportunities. 

Below is list of upcoming technical trainings designed to boost transformation to the cloud by helping you win more deals, accelerate deployment, and increase consumption – all available at NO COST!  And all these trainings occur in the next two weeks!

• Technical Deep Dive on Best Practices Moving from File Server to SharePoint Online | Level 200 | January 26
• Enhance your Business with Skype for Business Online Academy | Level 200 | January 26
• Introduction to Skype for Business: Server Core and Voice Improvements | Level 200 | January 31
• Technical Deep Dive for Deploying Skype for Business – Module 4 | Level 300 | January 25
• Ask the Experts Azure PaaS: Document DB and Azure Search | Level 200 | January 24
• Ask the Experts Azure PaaS: Modern WebApps Using ASP.NET Core | Level 200 | January 25
• Ask the Experts: Azure PaaS Building reports in Power BI Desktop | Level 200 | January 30
• Microsoft Azure Ask the Experts: Hybrid Identity | Level 300 | January 25
• Ask the Experts: Azure Calculator in CSP | Level 200 | January 26
• Technical Deep Dive: Hybrid Cloud Storage | Level 300 | January 23
• Technical Deep Dive: Connected Solutions with IoT | Level 300 | January 30 – 31
• Enhance Your Business with Dynamics 365 for Project Service Automation | Level 300 | January 24
• Enhance Your Business with Dynamics 365 for Field Service End-to-End Scenario | Level 200 | January 31
• Introduction To Power BI | Level 200 | January 23
• What’s New in Enterprise Mobility Device Management | Level 200 | January 26
• Technical Deep Dive on Windows Deployment | Level 200 | January 23-24
• Technical Deep Dive on Windows Management | Level 300 | January 25

For an overview of all upcoming FREE partner online technical trainings, please visit the links below:

• Azure: http://aka.ms/PartnerTechnicalServicesAzure
• Office 365: http://aka.ms/PartnerTechnicalServicesO365
• Skype for Business: https://support.microsoft.com/en-us/kb/3061452
• CRM Online: http://aka.ms/PartnerTechnicalServicesCRMOnline
• Win 10/EMS: http://aka.ms/PartnerTechnicalServicesWin10EMS

クラウド サービスを最大限に使いこなしてもらうことで、お客様が抱える問題を解決していきたい。このような想いから、2016 年 6 月から「Coo Kai for Office 365」の展開を進めているのが、株式会社ピーエスシー (PSC) です。また 2016 年 10 月には、国内初となる「Microsoft Advanced Support for Partners (ASfP)」と連携した運用支援サービスもスタート。Microsoft Office 365 活用を強力に支援する体制を整えています。

今回は PSC で「Coo Kai」のビジネス展開を担当する執行役員本部長の福田 勝巳 氏と、「Coo Kai 運用支援サービス」のプロジェクトマネージャーを務める神代 祐紀子 氏に、「Coo Kai for Office 365」の概要や提供開始に至った背景、運用支援サービスで ASfP を活用する意義などについて、お話をお聞きしました。

写真左より、株式会社ピーエスシー 第五事業本部 Cloud Apps事業部 執行役員本部長 福田 勝巳 氏、株式会社ピーエスシー 第五事業本部 Cloud Apps事業部 CS課 プロジェクトマネージャー 神代 祐紀子 氏

会社概要とこれまでの「Coo Kai」への取り組み

――　まず御社の概要についてお教えください。

福田　PSC は 1996 年に設立された IT サービス企業です。創業から一貫して、「商品を売る」のではなく、「人の喜びを提供する」ことに注力してきました。Web インテグレーション構築やコンテンツ マネジメント サービス、モバイル インテグレーション、PC ライフ サイクル マネジメントなど、幅広いサービスを提供しており、端末管理からクラウドまで、ワン ストップで提供できます。

――　2016 年 6 月には「Coo Kai for Office 365」の提供も開始しました。この「Coo Kai (クーカイ)」というのは、どのようなものなのですか。

福田　Coo Kai は、クラウド グループウェアを「もっと便利に使いたい」「クラウド システムの利用に合ったサポートが欲しい」といった多くのユーザーの声から立ち上がった、「アドオン アプリケーション」と「運用支援サービス」から構成されるクラウド特化型のサービスです。当社では 2011 年から Google Apps (2016 年 9 月に「G Suite」へと改称) の導入・運用支援やアドオン アプリケーションの開発を行っていますが、これを体系化したソリューションを 2013 年より提供開始し、これまで累計で、約 80 万のユーザー様にお使いいただいています。

