There are independent experts awarded by Microsoft annually and they can be a great asset to you when you need elite support.

Who are MVPs?

As noted in partial extracts from a reference letter by Steven Guggenheimer Corporate Vice President Developer Experience & Evangelism:
The Microsoft MVP Award is an annual award that recognizes exceptional technology community leaders worldwide who actively share their high quality, real world expertise with users and Microsoft…With fewer than 4,000 awardees worldwide, Microsoft MVPs represent a highly select group of experts. MVPs share a deep commitment to community and a willingness to help others. They represent the diversity of today’s technical communities. MVPs are present in over 90 countries, spanning more than 30 languages, and over 70 Microsoft technologies. MVPs share a passion for technology, a willingness to help others, and a commitment to community. These are the qualities that make MVPs exceptional community leaders. MVPs’ efforts enhance people’s lives and contribute to our industry’s success in many ways. By sharing their knowledge and experiences, and providing objective feedback, they help people solve problems and discover new capabilities every day. MVPs are technology’s best and brightest…an exceptional group of individuals from around the world who have demonstrated a willingness to reach out, share their technical expertise with others and help individuals maximize their use of technology.

How do you find them?

There is a dedicated web site for MVPs at https://mvp.microsoft.com/en-US/default.aspx and the blog. Here are a few sample blogs spotlighting their top expertise:

SQL Server 2014 DML Triggers: Tips & Tricks from the Field

Share and Collaborate with Your Team Using Office 365

Dynamics CRM 2015 Calculated Fields

Want help from an MVP?

This IDG-IT World article delves in details about MVPs and how to contact them:

http://www.itworldcanada.com/blog/looking-for-help-mvps-are-the-answer/84354

Here are a sample of news updates from IFIP:

- Message from the President, Leon Strous

- 2014 World CIO Forum November 2014 held in Xi’an China

- 23rd World Computer Congress Oct 4-7, 2015 Daejeon South Korea

- News from IFIP’s Italian member AICA

- IP3 News

- CIPS BC Victoria luncheon with BC Minister of Technology, Innovation & Citizen’s services

- Link to the IFIP NEWS

http://www.ifip.org/images/stories/ifip/public/Newsletter/2013to2014/news_dec_2014.pdf

I spoke at the IFIP General Assembly in Vienna and was vice-chair international steering committee for the World CIO Forum (WCF). At the WCF, I chaired and spoke at the opening plenary dialogue panel session with CEO and CIOs and was invited to award the top 100 CIOs. I have several interviews from the IFIP World CIO Forum which will appear in IT Manager. The insights shared will be of value to you. The one area requiring your attention is the rapid progress made in Big Data, deep learning, machine learning and using these tools in the enterprise. Microsoft Azure has significantly enhanced their offerings and I would encourage having a trial. I noted trends to watch in these articles:

http://blogs.technet.com/b/cdnitmanagers/archive/2014/12/12/what-are-the-technology-trends-at-the-international-ces.aspx

http://blogs.technet.com/b/cdnitmanagers/archive/2014/10/20/microsoft-azure-with-real-time-analytics-for-hadoop-and-machine-learning.aspx

The ACM, the largest non-profit in computing, has much to offer to support you and your organization. I will continue to share ACM news, videos, webinars and resources with you. I use all of them and find them indispensible in ALL of my work. A key part of the resources available can be found in the ACM Learning Center:

http://learning.acm.org/

A notable upcoming conference is Applicative 2015 February 25-27. Applicative is ACM's conference designed for software developers interested in the latest in emerging technologies and techniques. The conference consists of two tracks, one looking at system-level programming and the other at application development.

I am a member of their practitioner board and chairman practitioner board professional development committee (PDC).

Background: This ACM link contains board members and committee members:

http://www.acm.org/about/annual-reports-current-fy/Practitioners-FY14.doc .

The PDC oversees ACM Learning Center products and services such as courses, webinars, podcasts, videos, books, tutorials, techpacks, . etc. The practitioner board and committees consists of notable authorities in computing who have made significant contributions which are discoverable through internet searches. The ACM reach is 3.4 million, with 1.5 million users of the digital library and is the largest organization in computing science (500 events and conferences, 78 newsletters/publications, 36 special interest groups such as SIGGRAPH, the top awards in computing science such as the ACM Turing Award which is now 1 million in prize money and considered the Nobel Prize of computing. Interviews with past winners have appeared here in IT Manager.

The Applicative 2015 conference consists of two tracks, one looking at system-level programming and the other at application development.

Application Development

The application development track has speakers from leading technology companies talking about how they are applying new technologies to the products they deliver. The track covers topics such as reactive programming, singe page application frameworks, UI based on functional programming, and other tools and approaches that will help you build more robust applications and do it more quickly.

Systems

The systems track will explore topics that enable systems-level practitioners to build better software for the modern world. The speakers are involved in the design, implementation and support of novel technologies and low-level software supporting some of today's most demanding workloads. Topics range from memory allocation, to multicore synchronization, to time, to distributed systems and more.

Schedule and Speakers

Early registration deadline January 28

Summary: Use Windows PowerShell to get information about the DVD drive attached to a virtual machine.

 How can I use Windows PowerShell to find information about a DVD drive that is attached to
            a running virtual machine?

 Use the Get-VMDVDDrive cmdlet, for example:

Get-VMDvdDrive –VMName VM1

At times, I have had customers contact me with concerns that their Configuration Manager 2012 environment is very slow or in some cases that the database is running out of space.  When assessing the source of this, I have found that these customers are using the Inventory system in Configuration Manager to collect significant amounts of hardware and/or software inventory which end up heavily taxing their system.

When I point this out to them, they often don’t have any business reason for collecting all of this data and we are able to discuss business requirements and only gathering the data that the business needs.  Others have good business reasons for collecting this information and we are able to talk about the frequency with which this data is collected and how to properly scale their environment to accommodate their needed inventory.

In this blog, I am going to talk briefly about how to configure both hardware and software inventory, how to set the frequency of inventory collection, and then show a technique for assessing how much data is being submitted as a result of the chosen configuration.  The goal is to help administrators only collect the inventory they truly need, only submit it at a frequency that is acceptable to their business requirements, and be able to predict how much data this will end up sending once these requirements are implemented.

Configuring Hardware Inventory

Hardware Inventory uses a process of querying WMI on each managed client to gather data on those devices.  Depending on which classes are enabled, ConfigMgr can collect significant amounts of data on each managed client.  Hardware Inventory is collected by default with the specific information to be collected determined by the Default Client Settings that are applied to all managed devices.

To get to the Default Client Settings, navigate to the Administration context within the ConfigMgr admin console and select Client Settings.  In the middle of the console, select Default Client Settings and choose Properties.  The Hardware Inventory item shows the various default settings for each managed device in the site as shown below:

By selecting the ‘Set Classes’ button shown above, it is possible to see the default hardware classes that are collected for every managed client.  In the resulting window (shown below) it is also possible to configure which hardware classes should be collected in the environment.

By looking at the default settings, we can easily see that ConfigMgr will collect hardware inventory every 7 days.  Because these are the Default Client Settings, these will be applied to all managed clients unless a change is made.

To change the Hardware Inventory settings, there are two options:

1. Modify Default Client Settings - If a change is needed universally for all managed clients, modifications can be made directly in the Default Client Settings itself.  However, if this is done it is always a good idea to take note of what the original setting was in case it needs to be put back in place in the future.
2. Create Custom Client settings – if only certain groups of clients within the environment require different settings from the defaults, it is possible to create custom client settings and deploy these to a collection containing the specified managed clients.

If a client is part of a collection that receives custom settings, it will still apply the Default Client Settings.  But then it will apply any custom client settings targeted to it in the order of priority.  Default Client Settings has the lowest priority at 10,000 so any custom settings should be set to a higher priority to allow them to process last.  In this way, any custom settings that are different from the default settings will overwrite the value of the default settings when they are applied.

To create custom settings, simply right-click the Client Settings icon in the admin console and choose the category of client settings desired (either user or device).  Then select the categories of settings you with to configure in the custom settings.  Once you set the values for each of these categories, you can deploy the custom settings to a collection of your choice and they will apply to any client in that collection.

