Azure AD Connect – “The specified domain does not exist or cannot be contacted” when adding an untrusted AD forest

16th of December, 2015 / / 6 Comments

I ran into a little issue while on site with a customer who required AAD Connect to be configured for use in a multi-forest environment with three forests. There was a forest trust between two of the forests, however the third forest did not have any trusts in place. Prior to implementing this solution, we ran up a test environment to do a run through and document the steps required for an implementation plan.

The test environment consisted of three Windows Server 2012 AD forests all at 2012 functional level – kloudy.net,… [Keep reading] “Azure AD Connect – “The specified domain does not exist or cannot be contacted” when adding an untrusted AD forest”

Getting Started with the Azure Security Center

9th of December, 2015 / / 5 Comments

Microsoft recently announced the availability of the Azure Security Center which is designed to provide a single place to view your security stance for resources deployed to Azure.

In this post I’m going to walk you through what’s initially available and see how it can start helping you today.

Who ever said “no” to something that’s free?

The core features (today) are free. Yes – free. This isn’t just preview pricing either. During preview even the Standard Tier is free until early 2016.… [Keep reading] “Getting Started with the Azure Security Center”

Creating a simple nodejs API on AWS (including nginx)

26th of November, 2015 / / 3 Comments

On a recent project I was part of a team developing an AngularJS website with a C# ASP.NET backend API hosted in Azure.  It was a great project as I got to work with a bunch of new tools, but it got me wondering on how simple it could be to use a Javascript API instead.  That way the entire development stack would be written in Javascript.

And so a personal project was born.  To create a simple JS API and get it running in the cloud.… [Keep reading] “Creating a simple nodejs API on AWS (including nginx)”

Resource Manager Cmdlets in Azure PowerShell 1.0

24th of November, 2015 / / 5 Comments

Azure recently launched the 1.0 version of PowerShell cmdlets. The changes are huge, including new Azure Resource Manager (ARM), which resulted in deprecating Azure-SwitchMode between ASM and ARM. In this post, we only have a brief look at how new PowerShell cmdlets for ARM have been introduced, especially for managing resource groups and templates.

Installation

In order to get the newest Azure PowerShell, using MS Web Platform Installer is the quickest and easiest way.

Note: At the moment of writing, the released date of Azure PowerShell is Nov.

[Keep reading] “Resource Manager Cmdlets in Azure PowerShell 1.0”

Leveraging Cloud Storage for the Enterprise: Microsoft StorSimple – Part 1

23rd of October, 2015 / / No Comments

Originally posted on Bobbie’s blog @ www.thecloudguy.info

It’s no secret that one of the biggest pain points for enterprises today is the rapid growth of unstructured data. The ability to manage, protect and archive an organisation’s most valuable assets is arguably one of the biggest strains on IT department budgets.

The advent of cloud technology has many organisations looking for a way to leverage Pay-as-You-Go cloud storage offerings to assist in the data life-cycle process. The difficulty with these offerings is that data is stored as objects rather than on file systems such as NFS and CIFS, meaning integration with existing business processes and solutions isn’t straight forward.… [Keep reading] “Leveraging Cloud Storage for the Enterprise: Microsoft StorSimple – Part 1”

Azure Security Fundamentals: Moving Co-Admins to RBAC

16th of October, 2015 / / 9 Comments

Anyone who has worked with Azure for long enough knows the raised eyebrow response you have gotten from security teams in the past when you describe how you can enforce separation of duties and least privilege when it comes to Azure subscription and service management. In a previously well-received blog post, one of my colleagues provided good guidance around subscription management as it applied to Azure at that time.

Essentially, the situation was:

  • Any Azure service management required full administrator or co-administrator access to a subscription which provided the user with full permission to do anything provisioned there-in.
[Keep reading] “Azure Security Fundamentals: Moving Co-Admins to RBAC”

[UPDATED] Azure AD Connect: SyncRuleEditor.exe and why is targetAddress missing

17th of September, 2015 / / No Comments

Originally  blogged @ lucian.blog. Follow Lucian on Twitter @LucianFrango. Send Lucian an email.

Today is back to AAD Connect. I want to talk about Office 365 migrations and how they can be tricky with various options and scenarios around hybrid or non hybrid. On a recent project we were migrating a client from IBM Lotus Notes to Exchange Online in Office 365. The plan and proposed solution was designed to not use Exchange Server Hybrid on-premises and use Dell Software Migrator for a direct migration from on-premises to the cloud.

The client has never had Exchange Server on-premises before and was running a well-managed ADDS deployment spanning three sites across three continents. To allow for the schema requirements for Exchange Online, Exchange Server 2013 was downloaded and the ADDS schema was extended with that from Exchange Server 2013. All simple, standard stuff right?..

Read More

Secure Azure Virtual Network Defense In Depth using Network Security Groups, User Defined Routes and Barracuda NG Firewall

25th of August, 2015 / / 3 Comments

Security Challenge on Azure

There are few common security related questions when we start planning migration to Azure:

  • How can we restrict the ingress and egress traffic on Azure ?
  • How can we route the traffic on Azure ?
  • Can we have Firewall kit, Intrusion Prevention System (IPS), Network Access Control, Application Control and Anti – Malware on Azure DMZ ?

This blog post intention is to answer above questions using following Azure features combined with Security Virtual Appliance available on Azure Marketplace:

  • Azure Virtual Network (VNET)
  • Azure Network Security Groups (NSGs)
  • Azure Network Security Rule
  • Azure Forced Tunelling
  • Azure Route Table
  • Azure IP Forwarding
  • Barracuda NG Firewall available on Azure Marketplace

One of the most common methods of attack is The Script Kiddie / Skiddie / Script Bunny / Script Kitty.… [Keep reading] “Secure Azure Virtual Network Defense In Depth using Network Security Groups, User Defined Routes and Barracuda NG Firewall”

Kloud Solutions named as Microsoft Australia Partner Awards finalist in four categories!

10th of August, 2015 / / No Comments

MELBOURNE, VICTORIA – 10 August, 2015 – Today, Kloud Solutions proudly announced it has been named a finalistin four categories in the 2015 Microsoft Australian Partner Awards (MAPA):

  • Cloud Productivity
  • Cloud Platform
  • Managed Service
  • Social Enterprise

Earlier this year, Kloud won Cloud Productivity Partner of the Year and was recognised as a finalist for Enterprise Mobility Suite Partner of the Year at Microsoft’s Worldwide Partner Conference in Orlando, Florida.

Kloud’s managing director Nicki Bowers is proud of the recognition, saying it is representative of the way customers entrust Kloud with their journey to the cloud.… [Keep reading] “Kloud Solutions named as Microsoft Australia Partner Awards finalist in four categories!”

Azure Active Directory Connect Export profile error: stopped-server-down.

5th of August, 2015 / / 14 Comments

Follow Lucian on Twitter @LucianFrango.

A couple of weeks ago I deployed Azure AD Connect in production. It was a relatively smooth process. The wizard did most of the work which was great. There was a few hiccups (blog post) along the way, which, in most cases is expected if the problems are not so serious.

Fast forward to my second install of the latest and greatest sync service for Azure AD and Office 365 cloud identities and we have problem no. 2. This time, though, I can say that the process ran through allot smoother. There was no real errors. Things were looking straight great and I was looking at my next task with some enthusiasm.

However, come 8.30ish this morning and going over the AADConnect server once more for peace of mind, I had noticed that the “Export” profile task that runs as the last task in the scheduled hourly run for AADConnect synchronisation (I’ve set it to 60min), unfortunately had a nice little error for me:

2015-08-05--AADC-Error--01

Read More