――　なぜこのようなソリューションを提供しようと考えたのですか。

福田　G Suite は米国発のサービスであり、導入や運用で壁にぶつかったときに乗り越えることが難しいうえ、標準機能では日本企業に特化したカスタマイズにも限界があるからです。しかしこれから間違いなく、このようなクラウド サービスがお客様の問題解決に大きな貢献を果たすはずです。そのため、導入や運用をワン ストップで支援すると共に、日本企業でも使いやすい形にする「カスタム テーラー」の役割を担おうと考えたのです。

――　G Suite で既に高い実績があった Coo Kai を、Office 365 にも対応させることにしたのはなぜですか。

福田　クラウド市場の中で、マイクロソフトの存在感が大きくなっているからです。たとえばメール システムは、これまでビジネス ユースで Microsoft Exchange Server が広く使われてきたこともあり、クラウドへの移行の際に Office 365 が選択されるケースが圧倒的に多くなっています。これは日本だけではなく、グローバルでも同様です。最近では G Suite から Office 365 に移行するケースも増えています。またマイクロソフト自身がオープン志向を強めており、囲い込みの枠を取り払って来ていることも、大きな魅力になっています。マイクロソフトは多様な企業との協業を積極的に進めており、Office 365 や Microsoft Azure を他のシステムと連携させるという取り組みも展開しています。当社もこの流れに乗ってソリューションを展開していくことで、より大きなチャンスをつかめるはずだと考えています。

Azure 上で提供される「Coo Kai for Office 365」のアドオン

――　Coo Kai for Office 365 のアドオンは、どこで稼働しているのですか。

福田　Azure 上で稼働させる事を基本方針としています。Office 365 との親和性が高く、メンテナンスの負担も軽減できるからです。Coo Kai のアドオンでは、Web Apps や Azure AD などの PaaS 機能を活用しますが、負荷が増大しても自動拡張可能なので安心です。Stream Analytics や Cognitive Service などのデータ分析機能も、今後活用していきたいと考えています。現在はその前提となるデータ収集基盤を、Azure 上で構築しているところです。

――　Office 365 向けに提供されているアドオンには、どのようなものがありますか。

福田　既に提供しているのは、掲示板、メール誤送信防止ツール、ユーザー/グループ一括管理ツール、カレンダー移行ツールです。これらの中でも掲示板は、G Suite 向けの Coo Kai でも最も多く使われてきたアドオンで、掲示期日や期限の設定、きめ細かい投稿権限管理、組織名での投稿、未読記事の強調表示など、社内コミュニケーションの必要な機能を徹底的に網羅しています。Office 365 のユーザーやセキュリティ グループとも連動しているため、SharePoint Online と併用することで、便利で使いやすい情報共有環境を実現します。また、Lotus Notes などのグループウェアから掲示板や SharePoint Online へのデータ移行支援も行っています。

――　今後はどのようなアドオンを提供する予定ですか。

福田　組織階層型カレンダー、組織階層型アドレス帳、タスク管理ツールの提供を計画しています。またそのほかにも、お客様のご要望に応じてアプリケーション開発を行い、汎用性のあるものはどんどんアドオンとして提供していく予定です。

ASfP と連携した「Coo Kai 運用支援サービス」

――　2016 年 10 月 3 日には、パートナー向けのクラウド サービス専用サポート「Microsoft Advanced Support for Partners (ASfP)」との連携も、日本で初めて行っていますね。

福田　「Coo Kai 運用支援サービス」のバックエンドとして、ASfP を活用しています。クラウド導入やアドオン提供に加え、運用支援の提供もカバーしている点が Coo Kai の大きな特長ですが、その活動を支えるうえで、ASfP は重要な役割を果たしています。

――　まだ国内に採用事例が存在していない中、いち早く ASfP の活用に踏み切った理由は。

福田　2016 年 4 月にプレビュー版に参加させていただき、実際にサービスを使ってみた結果、「これだけ充実した内容なら正式版を早く使いたい」と思ったからです。実際、対応スピードも速く、内容も的確です。

――　実際にどのような形で利用していますか。

神代　1 つは先程福田が申し上げたような、運用支援サービスのバックエンドとして活用しています。当社のヘルプ デスクでは解決できない問題は、まず当社内の技術チームにエスカレーションするのですが、それでも解決できないものは ASfP と技術連携して解決しています。

――　具体的にどのような問題が ASfP で解決できましたか。

神代　これは Office 365 の案件ではないのですが、G Suite を活用しているあるお客様から「新たにマイクロソフトの EMS (Enterprise Mobility + Security) を導入したいのだがうまくいかない」という相談をいただいた時に、マイクロソフト側の担当エンジニアを紹介してもらって解決したことがあります。G Suite を利用しているお客様でも、社内業務では Microsoft Office を使っているケースが多く、このようなご相談はこれからも増えるのではないかと思います。