Hardware Inventory and WMI

The information gathered by the hardware inventory process is pulled from WMI on each managed client.  The decision about what specific information will be populated to WMI on a client is determined by the list of classes configured via Client Settings as shown above.

To see the hardware inventory held in WMI on a client, first download WMI Explorer 2.0.  As of this writing, this is the newest version of the very popular WMI Explorer tool that makes interacting with WMI simple.  Once this tool is downloaded, open it and connect to the computer of choice by typing in the computer name in the upper left-hand corner and selecting ‘Connect’ (NOTE: it may be necessary to run WMI Explorer as an administrator in order to see every namespace of interest).

After connecting, navigate to the ROOT\ccm\Policy\Machine\ActualConfig namespace.  In the Classes window, select InventoryDataItem to see the specific information that hardware inventory gathers on a client machine.

Each type of information gathered is listed within an instance of the InventoryDataItem class as shown below:

By selecting an instance and looking at the Properties page, several bits of information is available.  For example, in the screenshot above, we can see that the Win32_PhysicalMemory class is being collected and that its information can be located in the \ROOT\cimv2 namespace.  The ‘Properties’ property indicates which properties of Win32_PhysicalMemory should be returned as part of hardware inventory.

When ConfigMgr runs, it uses the information in the InventoryDataItem class to learn what specific classes of hardware it should collect (ItemClass property of the instance).  It then checks the ‘Namespace’ property of the instance to learn where the actual data is stored (for Win32_PhysicalMemory we see it’s stored in \ROOT\cimv2).  Then it checks to see which specific properties it should be interested in by checking Properties.  With this information, inventory collection can proceed.

Interestingly, while it might not be immediately obvious, the programs listed in Control Panel under Programs and Features are included as part of hardware inventory and not software inventory.  This is because the registry key (HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall) referencing these programs is considered part of hardware and is collected by default.

Hardware Inventory and MOF Files

Managed Object Format (MOF) is the language leveraged by WMI to describe its classes (known as Common Information Model, or CIM, classes).  MOF files are used by WMI to implement new classes.  It’s important to understand at the outset that WMI classes are not part of ConfigMgr.  It’s just that ConfigMgr uses these classes (and also adds new classes) in order to gather inventory.

In ConfigMgr 2007, there were two .mof files that administrators had to keep track of.  These were:

• sms_def.mof – this file included the classes that were already present in WMI separate from ConfigMgr.  The purpose of the file was to set which of these classes would be included in the hardware inventory process.
• configuration.mof – for custom classes (those not already in WMI on the client machine), it was necessary to have them added.  Configuration.mof was a file that directed each client to update its WMI repository with additional custom classes that would then become available for hardware inventory.

In ConfigMgr 2012, sms_def.mof has gone away and is now replaced by the Classes list accessible through Client Settings (as seen above).  Whereas in 2007, it would be necessary to open sms_def.mof and set the desired classes to a value of TRUE, it is now only necessary to open Client Settings, navigate to Hardware Inventory, select the Set Classes button, and select the checkboxes beside the classes that are of interest (specifying also which properties of each class should be returned as part of hardware inventory).

Unlike sms_def.mof, configuration.mof is still around in 2012.  As before, this file is managed by the ConfigMgr server at the top of the hierarchy (either a stand-alone Primary or a CAS) and is distributed as part of the policy request to every device participating in the hierarchy.  To locate this file on the CAS in my lab, I navigated in the file structure as shown below:

In part, this is what configuration.mof looks like when edited with Notepad:

Notice that the file specifically states its purpose, which is to define custom classes for inventory reporting.  In the snippet above, we can see the first of these classes listed.  We can see the namespace where this class should be stored in WMI, where the content is on the client itself (in this, example, the registry key which we described in the previous section), and the properties that hardware inventory should care about for each of the items found within this registry key.

If the goal is to begin collecting inventory information that is already present in the WMI repository of the clients in the hierarchy, the process is to use ‘Set Classes’ in the Client Settings.  If the need is to create a custom class altogether, the configuration.mof file should be used.

Configuration.mof contains many custom classes that are added by default, but if there becomes a need to include additional custom classes, these can be added into configuration.mof by inserting the new information in the section below:

Discussing everything about creating customer .mof files is beyond scope for this present article, but if you want to see an excellent site where many customer .mof files can be found and there is a great deal of information about creating and using custom .mof files, check out Sherry Kissinger’s blog found here.

Configuring Software Inventory

Turning to Software Inventory, we can immediately see there are several differences.  First, software inventory is not collected by default.  If we want to use it, we have to configure and enable it.  Second, software inventory does not use WMI to gather its information.  Instead, it performs a scan on the client machine to look for the categories of software we have decided to inventory.

To configure software inventory, we still go into Client Settings in the admin console.  Here, the default settings are as shown below:

Note that while software inventory is enabled by default, nothing is being collected.  This is by design because of the potential impact that software inventory can impose on our hierarchy and its underlying network.  In most cases, unless there is a compelling reason to collect software inventory, it may be better to stick to just gathering hardware inventory.  But if there are compelling business reason that require us to gather software inventory, we can.  The guideline here, however, is to be conservative.  Only gather what you need from the necessary machines, searching only the relevant file paths (I have heard horror stories of admins who decided to collect every file type on every computer for their entire hierarchy.  Not only does this cripple the performance in ConfigMgr, but it will grow your SQL database considerably and unnecessarily).

To demonstrate configuring software inventory, let’s come up with a scenario.  In our company, we have a group that does testing work for a customer of ours.  They develop several different web-based pieces of software and employ us to provide design validation, testing and feedback.  Because our customer will deploy their software to kiosks in their retail stores nationally, one of the conditions of the contract is that the testing takes place on computers with fixed builds that contain only approved types of files.  We have solutions in place to restrict every other file type, but have decided we would like to use software inventory to identify the presence of .mp3 files on these test computers (so we can have these files removed if necessary).

Scenarios like this are not unheard of, and while it does not present us with a strict requirement to use software inventory, it provides us with enough conditions to illustrate the task. 

The first step will be to set up ConfigMgr so that we only inventory the computers which are part of the contract with this particular customer.  To do that, we will create a device collection called ‘Kiosk Testing’ and add the specified devices to it (how to create and populate collections is not the purpose of this present article, but if helped is needed in this area here is a good link that should provide the necessary guidance).

Once our collection is in place and populated, it’s time to configure our software inventory settings.  To start with, we want to create a custom Client Settings agent (we don’t want to collect inventory on every computer in our company and if we applied our software inventory settings to Default Client Settings, every computer would receive them).  We’ll call our custom Client Settings “Kiosk Project” and we’ll select just the Software Inventory category.

Opening the custom client settings agent, we see the following:

Our first step is to configure the schedule, and we decide that inventorying once a week is fine (no changes needed).  We further decide that the reporting detail is acceptable and we leave it at “Full details’.  All that’s left is to decide what file types to inventory, where we want to scan for those files, and determine if we want to collect those files as well.

We start by selecting ‘Set Types’ where we can tell ConfigMgr what we want to inventory.  We select the starburst symbol and then make the selections shown below:

As the screenshot illustrates, we are able to specify that we want to inventory targeted devices for all .mp3 files, and that we’re searching the root of the C: drive and every subfolder.  We’re excluding certain files and folders, which is fine for this illustration.

Once we set this, we can consider whether we want to configure software inventory to collect any files.  By doing this, we would actually make copies of these files and store them in our ConfigMgr database.  We recognize that we can limit the file collection so that it stops when the total size of collected files exceeds a value we have specified.  The settings we can configure are shown below:

For our purposes this isn’t necessary, so we don’t worry about this step.

Ours is only a fictional scenario, but I hope it helps illustrate some of the fundamental types of questions that should be asked when configuring software inventory.

Assessing the Impact of Inventory Collection

As I mentioned previously, enterprising admins might try to collect everything in their environment after setting up ConfigMgr 2012 for the first time and this may have less than stellar results.  So is there any way to determine what the impact of our inventory settings will be?  It turns out that there is.

When working with inventory, clients create files containing the hardware and software inventory data they’ve been asked to report.  They submit these to their management point which passes the information on.  Depending on the size of these files (which is determined by how much or how little data is being collected), this may result in a negative experience, either due to slower network performance, bloated database, etc.

To get a sense of how big the files will be that are coming from each client, the following procedure can help calculate what file sizes should be expected from each client (NOTE: Do this in a test lab rather than production if at all possible).

• After setting the hardware and software inventory of interest, select several clients that will act as test clients
• On each of the clients, navigate to %systemroot%\CCM\Temp and create a file called archive_reports.sms (make sure your file extensions are not hidden.  If necessary, set this in Control Panel\Folder Options)
• Go into the Configuration Manager app in Control Panel on each client, select the Actions tab, and run the Hardware and Software Inventory tasks as shown below:

NOTE: If you want, you can also run the Discovery Data Collection Cycle to evaluate the size of this data that will be sent from the client.

• At this point, go to the folder where archive_reports.sms was created and there should be several XML files as shown below

By looking at the size of these files, it can be determined how much information the client will be sending when it runs hardware and software inventory.  For details on the actual contents of each file, they can be opened for review in Internet Explorer

Once we’re done setting our inventory settings so that we are content that the size of the files is not going to cause problems in our environment, we need to delete archive_reports.sms (it should only be there during our evaluations or troubleshooting).

Summary

Inventory in Configuration Manager is usually something that can be set up and allowed to run automatically.  But at times there is a need to do additional work as I’ve described here.  The guideline, as in all things with Configuration Manager, is to only set things up that are needed and plan/test thoroughly in advance.  Doing this will help ensure there are no problems once the design has moved into production.

Summary:  PowerShell MVP, Teresa Wilson, talks about the best ways to learn Windows PowerShell.

Microsoft Scripting Guy, Ed Wilson, is here. Today we have a guest post by Windows PowerShell MVP, Teresa Wilson, aka The Scripting Wife. I asked her to talk a little bit about how one goes about learning Windows PowerShell. Take it away, Scripting Wife…

Hello everyone,

Teresa Wilson here. From time-to-time, whether at TechEd, at a user group meeting, or even online, people ask me how to go about learning Windows PowerShell. In general, my answer it the same. So here goes…

Everyone learns in a different fashion, some by reading, some by listening, some by doing, and some by a combination of all of these. Personally, I like to hear an explanation, then have someone give me an example to follow. Then by trying it myself, I can apply what I have learned.

If you are an IT professional, you may have an idea of something you do in a repeated manner that could possibly be automated. You can use that as your goal, and learn how to write the Windows PowerShell script to accomplish it. Bear in mind (believe it or not) that Windows PowerShell is not always the best tool for the job.

One such example was a man who kept asking Ed and others to help him with his script to build an organizational chart for his company. I am not going to get into all the details, but the short and true answer is that Windows PowerShell is not the tool for this task. It might be possible, but the complexity of the script, along with the likelihood of (hopefully) limited script reuse, made such a proposition a huge pain. Simply fire up Visio, spend a few hours adding shapes and text, and voila! You are done. It would take more time than that to find the documentation for the Visio API—not to mention beginning to understand it.

There is no reason to spend hours of time and frustration trying to get Windows PowerShell to create an organizational chart. Just like you probably don’t want to use Windows PowerShell to write payroll checks. I do believe that attempting to get the formatting right would be way, way, way too hard. On the other hand, if your vendor happens to supply you with an Out-PayRollCheck cmdlet, then more Windows PowerShell to ya!

OK, enough of that. Let’s start with some basic ideas and places to go to learn Windows PowerShell.

1. Training series

If you like to listen to someone explaining or showing you how to accomplish a task, you can go to the Windows PowerShell Scripting page on the Script Center Learn tab and watch two series of training by Ed. As shown in the following screenshot, each series of Webcasts includes five episodes. One series is called the Windows PowerShell Essentials for the Busy Admin Series and the other series is Windows PowerShell: Learn it now before It’s an Emergency.

2. Don Jones on You Tube

Windows PowerShell MVP, Don Jones, has a You Tube channel dedicated to learning. It is called Learn Windows PowerShell in a Month of Lunches.

3. Books

Books are a way to learn. Don Jones also wrote a book called Learn Windows PowerShell in a Month of Lunches. It is an awesome book for learning to use Windows PowerShell. 

Ed wrote Windows PowerShell 3.0 First Steps, and Windows PowerShell team member, Lee Holmes, wrote Windows PowerShell Cookbook. These are only three of the several books available about Windows PowerShell.

4. The Hey, Scripting Guy! Blog

This #1 blog has lots of information, but for the beginner, I recommend that you start with some easy lessons that Ed demonstrates by using me as his student. The important thing to keep in mind is that the Scripting Wife posts build on each other—so start with the very first one and work your way forward from there: Scripting Wife series.

5. Events

There are also Windows PowerShell events that take place throughout the year where you can go and learn about Windows PowerShell in person. PowerShell User Groups include a virtual group, and some groups (such as Mississippi and a few others) have remote attendees. Also consider attending PowerShell Saturdays, the PowerShell Summit, and Ignite (formerly known as Microsoft TechEd). 

6. Community help

If you run in to issues, there are lots of sources to turn to for help. For example, on Twitter, follow @ScriptingWife and @ScriptingGuys and create a search filter for #PowerShell). If your question is short and clear, you will more than likely get a quick answer (although probably not from me or from the Scripting Guy).

There are also forums on PowerShell.org and TechNet that are devoted to Windows PowerShell, as well as the Official Scripting Guys Forum…not to mention the Scripting Guys Facebook site and the various Windows PowerShell groups mentioned there.

7. Online script examples

Many times, it is helpful to see an example. You can find thousands of sample scripts in the Script Center Repository and on PoshCode. In addition, there are add-ons for the Windows PowerShell ISE that make it convenient to find scripts: for more information, see Introducing Script Browser and Script Analyzer.

I hope this information will get you started on the path to learning Windows PowerShell. Have a scriptastic day!

~Teresa

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy

Here is a script that will give you a good starting point for troubleshooting Distributed Cache for SharePoint 2013 On Premise.

Make sure to save it as a .ps1 file and run the script (Administrator) on a running Cache Host like "PS C:\> .\DistributedCacheScript.ps1", or right click "Run with PowerShell" as it will simply not work with copy paste.

I will keep adding and changing functionality like getting logs from all Cache Hosts and so on if time permits, please feel free to suggest any improvements.

It will:

• Ask you how much to go back in time for taking Event Logs Application/System/AppFabric (in minutes) up to the present time.
• Create a folder @ C:\Distributed Cache [ServerName]
• Create files which contain things like local event logs for DC, DC commands, exported configuration XML for the Cache Cluster etc.

It will not make any changes what so ever anywhere.

Provided As is.

Write-Host "Run as an Administrator and always via the .ps1 script, so do not copy paste" -foregroundcolor red -backgroundcolor yellow
[Int]$Minutes = Read-Host -Prompt "Please provide a value to indicate how many minutes you want to go back in time for collecting logs, 120 will take logs from the last 2 hours"
Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
$ComputerName = gc env:computername
New-Item -Name "Distributed_Cache $ComputerName" -ItemType Directory -Path C:\
$Folder = Get-Item "C:\Distributed_Cache $ComputerName"
$GetCache = "Get-Cache"
$GetCacheHost = "Get-CacheHost"
$GetCacheClusterHealth = "Get-CacheClusterHealth"
$GetSPServiceInstance = "Get-SPServiceInstance"
$GetWinEvent = "Get-WinEvent"
$GetApplicationLogs = "Get-EventLog Application"
$GetSystemLogs = "Get-EventLog System"
$Line = "=================="

$Date = (Get-Date).AddMinutes(-$Minutes)