――　他社サービスが関係する問題も、ASfP に相談できるのですね。

神代　そうです。ASfP ではアカウント担当者が付き、わからないことはなんでもこの担当者に聞くことができます。私自身、以前は G Suite のサポートを担当しており、急に「Office 365 をやれ」と言われて最初はとても不安だったのですが、今では ASfP があるので安心してお客様に対応できるようになりました。技術関連の話だけではなく、ライセンスに関する疑問もすぐに解決できます。

福田　今後のマイクロソフトのロードマップについて、情報収集できるのもメリットの 1 つです。四半期に一度の頻度で、開発段階の製品やサービスの話が聞けるセミナーを受講できます。API 連携やマイクロソフト製品の方向性、変更の可能性など、開発方針を立案するうえで、重要な情報が得られます。

神代　私もこのセミナーを 2016 年 9 月に受講しています。その後のフォローアップも Webinar で行ってくれたので助かりました。

――　他にはどのようなメリットがありますか。

神代　Coo Kai ではクラウド サービスの新機能をお客様に紹介するサービスも行っているのですが、その担当者も ASfP の Webinar で情報を収集しています。このサービスは、クラウド ベンダーからの開示情報だけでは理解が難しい内容について、当社でわかりやすく解説したドキュメントを作成し、お客様に提供するというものです。このような取り組みも、Office 365 をお客様により近づけていくうえで、重要なものだと考えています。今後は新しいメンバーの育成にも、ASfP の Webinar を活用したいと考えています。

ビジネスの現状と今後の展望

――　ASfP と連携した Coo Kai 運用支援サービスのお客様は、いまどのくらいいらっしゃるのですか。

福田　提供開始からまだ 2 か月ですが、既に 1,000 シート規模のお客様にご利用いただいております。このお客様は Office 365 を一部の部門で先行展開している段階ですが、全社展開されれば 1 万シートの規模になるはずです。また 2 社目のお客様とも話が進んでおり、2017 年 2 月には利用を開始される予定です。

――　お客様からの反応は。

福田　Coo Kai 運用支援サービスは、お客様の環境を深く理解したうえでサード パーティ製品もカバーしたサポートを行っており、この点が高く評価されています。これに加えて「バックエンドにマイクロソフトが付いています」という話をすると、安心感がより高まるようです。

――　今後はどのような展開を考えていますか。

福田　Office 365 向けの運用支援サービスとしては、先ほどの 1,000 シートのお客様からのご要望もあり、海外拠点向けの夜間英語対応を始めたのですが、これをさらに拡張して 24 時間 365 日のサポートを実現したいと考えています。また現在はお客様の管理者様向けにサポートを行っていますが、将来はエンド ユーザー様から直接コールを受けられる体制も整えていく計画です。Office 365 は使える機能が多く、Yammer や Office Delve に興味を持たれているお客様も最近では増えています。しかし実際にどのように活用すればいいのかわからないというケースも少なくありません。このようなお客様を積極的に支援し、ぜひ多くの方に Office 365 を使いこなしていただきたいと考えています。

――　本日はありがとうございました。

株式会社ピーエスシー

1996 年設立の IT サービス企業。創業から一貫して、「商品を売る」のではなく、「人の喜びを提供する」ことに注力しています。サービス内容は Web インテグレーション構築やコンテンツ マネジメント サービス、モバイル インテグレーション、PC ライフ サイクル マネジメント、ビジネス プロセス アウトソーシング、キャリア ビジネスなど、多岐にわたっており、端末管理からクラウドまでワン ストップで対応。2016 年 6 月からは、Office 365 の導入、運用支援、アドオン提供を行う「Coo Kai for Office 365」の提供も行っています。

When you first install reporting, you have to supply a management server.  This is used for SDK based connections that SCOM reporting requires.  If you ever retire this management server, reporting will break so this is an additional step to ensure you check whenever you retire a MS.

There are three places you need to update to a new management server:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftSystem Center Operations Manager12ReportingDefaultSDKServiceMachine

HKEY_LOCAL_MACHINESOFTWAREMicrosoftMicrosoft Operations Manager3.0ReportingDefaultSDKServiceMachine

and TWO places in the file:

rsreportserver.config on your SSRS server path similar to:  Program FilesMicrosoft SQL ServerMSRS11.MSSQLSERVERReporting ServicesReportServer

(You could always just uninstall SCOM reporting and reinstall it somewhere else…. but that would be a bit drastic, don’t you think?)