Start-Transcript -Path $Folder\Transcript.txt
Use-CacheCluster
Set-CacheLogging -LogLevel Verbose -Path $Folder\PSLogging.txt
$Line | Out-File $Folder\GetInfo.txt
$GetCacheClusterHealth | Out-File $Folder\GetInfo.txt -Append
$Line | Out-File $Folder\GetInfo.txt -Append
Get-CacheClusterHealth | Out-File $Folder\GetInfo.txt -Append
$Line | Out-File $Folder\GetInfo.txt -Append
$GetCache | Out-File $Folder\GetInfo.txt -Append
$Line | Out-File $Folder\GetInfo.txt -Append
Get-Cache | % {Get-AFCacheConfiguration -CacheName $_.CacheName} | Out-File $Folder\GetInfo.txt -Append
$Line | Out-File $Folder\GetInfo.txt -Append
$GetCacheHost | Out-File $Folder\GetInfo.txt -Append
$Line | Out-File $Folder\GetInfo.txt -Append
Get-CacheHost | fl | Out-File $Folder\GetInfo.txt -Append
$Line | Out-File $Folder\GetInfo.txt -Append
$GetSPServiceInstance | Out-File $Folder\GetInfo.txt -Append
$Line | Out-File $Folder\GetInfo.txt -Append
Get-SPServiceInstance | ? {($_.service.tostring()) -eq "SPDistributedCacheService Name=AppFabricCachingService"} | fl | Out-File $Folder\GetInfo.txt -Append
Get-SPServiceInstance | ? {($_.service.tostring()) -eq "SPDistributedCacheService Name=AppFabricCachingService"} | Out-File $Folder\GetInfo.txt -Append
Export-CacheClusterConfig -Path $Folder\Export.txt
$Line | Out-File $Folder\AppFabricLogs.txt
$GetWinEvent | Out-File $Folder\AppFabricLogs.txt -Append
$Line | Out-File $Folder\AppFabricLogs.txt -Append
Get-WinEvent -ProviderName "Microsoft-Windows Server AppFabric Caching" | fl | Out-File $Folder\AppFabricLogs.txt -Append
$Line | Out-File $Folder\ApplicationLogs.txt
$GetApplicationLogs | Out-File $Folder\ApplicationLogs.txt -Append
$Line | Out-File $Folder\ApplicationLogs.txt -Append
Get-EventLog Application -After $Date -EntryType Error,Warning | where {$_.Message -like "*AppFabric*"}  | fl -Property * | Out-File $Folder\ApplicationLogs.txt -Append
$Line | Out-File $Folder\SystemLogs.txt
$GetSystemLogs | Out-File $Folder\SystemLogs.txt -Append
$Line | Out-File $Folder\SystemLogs.txt -Append
Get-EventLog System -After $Date -EntryType Error,Warning | where {$_.Message -like "*AppFabric*"}  | fl -Property * | Out-File $Folder\SystemLogs.txt -Append
Stop-Transcript

Hope it helps.

Filip Bosmans

I’m in Las Vegas at the international CES (Jan 6 to 9)  in several roles:

- at the invitation of the US Embassy as an industry board chairman

- as a judge for the Kay Family Foundation Appreneur Scholar Awards

- as a chairman and managing partner working in investments and start-ups

- as a board chairman looking for buying opportunities

- as a writer/blogger for IDG - IT World Canada (pre-show events running from Jan 4)

My predictions for CES and for the enterprise are reported here for IT World:

http://www.itworldcanada.com/author/sibaraki

The judging is reported here:

http://appreneurscholars.com/2015-judges/

International CES is the largest technology show with 6000 press, 160,000 delegates, 3500 exhibitors, 2 million square feet spanning multiple hotels and the convention center. There are pre-events which I will be attending today and I will provide updates for areas that I find particularly cool!

Olá Comunidade TechNet Wiki! Hoje é domingo, Final de Semana Surpresa!

Nesse final de semana surpresa destacamos os Ninjas Faixas Brancas do Portal do TechNet Wiki!

- E o que é ser um Ninja Faixa Branca do TechNet Wiki?

Sensei diz: "é uma faixa branca como um dedo apontando para a lua. Não me concentro no dedo ou você pode perder toda a glória celestial. Não se concentre nas realizações demais por agora, elas virão. Aproveite para trabalhar junto com a Comunidade TechNet Wiki."

Sobre: isto é apenas o início de uma jornada. O branco pode ser obtido com apenas uma semana de esforço extra.

Requisitos:

• Para obter esta realização é necessário a Medalha de bronze: Novo Editor do Wiki - fez uma revisão.
• Para obter esta realização é necessário a Medalha de bronze: Novo comentarista Wiki - deixou um comentário.
• Para obter esta realização é necessário a Medalha de bronze : Novo colaborador do Wiki - você foi o autor de um artigo.
• Para obter esta realização é necessário um Benchmark - que coloca você no Top semanal de contribuintes em 1 tempo.

Recompensas:

• Wiki Ninjas Blog: Ranking de faixas - você aparece pela primeira vez na postagem regular do blog no Ranking de Faixas.

- Quem são os Wiki Ninjas - Faixa Branca?

São os membros da comunidade TechNet Wiki que se destacam ajudando a comunidade com artigos, revisões, comentários nos artigos do TechNet Wiki.

Veja a lista dos membros atuais clicando no artigo abaixo:

Artigo: Wiki Ninja Belt Status: Who Has What Belt Ranking

O TechNet Wiki agradece e parabeniza a todos que atingiram essa faixa e convida a todos os membros do Portal do TechNet Wiki a participarem e conquistarem as suas faixas!

Até a próxima!

Alan Carlos
TechNet Wiki Ninja

Het nieuwe R3 inclusief CU8 demo image is beschikbaar op Partnersource en Customersource.

Inmiddels is de Cumulative Update 8 verwerkt in het solution demos image. Met de nieuwe Modern POS.

De images moeten allemaal gerearmed worden volgens de aanwijzingen.

Waar je even rekening mee moet houden is dat de Modern POS zoals die bij EmmaH te vinden is nog niet goed ingesteld staat. Wat moet je doen om dat te fixen?

Retail Modern POS initial setup
1. Log in as Emmah
2. Launch Retail Modern POS
3. Go to the Charms bar
4. Select settings
5. Select Reset
6. Close Retail Modern POS

To log into Retail Modern POS
1. Log in the VM as emmah
2. Launch Retail POS
3. Use the following connection info
Service URL: Http://localhost:35080/retailserver/v1
Device: Houston-3
Register: Houston-3
User: 000160
Password : 123

En eventueel tijdens de looptijd.
If you receive an error that the device is already activated then follow these steps
1. Launch the AX client
2. Go to USRT company
3. Select retail
4. Go to Setup > Devices
5. Select Houston-3
6. Set it to deactivated
7. Log in again

Wat zijn de extra mogelijkheden van het nieuwe demo image?

There several new Demo Scripts as well:

• AX 2012 R3 CU8 Demo Data Scripts - HCM
  • Flexible benefit accruals
  • FMLA
  • Forecast Positions
  • Premium Earnings Generation
  • Regular Rate of Pay
  • Total Compensation statement
• AX 2012 R3 CU8 Demo Data Scripts - PS
  • Claims Authentication
  • RFQ Amendment
  • One time vendor
  • eProcurement Vendor Registration Setup
• AX 2012 R3 CU8 Demo Data Scripts – Retail
  • Managing Products, Categories and Assortments for Retail Channels
  • Time and attendance in a retail store
  • Buy Online and Pickup In Store
  • Kit Creation and Assembly
  • Modern POS
  • Point of Sale Reporting
  • Retail Essentials
  • Retail Monitoring
• AX 2012 R3 CU8 Demo Data Scripts – SCM
  • RFQ Amendment
  • Claims Authentication
  • eProcurement Vendor Registration Setup
  • Batch orders and WMS integration
  • Cross docking of product packages

Enjoy,

Freek

Summary: Learn how to get tickets to PowerShell Summit 2015.

 I tried to get a ticket to the Windows PowerShell Summit 2015 in in Charlotte, North Carolina,
            but it was sold out. How can I find a ticket?

 Additional tickets will be made available on a first come, first servef basis via PowerShell.org on January 11.
            Be ready, though, because these seats will go fast. Here is the link:

PowerShell Summit N.A. 2015 – Additional Capacity

Do you still have internal use rights (IURs) to assign to users within your organisation? 

One of the key benefits of subscribing to a Microsoft Action Pack or attaining a competency is the access to different internal use software licences, enabling you to use the latest Microsoft on-premise, hybrid and cloud technologies. By assigning the licences to as many relevant users in your organisation as possible you will be able to:

1. Help increase productivities of your sales and marketing teams
2. Enable your staff to become familiar and knowledgeable about the products and increase credibility when talking to customers
3. Perform internal development and testing on latest technology
4. Reduce the cost of running your internal business
5. Get dedicated Partner Support to help deploy your IUR licenses
6. Sell approx. 3 times larger deal size compared to partners who do not use their IURs

What do you need to do?

Go to aka.ms/ActivateIUR (You must have a Microsoft Account/hotmail/outlook which is associated with your MPN Membership admin rights in order to access this)

Partner testimonial

Ian Bourne from Cloud2020 was the lucky winner of a recent competition launched at Future Decoded and ran throughout November. Cloud2020 was entered into a prize draw to win a prize package consisting of a Dell Venue 11 Pro tablet, Lumia phone, headphones and charger, worth approximately £350, for assigning at least 5 of his Office 365 IURs within the competition time frame. This is what he has to say:

“We are great believers in using the technology that we sell which is why we use O365, Dynamics CRM, SharePoint, and have Windows phones and Surface tablets in the business.

Our whole business is driven by Dynamics CRM supported by O365, and by using the whole Microsoft stack we’re very productive and punch above our weight as a small, growing business. As a small business we need to operate in a mobile way – with the tools at our disposal we can access our business from anywhere, and when the team is on the road, they can manage the sales and support wherever they are with their customers.

We have just recruited an apprentice who has been immersed in all the products from day one; as a result of which, he understands and believes in them. He gained a grasp of the products in very quick time which meant he was productive in customer support and deployment almost immediately.

When we sit in front of our customers, we have genuine belief in our sales pitch, we don’t just talk the talk, we walk the walk!”

Do you need more licences?

You always have the option to buy licences however, you might be considering attaining a competency or an additional competency. To see how you could gain more IURs, check out the licence calculator at the Partner Digital Download Portal

More info and help:
• Cloud IUR Licence Entitlement - Find these attached below.
• Find out more about software and online services benefits
• Find out about Microsoft Action Pack and IUR entitlement
• Explore Microsoft Competencies and IUR entitlement

Af Kresten Thorndahl, Studentermedhjælper

Sway er et nyt medlem af Office-familien som hjælpe dig med at lave fede præsentationer, når du vil udtrykke dine ideer og tanker. Sway er en platform for præsentationer med dig selv i centrum.

PowerPoint har for mange været det foretrukne værktøj til at lave præsentationer. Men nu bringer Microsoft et nyt værktøj på banen, der er endnu mere fleksibelt og intuitivt. Sway hedder den webbaserede applikation, der meget hurtigt gør det muligt at opbygge flotte multimediepræsentationer.

Som studerende skal jeg ofte producere præsentationer på meget kort tid. Her kommer Sway til at hjælpe mig, fordi jeg på meget kort tid kan indsætte multimedia og derefter vælge billeder direkte fra Bing, OneDrive eller andre steder på nettet. På ingen tid har jeg en automatisk opsætning i et lækkert design.

Sway er lige nu i en beta-version og det er ikke alle funktioner og layouts der er klar endnu, men se videoen nedenunder, læs følgende blogindlæg(engelsk) og prøv selv kræfter med Microsofts nye familiemedlem.

(Please visit the site to view this video)

Before Christmas, a colleague came to me with a customer scenario where they were leveraging User Device Affinity to pre-deploy software installations to users, however they were looking for a method to automatically uninstall the software when either a user’s device affinity changed or the application was revoked.

The application virtualisation white paper discusses methods for auto uninstall, however user policy through UDA will block any uninstallations from occurring. But an uninstall deployment to a machine that installed software through a User targeted installed initially returns “rule is in conflict with other rules” and never re-evaluates to do the uninstall.

So the question remained, how to handle automatic uninstall for user based deployments that leverage the “Pre-deploy  software to the user’s primary device”.

My solution to get around this was to create 3 collections:

1) The target collection – this is the collection of users that require the software and to which the deployment is advertised.

2) A collection for each user targeted application that infers the machines that have been targeted due to User Device Affinity.

3) A third that contains either an inverse of all machines not in collection 2 (ie machines that are not targeted for the application) or all machines that have the software that are not in collection 2 – the latter of which will rely on either deployment status messages or hardware inventory.

The query for collection 2 is as follows:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_UserMachineRelationship on SMS_UserMachineRelationship.ResourceId = SMS_R_System.ResourceId where   SMS_UserMachineRelationship.UniqueUserName   in   (  select SMSID from SMS_CM_RES_COLL_PRI001D8          )  and SMS_UserMachineRelationship.IsActive != '0'

 Where PRI001D8 is the user collection in step 1 and SMS_UserMachineRelationship.IsActive != '0' handles the revocation of affinity between a user and a machine.

Then target the uninstall deployment at collection 3 and whenever the affinity for a user changes the affected machine will receive an uninstall policy and there will be no conflict to stop it from running

Rob York
Premier Field Engineer

IT-branschen behöver lyfta fram fler briljanta kvinnor. Därför letar nu Microsoft för elfte året i rad efter Sveriges mest drivna, engagerade och entreprenöriella tjej som studerar data eller IT-relaterade ämnen på heltid på universitet, högskola eller YH-utbildning med minst ett år kvar av sina studier. Om du eller någon du känner är den initiativrika tjej som på något sätt har inspirerat till utveckling och nya idéer under studietiden – då är det läge att ansöka eller nominera!

Årets IT-tjej kommer att ha ett givande år som ambassadör för IT-tjejer med mycket nätverkande och därför ser vi gärna att vår vinnare är aktiv i sociala medier samt student under hela 2015.

Finalisterna bjuds in till ett heldagsevenemang på Microsoft i Akalla den 19 februari 2015 för intervjuer, case-lösning, mingel och andra aktiviteter. Detta är ett utmärkt tillfälle att lära känna företaget, nätverka med Microsofts HR-team och andra nyckelpersoner. Microsoft bjuder sedan in toppkandidaterna till Universum Awards på Berns i Stockholm den 11 mars där en av dem koras till Årets IT-tjej 2015.

Vinnaren bjuds in till många olika spännande och inspirerande evenemang under året, och får en egen mentor på Microsoft. Dessutom blir vinnaren en förebild och ambassadör för IT-intresserade tjejer i hela landet, och blir medlem i ett slutet nätverk av tidigare IT-tjejsfinalister som nu är verksamma i branschen. Som ambassadör för Microsoft får Årets IT-tjej självklart också en spännande hårdvaruprodukt. Läs mer på Universums tävlingssida.

Missa inte möjligheten till ett fantastiskt år med en egen mentor på Microsoft och massor av evenemang och event!

Ansök eller nominera här senast den 9 februari 2015.

A well-trained, multi-skilled workforce is essential to the achievements of a business. Without appropriate knowledge and skills, a company, irrespective of size, can lose its competitive and distinctive edge. In IDC's report on the impact of Cloud on IT Organisations and staff, two of the top 3 reasons that computing positions are going unfilled are 1) lack of appropriate training & 2) lack of relevant certification. (IDC, Climate Change: Cloud's Impact on IT Organizations and Staffing, Nov 2012)

The Tech Partnership Training Fund is a government-fund for employers to invest in IT training. The objective is to stimulate increased investment in training which supports business growth and competitiveness. The fund is available as a result of the Tech Partnership winning a successful bid into the government’s Employers Ownership of Skills pilot.

Microsoft’s Director for Partner Business & Development Linda Rendleman commented “In order to leverage the business opportunities presented by Cloud and Big Data technologies, it is vital to invest in the skills and qualifications for your business. The Government funding available via The Tech Partnership is an ideal opportunity to receive financial support with accredited training companies to develop your skills staff need in these key growth areas”

What is the funding for?