“To Lab, or not to Lab…..that is the question.” – Mr. Best Practice

A customer recently asked if I would assist them with their in-place OS upgrade on their SCCM Primary Site server. The caveat was, they did not have a lab environment and the statement “test in prod” was thrown around frequently. I’m not cavalier enough to attempt such a feat, so I offered up my Azure lab. It was similarly configured to the customer environment so it made a viable/wise option. Here is the configuration of the lab environment:

-Flat Primary – all roles co-located on the server

-OS=Server 2012 R2

-SCCM version= 1610

-SQL version= 2012 sp3 (latest cu)

In-Place Upgrade Walkthrough:

1.Obtain the Server 2016 .iso and license keys from your VLSC site (or MSDN if testing).

2.Mount the .iso and run setup.exe.

3.Choose an option: Download and install updates or Not right now.

4.Enter your product key. (Note: Double check the license key and make sure if matches the version of your server (Standard/Datacenter). If you enter the wrong key, you will not have the option to keep your files and apps and will have to go back and enter the correct key.

5.Select an image: Standard (No GUI) or Standard w/Desktop Experience (GUI) (Note: If you are not familiar with the GUI-less option, use the Desktop Experience version)

6.Accept the License Terms

7.Select a Choose what to keep option: Keep personal files and apps or Nothing (wipe and load). )Since I am testing the in-place upgrade, I am choosing to keep files and apps)

8.Checking for updates again and making sure we are ready to install

9.Confirm your actions. (In a perfect world, we would always perform a wipe and load. That being said, the warning here is that there may be other apps installed on the server that may not be compatible and/or not supported on Server 2016)

10.Setup now performs a check against all of the installed applications. I received a warning regarding System Center Endpoint Protection and had to uninstall it before moving on.

11. Once that was completed, setup moved on and performed a check for disk space.

12.Lastly, review what version you selected and what to keep and install.

13. Once the upgrade was finished a quick sanity check to verify the version.

That was too easy, right? Nothing ever goes as planned. Sure enough, I did find that the SMS Exec service did not auto start nor did SSRS. I started those manually and opened the SCCM Console. I noticed that the Software Update Point was reporting errors. A quick check of WSUS revealed that I had to re-run the initial configuration. I then removed the SUP and re-added it and it began syncing and working correctly. Lastly, the Reporting Point was not working correctly. To remedy that issue, I had to remove the RP and re-add. I finally had a healthy SCCM site running on Server 2016.

Moral of the story, always attempt such an upgrade in a lab environment first. If your organization does not have a lab, (insert shameless plug here) Hyper V and Azure are great options. Maybe 2017 will be the year of the lab.

Happy upgrading!

Evan Mills – MSFT

Disclaimer: This posting is provided “AS IS” with no warranties and confers no rights.

こんにちは。Windows プラットフォーム サポートの伊藤です。
Hyper-V の拡張セッション モードを使用している状況で shutdown コマンドを使用する際などの注意点についてご案内します。

拡張セッション モードは Windows 8.1 及び Windows Server 2012 R2 から Hyper-V に追加された機能で、この機能を使用することでプリンター、クリップボード、仮想マシン への接続に使っているコンピューターの ローカル ドライブなどのローカル リソースを使用できます。
本モードは仮想マシンに接続する際に提供される対話型のセッション エクスペリエンス を強化したものとなっており、 リモート デスクトップ接続と同様にゲスト OS のリモート デスクトップ サービス（RDS）を使用して接続します。

その為、リモート セッションで接続した際に使用不可となっている、オプションの選択画面への移行が Hyper-V の拡張セッション モードを使用した際のセッションでは同様に行うことが出来ません。

拡張セッションでは shutdown コマンドの /o オプションを指定して実行した場合では「パラメーターが間違っています。(87) 」
というエラーとなり、shiftキーを押しながら電源メニューの再起動をクリックした場合では何も実行されない動作となりますのでご注意ください。
　　　
使用している仮想マシン接続が拡張セッション モードを使用しているかどうかは以下の箇所から確認することができ、
拡張セッション モードを使用している場合はチェックが入っている状態となります。

※　補足

リモートセッション：リモート デスクトップなどリモートでサーバー等に接続した際のセッションの事を指します。
コンソールセッション：物理コンソールで接続した際のセッションの事を指します。

Use local resources on Hyper-V virtual machine with VMConnect
https://technet.microsoft.com/windows-server-docs/compute/hyper-v/learn-more/Use-local-resources-on-Hyper-V-virtual-machine-with-VMConnect