Funding is currently available for employers wanting to invest in short courses which deliver skills in strategically important areas such as Cloud, Big Data, Mobile, Cyber Security and E-commerce.
Microsoft training Partner QA Ltd supports the recently launched Tech Partnership Training Fund by providing courses identified as key business-growth areas such as Windows Server, Azure, System Center, SQL Server (eligible courses subject to approval during application).

What funding is available?

Subject to eligibility, The Tech Partnership Training Fund may grant employers up to 50% of the eligible costs of your IT training course, and up to a maximum grant of £500 per delegate. Following a successful application, employers will be notified of the funding amount available to their organisation.

How do I apply to receive training funds?

Business must meet certain requirements to be eligible for training funds. More information regarding eligibility can be found on The Tech Partnership Training fund website. If the requirements are met, business can submit an application to find out how much funding is available.

Funds are limited, so apply before they run out.

Every year, the IT Pro team are very lucky that we get to partner with a wider virtual IT Pro Team that regularly contribute to our activities. These individuals can be found not working for Microsoft but in our partner community, our MVPs and even our customers. These ladies and gentlemen take time out of their busy schedules to contribute through blog articles, providing insight and joining us on the road. As a team we wanted to recognise their contributions in the form of the IT Pro New Year’s Honours List. 

This year’s IT Pro New Year’s Honours List:

1.Jonathan Noble (MVP)

Jonathan has been an avid supporter of the team for a large number of years, be that working with us at Tech Ed, running local events (in partnership with peers) and providing us with PowerShell insights. As part of his work as an MVP he’s supported the community, sharing his knowledge on the subject. This November he presented at Future Decoded. @jonoble

2.Rik Hepworth (MVP)

Rik is the type of chap that will support (if he can), no matter what the task. He is equally happy being front of stage as well as supporting those at front. We’ve worked with him on a number of activities, including Tech Days Online and Future Decoded. He has also provided excellent support as we’ve travelled up and down the country delivering IT Camps. @rikhepworth

3. Michael Taylor

Has supported the team presenting at both Tech Days Online and more recently Future Decoded. He regularly provides the team with open and honest feedback on our approaches to market. He has also blogged for us, in particular sharing his experiences of the Surface Pro 3. @1MikeyT

4.Patrick Lownds (MVP)

Patrick is our man from HP. He’s another superstar MVP who has been on the road with us at IT Camps. He is an accomplished writer and has jointly written a most excellent book on Windows Server. Patrick is very active on social media and we regularly see him answering questions or amplifying our messaging. @PatrickLownds

5. Robert Hogg (MVP)

Boss to his friends, leads the team at Black Marble. He is always willing to support the team, presenting at events and sharing customer stories. Most recently he stepped in at the 11^th hour at Future Decoded.  We had a customer pull out on the morning of the event and Boss very kindly agreed to deliver a session to cover. @RobertHogg

6. Ed Jones

Ed works for Firebrand who are one of our Gold Learning Partners. He is our star blogger for the TechNet UK Blog this last year, providing us with the most articles in 2014. His articles have ranged from SQL Server certifications to marketing. Ed has been consistent throughout the year and is great to work with. @EdgeMcghee

7.Mark Everest

Mark is Mr Dev Ops at the Lotus F1 Team. He’s been kind enough to share the team’s experiences as they adopt this approach to their development. He’s presented and contributed to thought leadership to this area through our blogs. @MarkJEverest

8. Linda Smith

We’ve partnered with Linda for a number of years now through her work at Global Knowledge. Andrew has regularly presented with her at events such as the VM User Group. A few months back, Linda gave up a number of evenings to join us in delivering some pilot career events in London where we were helping IT Pros develop their careers. @VirtualGirlGK

9. Peter Bryant

Peter (or PJ, as you may know him) has been a standout contributor to a variety of TechNet activities in 2014, including numerous blog articles and provision of his encyclopaedic TechEd Europe knowledge. He continues to be a pillar of the IT community and is also an active member of the Microsoft Technical Community Council (MTCC), through which we look forward to working with him further over the next year. @pjbryant

10.Mark Wilson

In previous years, Mark has made great contributions to the wider IT industry through his authoring of whitepapers and coverage in the technology press. In 2014 we were thrilled that he took up our invitation to join the Microsoft Technical Community Council (MTCC), where he has constantly provided valuable feedback on upcoming products, events and more. He continues to author a popular blog, as well as being active on social media. @markwilsonit

11. Richard Conway (MVP) - @azurecoder

12.Jamie Bryant - @MrCloudOS

13. Mike Halsey (MVP) - @PCSupportTV

14.Peter Egerton - @PeterEgerton

15.Jen Stirrup (MVP) - @jenstirrup

16.Chris Webb (MVP) - @Technitrain

17. Mathew Reynolds– @b00mer

18. Marcus Robinson - @MR_ICT

19. James Roland-Jones (MVP) - @jrowlandjones

20.Andy Radcliffe 

21.Chris Rhodes (MVP) - @ChrisReBoot

22.Ben Lee - @Bibbleq

23. Dave Ackroyd - @learnpowershell

24.Colin Chaplin - @ColinChaplin

25.Andrew Hancock - @einsteinagogo

Greetings! Hilde here to wish you a Happy New Year and to welcome you to the first Monday of 2015 and the first post of 2015 for AskPFEPlat!

As you may know from reading my posts here, I tend to reminisce. Well it's the New Year, so here I go again … Anyone out there remember the "Distributed Systems Guide" from the Windows 2000 Resource Kit series of books? Chances are if you are an old-school AD admin, you read it cover to cover more than once. Pound for pound, that book is one of my top IT books EVER (and heaviest). I still learn something every time I open it. KUDOS to the numerous authors who had a hand in its creation (some of whom I've been privileged enough to work with). I still like tangible "hold in my hand" books and I would love an update to that one but the way book publishing has changed, I don't see that happening.

Ok - now, back to the future…

I think we've all seen where cloud computing has altered the way applications are developed.  Today, it's all about "The App." As in 'a-web-based-accessed-from-anywhere-on-anything' style of app – not the 'RunMe.MSI-installed-onto-a-single-server-using-a-service-account-and-accessed-via-a-dedicated-client-install' style of application.

At the same time, the ubiquitous nature (nice phrase, eh?) of smartphones, tablets and other devices along with a blurring of the lines between work-life and personal-life has changed the way people use/access those apps. Cross-device; cross-platform; anytime; anywhere - this is the new norm. Or at least the new expectation.

On-prem Windows Server AD domains and forests are usually insulated or isolated from the outside world and don't quite get us what we need for this new model. We'd need to turn our firewalls into Swiss cheese with a lot of open ports and we'd likely have issues when Internet DNS conflicted with internal DNS. Just to name a couple of obvious sore spots. What are we to do?

Hello Azure Active Directory

Azure Active Directory (Azure AD; AAD) is a web-based, Internet-scale identity and access management service hosted in Microsoft Azure datacenters. It combines directory and identity services and governance, application access management, auditing and reporting, as well as multi-factor authentication and password self-service (and new features are added regularly).

Even though the name is similar, Azure AD is NOT instances of Windows Server Active Directory running on DCs in Azure datacenters but it has some similar aspects. There are users, groups, partitions, content replication – I think of it like AD LDS front-ended by web services/APIs. There aren't any AD sites or OUs; there isn't a domain join function for computers either. There is something a bit like a domain join, though. Device registration (http://msdn.microsoft.com/en-us/library/azure/dn788908.aspx) is sorta like a minimal domain join, utilizing Azure, ADFS and certificates to associate a given user's personal device(s) that she'd like to use to access corporate data. In the near-future, people will likely be able to login to a PC via an Azure AD account (similar to logging into a Win8 PC via a Microsoft Account). Who knows what else the future holds – the feature set of Azure services is rapidly and frequently expanding.

There are three different levels of Azure Active Directory with feature-set, scale and cost variations. Here are two helpful resources to break it down for you:

• http://azure.microsoft.com/en-us/pricing/details/active-directory/
• http://msdn.microsoft.com/en-us/library/azure/dn532272.aspx

      A good technical article with some great AAD "mechanical" details can be found here (read the comments, too): 

• http://blogs.technet.com/b/ad/archive/2014/09/02/azure-ad-under-the-hood-of-our-geo-redundant-highly-available-geo-distributed-cloud-directory.aspx

As a long-time AD guy, Azure AD has been bouncing around in my noggin for quite some time.  To be honest, it's still bouncing around. One way I come to terms with new things is to jot down notes of my own aimless wonders and wanders, then seek out answers.  A while ago, I started one of these for cloud 'stuff', including Azure AD.

Then, recently, a peer PFE and buddy of mine presented Azure AD through the lenses of an "old-school AD Admin" and it dawned on me that our readers would benefit from this viewpoint and you all likely had many of the same questions I had chased down in my Cloud FAQ.

One of my first and oldest FAQ entries is:

Why should I care about Azure AD?

To better understand my own question, it's flipped around and been rephrased a few times - now it is: Why would businesses use/need a directory service in the cloud?

As we all know, business is changing and so is IT/technology. Before the cloud revolution, most apps were in-house, running on servers in our on-prem datacenter, updated every so often via CDROM media that the vendor would ship. Today, many of those app vendors host their apps as "services" (you may have heard this referred to "Software as a Service" or "SaaS").  Our own Office 365 is an example of the SaaS delivery model.

Another example might be a corporate travel service/app that has evolved over time from that 'thick' client/server style, to an internal intranet site. Then the vendor began to host the service on an Internet site but each user had to go there, create their own ID/pwd on that site and remember those credentials each time they needed to book travel. The vendor decides to integrate the app into AAD.  Bingo – right there is a solid use-case for Azure AD – that web sign-in can now be handled via existing on-prem AD credentials for all of your users. If a user leaves the org, you disable the on-prem AD account and that change will be sync'd to Azure AD - he/she won't be able to high-step out to the travel app and book a flight around the world on the company dime. His/her access to that, and any other SaaS apps is now controlled by IT via the same set of credentials that the user already uses to login to his/her PC. The app/service may be available from a corporate PC, a personal use tablet, a web kiosk at a hotel or even a smartphone.

Take that example, and apply it to any number of today's scenarios – MANY apps are offered as "Services" and rather than your users each creating/managing separate identities for each app/service, with Azure AD, you control your user's access to all of those important cloud apps/services as an extension of their existing on-prem AD credentials.

Make sense?

• The vendors manage/update the apps, add new features, etc.
• The credentials are the same ones already managed by IT within your on-prem AD.
• Many apps are available on multiple devices/form-factors – (corporate PC, smartphone, tablet).

     That, my friends, is a powerful business-enabler.

• Your users can do their jobs/duties across devices/platforms/locations and you maintain control of the identities.

Also, consider the potential sales an ISV gets when they certify their app for Azure AD integration? As of Oct 2014 data, Azure AD has 2400+ SaaS apps pre-integrated, more than 200 million active users and it processes about 18 billion authentications each week. That's big.

Of course, many SaaS apps/services can be federated to on-prem AD via ADFS or other federation technology. However, as mentioned, the number of these SaaS apps is growing FAST and having to manage the multitude of these federation trusts quickly becomes a burden. Especially when it comes time to roll over the certificates if the apps don't monitor the federation configuration for changes.

We can leverage Azure AD to help us here and establish a single federation trust to your on-prem AD and then, via the integration of the SaaS vendors with Azure AD on the back end, your users can SSO to those SaaS apps.

Are you curious as to what AAD integrated apps are available? Check out the Azure AD Marketplace (a list that is always growing):

• AAD-integrated apps - http://azure.microsoft.com/en-us/marketplace/active-directory/
  • At the bottom of that page, there are links to suggest apps or get your app added to the AAD-integrated app collection

You may be wondering how big is the 'grassroots' use of cloud-apps for your internal users. How many apps are folks really using? What apps are they using? You might be surprised. I've read it is upwards of 10x what IT estimates.

To help get a handle on this, Microsoft created a tool that can be used to inventory what cloud apps are in use on your user's systems. The tool needs to be deployed to your end-user devices (or a pilot/sampling of them) but once that is done, you can use the tool to create usage graphs, volume of data exchanged, top apps, etc.

• CloudApp Discovery - http://appdiscovery.azure.com/

So, SaaS app authorization and authentication with on-prem credentials via Azure AD - got it?

How do I populate our Azure AD directory with on-prem AD user information?

You can create users in your Azure AD directory one-by-one in the portal (or via some CSV import, the Graph API, or AAD PowerShell module), but many of my customers have 30k, 90k, 100k or more user accounts. Microsoft Azure AD provides some simple-to-setup but very robust sync tools/services so you can quickly populate/maintain your Azure AD directory with on-prem user and group information from one or multiple domains/forests.

Extend your on-prem AD into Azure AD and you just 'cloud-enabled' all of your on-prem IDs. Let me restate that: your users can now access any application assigned to them that is (or will be) integrated into Azure AD by authenticating via a prompt to provide the same credentials as their current on-prem login ("same sign-on") or through a federated "single sign-on" process. That run-on sentence just opened a World Wide Web of possibilities.

• AD sync options and details - http://technet.microsoft.com/en-us/library/jj573653.aspx

With the available multi-factor authentication (MFA) service in Azure AD, you can enable multi-factor authentication to any of those SaaS apps for all of your users in short order. This is amazing to me. It used to take months of 40-50hr work-weeks, coordination with vendors, exchanging certificates, creating service accounts, installing the multi-factor auth app on a set of servers, purchasing, distributing and tracking costly physical fobs/cards for the MFA app, managing and backing up the servers, etc.

With Azure's MFA service, we can get this up and running, literally in minutes, leveraging your users' cellphones (via a text message, a phone call or an app on the phone).

I know this all sounds kinda' "infommercialish" but it's true.   

    Figure 1: Resource access overview for directory sync and federation (image from the technical guidance/details here: http://technet.microsoft.com/en-us/library/dn761716.aspx )

Is Azure AD an LDAP-compliant directory? How do we interact with AAD programmatically?

There are several interfaces exposed for Azure AD but AAD doesn't support LDAP externally today (internally, it is LDAP - see figure 2 below).

To query/read/write to Azure AD, we can use AAD PowerShell and/or leverage the REST-based Graph API interfaces.

• REST = "REpresentational State Transfer" is a type of web-standard that enables web apps to interact with other web apps
• The Graph API, specifically, is a way to interact with the contents of Azure AD via GET, PUT, POST, etc
  • http://msdn.microsoft.com/en-us/library/azure/hh974476.aspx
  • "Graph" refers to the idea that the data in AAD is structured and can be logically/predictably accessed – it's organized; not just a random collection of stuff.
• An example of an familiar LDAP-style AD query - "(&(objectCategory=person)(objectClass=user)(cn=Santa Claus)
• The same query in Graph syntax - GEThttps://graph.windows.net/contoso.com/Users?$filter=displayName eq 'Santa Claus'&api-version=2013-04-05

    Figure 2: Azure AD overview (from this EXCELLENT document which is required reading - http://blogs.microsoft.com/cybertrust/2014/09/09/protecting-customer-data-in-our-cloud-through-microsoft-azure/ )

Is there Group Policy in Azure AD?

As mentioned before, AAD isn't Windows Server Active Directory - there is no Group Policy functionality in Azure AD.

However, Microsoft InTune is a cloud-based mobile device management service in Azure that allows some similar control of users, devices and settings and opens up the functionality to cross-platform devices.

Some examples of this are: smartphone management forcing a PIN, device encryption, remote wipe of corporate data, etc. InTune readily integrates right into SCCM to provide for both on-prem and cloud-based device management.

• For more Intune details: http://msdn.microsoft.com/en-us/library/dn879015.aspx

Can I deploy an instance/replica of Azure AD in my on-prem Datacenter?

There isn't a way to replicate your AAD directory(ies) into an on-prem instance. One of the values of Azure is that Microsoft manages the infrastructure/services of Azure and all you need to manage is your content.

Additionally, recall that you are able to synchronize some of your on-prem AD content into an Azure AD directory instance. I said 'some' because we only sync users, groups and contacts; we don't sync GPOs, DNS records, AD Sites, etc. 

Can I deploy an instance/replica of my on-prem AD into Azure?

No and yes.

You cannot create an instance of your on-prem AD in Azure Active Directory outside of the directory-creation and sync processes we've been discussing (the top option in the diagram below and the main focus of this post).

You can, however, create/host a VM in Azure's Virtual Machines service (http://azure.microsoft.com/en-us/services/virtual-machines/) that is connected to your on-prem network and running as a replica DC for your on-prem AD. This is similar to a branch office (or DR) scenario but the 'branch office' in this case is Azure (the middle option in the diagram below). We've posted about this before here in our blog - http://blogs.technet.com/b/askpfeplat/archive/2014/03/03/connect-an-on-premises-network-to-azure-via-site-to-site-vpn-and-extend-your-active-directory-onto-an-iaas-vm-dc-in-azure.aspx

You can also use Azure VMs to setup dev/test "islands" of AD, without any connection/awareness of you on-prem AD (the bottom option in the diagram below). Perhaps you want to check out Windows Server vNext AD? In a few minutes, you can setup a VM running the Technical Preview and then promote your new VM to a DC. We've posted about this before here in our blog (almost exactly 2 years ago) - http://blogs.technet.com/b/askpfeplat/archive/2013/01/07/windows-azure-virtualization-a-lab-in-the-clouds-for-every-it-pro.aspx  There is more information and detailed steps here: http://azure.microsoft.com/en-us/documentation/articles/active-directory-new-forest-virtual-machine/

Figure 3: Typical high-level options

Is Azure AD content replicated across international borders?

Another question I had was 'what about data privacy laws by country/region that restrict where data can/can't reside?'

In Azure AD, the content/data is replicated for fault-tolerance and the built in recovery (DR) aspects but the data replication is restricted to/from/in certain regions.      Figure 4 below shows the current UI for creating an AAD – notice you specify the country/region.

Figure 4: The Azure portal UI for adding a new directory

Figure 5: A point-in-time map of the Azure datacenters giving you an idea of the regions

More details can be found here about customer data locations and regions:

• http://azure.microsoft.com/en-us/support/trust-center/privacy/

Are there parent/child relationships if I have more than one AAD directory (like those in a Windows Server AD forest)?

Not really – Azure AD is flat; there isn't the same type of relational hierarchy as an on-prem AD.  Each AAD directory you create is a distinct entity but an Azure AD directory CAN have multiple Internet DNS namespaces configured once you prove that they are owned by your company (i.e contoso.com; mycompany.org, etc).  These are called 'custom domains' in Azure AD.

Be aware, though, there is a potential issue related to on-prem parent/child domains and the order you set them up for Azure AD integration.  See the following KB and think through the order you choose to link your on-prem domains to Azure AD for the most flexibility (i.e. you might consider setting up the child domain(s) first for the most flexibility): http://support.microsoft.com/kb/2174324

How do I manage Azure AD? Is there an equivalent to AD Users and Computers ("A-Duck" for you old-school AD admins)?

• The ADUC of Azure AD is the "Active Directory " section of the Azure web portal (which has features added/improved/updated frequently)
  • You can perform AAD administration from nearly any web-enabled device
• There is a rich Azure AD PowerShell module
  • Yet another reason to get proficient in PowerShell (note – I didn't say 'guru' or 'expert' – just get functional)
• There are the Graph APIs
• The InTune and Office 365 portals can also be used to manage certain aspects of Azure AD
• Of course, if you have synchronization setup from on-prem to Azure AD, many management activities you perform on-prem will sync (i.e. you can use ADUC to edit a user's description and that will be reflected in the AAD copy of that user.)
  • Note – the default interval for directory sync is every 3 hours and password hash sync is every 2 minutes.

     

 Figure 6: Azure AD management access options

Do we still use Kerberos, NTLM, LDAP, ADSI, and other protocols I'm familiar with?

On-prem, yes (obviously). However, remember, the cloud is a web-centric world (cross-device/cross-platform/cross-the-world) and interfacing with AAD requires that we use a web-centric language - SAML 2.0, WS-Federation, OAuth, OpenID, REST Graph, etc.

• For more details about the supported authentication protocols for Azure AD: http://msdn.microsoft.com/en-us/library/azure/dn151124.aspx
• For more details about the Graph API spec: http://msdn.microsoft.com/en-us/library/azure/hh974476.aspx

What's in a name?

"How important are the choices I make when first setting up Microsoft online services such as Azure, InTune, Office365, etc?"  

• In a word, VERY.  The initial choices one makes when setting up Microsoft Online services (Azure, InTune, O365, etc) are extremely important and can have far-reaching and long-lasting implications.  Think about this similarly to the selection of the forest-root FQDN for your on-prem AD.  As mentioned, you can add public DNS names that your company owns but you can't change the original <entry>.ONMICROSOFT.COM name that you setup. 

• Like all major IT decisions, it is critical to plan and think through your current and possible/future Cloud decision points BEFORE jumping in.  I've seen customers who wanted to 'dip a toe' in the Azure world and during signup, they chose the name to be something like INTUNE-MYBIZ.ONMICROSOFT.COM (i.e. to try out InTune).  The problem showed up when they wanted to light-up other Azure/O365 services, that initial "INTUNE-MYBIZ name was always around.  This caused a lot of confusion when working with SharePoint Online, Exchange Online, Lync Online, AAD, etc.  I really recommend bringing in some Microsoft resources to help you plan out your deployment options and document some of the key decision points.  For your cloud infrastructure, do it once; do it right.
  

• • Work with your Technical Account Manager (if you're a Premier customer) and/or head out here to get some help - https://deploy.office.com/  Rome wasn't built in a day but imagine if they had to build it twice?

I've been doing AD admin work since the dawn of AD with Windows 2000 – is my profession in jeopardy?

In some ways, it is. This is technology – things are always changing. This isn't a surprise to anyone reading this. We've all had to learn how to keep learning; the next version of a product, a new-to-you feature/aspect, PowerShell or whatever. This career we've chosen is all about adaptability and one's ability to thrive with change. As long as you can adapt, the AD admin role isn't going away … it's just changing. As we've discussed, AAD syncs from on-prem AD. Someone needs to setup/run/manage/monitor the sync tools; someone needs to setup/run/manage/monitor the federation services; PKI and certificate management is critically important in the cloud world we are in now. There is also "the work" to be done within Azure AD - the contents/portal/etc.

So, if you're set in your ways and it's 'on-prem AD or death', you might be headed for some challenging times. On the other hand, if you're willing (I know you're able) to add "cloud AD" to your technical skillset, the years of experience and maturity you have developed will continue to be of value in the cloud world. Being able to communicate effectively; develop and deliver quality documentation; being process-oriented and possessing a flexible, "can-do" attitude will always be very sought-after skills.

Ok – my New Year's Resolution is to learn more about Azure, Azure AD, Azure datacenters, etc – where can I get more information?

Here are a few more links to get you going:

• The main link for Azure AD administration - http://msdn.microsoft.com/en-us/library/azure/hh967611.aspx

• • The homepage for Azure documentation (check out the 'Documentation by service' list at the bottom of the page) - http://azure.microsoft.com/en-us/documentation/
  • The Azure datacenters are engineering feats - this link is a treasure trove of amazing technology information - http://www.microsoft.com/en-us/server-cloud/cloud-os/global-datacenters.aspx
  • There is also some great information in these whitepapers: http://www.microsoft.com/en-us/download/details.aspx?id=36391
  • A helpful graphic can be downloaded here to view most of the elements involving Azure AD - http://go.microsoft.com/fwlink/?linkid=399120&clcid=0x409

I hope this post helped shed a bit more light on what Azure Active Directory is - and is not.

A special thanksgoes out to my friend and peer, JD, for sharing his knowledge and understanding of Azure AD. His presentation solidified my thoughts about this post and sparked one of the main themes.

Work your way through the information and links herein and when you're done, I promise you'll have a better understanding of Azure, Azure AD and your future in the cloud era of technology.

Cheers!

Michael Hildebrand