Azure AD Connect – Using AuthoritativeNull in a Sync Rule

1st of December, 2016 / / No Comments

There is a feature in Azure AD Connect that became available in the November 2015 build 1.0.9125.0 (listed here), which has not had much fanfare but can certainly come in handy in tricky situations. I happened to be working on a project that required the DNS domain linked to an old Office 365 tenant to be removed so that it could be used in a new tenant. Although the old tenant was no long used for Exchange Online services, it held onto the domain in question, and Azure AD Connect was being used to synchronise objects between the on-premise Active Directory and Azure Active Directory.… [Keep reading] “Azure AD Connect – Using AuthoritativeNull in a Sync Rule”

Automate Secondary ADFS Node Installation and Configuration

1st of November, 2016 / / No Comments

Originally posted on Nivlesh’s blog @ nivleshc.wordpress.com

Introduction

Additional nodes in an ADFS farm are required to provide redundancy incase your primary ADFS node goes offline. This ensures your ADFS service is still up and servicing all incoming requests. Additional nodes also help in load balancing the incoming traffic, which provides a better user experience in cases of high authentication traffic.

Overview

Once an ADFS farm has been created, adding additional nodes is quite simple and mostly relies on the same concepts for creating the ADFS farm.… [Keep reading] “Automate Secondary ADFS Node Installation and Configuration”

Ubuntu security hardening for the cloud.

Hardening Ubuntu Server Security For Use in the Cloud

26th of October, 2016 / / 1 Comment

The following describes a few simple means of improving Ubuntu Server security for use in the cloud. Many of the optimizations discussed below apply equally to other Linux based distribution although the commands and settings will vary somewhat.

Azure cloud specific recommendations

  1. Use private key and certificate based SSH authentication exclusively and never use passwords.
  2. Never employ common usernames such as root , admin or administrator.
  3. Change the default public SSH port away from 22.
[Keep reading] “Hardening Ubuntu Server Security For Use in the Cloud”

Are There Sufficient Standards in Cloud Computing Today?

26th of October, 2016 / / No Comments

The hybrid cloud may be a hot topic with adoption growing faster than ever but should we be concerned about a lack of established standards?

What is the Hybrid Cloud?

Private clouds, whether owned or leased, generally consist of closed IT infrastructures accessible only to a business which then makes available resources to it’s own internal customers. Private clouds are often home to core applications where control is essential to the business, they can also offer economies of scales where companies can afford larger, long term investments and have the ability to either run these environments themselves or pay for a managed service.… [Keep reading] “Are There Sufficient Standards in Cloud Computing Today?”

How to export user error data from Azure AD Connect with CSExport

24th of October, 2016 / / 1 Comment

A short post is a good post?! – the other day I had some problems with users synchronising with Azure AD via Azure AD Connect. Ultimately Azure AD Connect was not able to meet the requirements of the particular solution, as Microsoft Identity Manager (MIM) 2016 has the final 5% of the config required for, as I found out, a complicated user+resource and user forest design.
In saying that though, during my troubleshooting, I was looking at ways to export the error data from Azure AD Connect.… [Keep reading] “How to export user error data from Azure AD Connect with CSExport”

Azure networking VNET architecture best practice update (post #MSIgnite 2016)

11th of October, 2016 / / No Comments

During Microsoft Ignite 2016 I attended a few Azure networking architecture sessions. Towards the end of the week, though, they did overlap some content which was not ideal. A key message was there though. An interesting bit of reference architecture information.
Of note and relevant to this blog post:

  • Migrate and disaster recover Azure workloads using Operations Management Suite by Mahesh Unnifrishan, Microsoft Program Manager
  • Review ExpressRoute for Office 365 configuration (routing, proxy and network security) by Paul Andrew, Senior Product Marketing Manager
  • Run highly available solutions on Microsoft Azure by Igal Figlin, Principal PM- Availability, Scalability and Performance on Azure
  • Gain insight into real-world usage of the Microsoft cloud using Azure ExpressRoute by Bala Natarajan Microsoft Program Manager
  • Achieve high-performance data centre expansion with Azure Networking by Narayan Annamalai, Principal PM Manager, Microsoft

Background

For the last few years there has been one piece of design around Azure Virtual Networks (VNETs) that caused angst.… [Keep reading] “Azure networking VNET architecture best practice update (post #MSIgnite 2016)”

How to make a copy of a virtual machine running Windows in Azure

How to make a copy of a virtual machine running Windows in Azure

6th of October, 2016 / / No Comments

I was called upon recently to help a customer create copies of some of their Windows virtual machines. The idea was to quickly deploy copies of these hosts at any time as opposed to using a system image or point in time copy.
The following PowerShell will therefore allow you to make a copy or clone of a Windows virtual machine using a copy of it’s disks in Azure Resource Manager mode.

Create a new virtual machine from a copy of the disks of another

Having finalized the configuration of the source virtual machine the steps required are as follows.… [Keep reading] “How to make a copy of a virtual machine running Windows in Azure”

Automate ADFS Farm Installation and Configuration

27th of September, 2016 / / No Comments

Originally posted on Nivlesh’s blog @ nivleshc.wordpress.com

Introduction

In this multi-part blog, I will be showing how to automatically install and configure a new ADFS Farm. We will accomplish this using Azure Resource Manager templates, Desired State Configuration scripts and Custom Script Extensions.

Overview

We will use Azure Resource Manager to create a virtual machine that will become our first ADFS Server. We will then use a desired state configuration script to join the virtual machine to our Active Directory domain and to install the ADFS role.… [Keep reading] “Automate ADFS Farm Installation and Configuration”

Active Directory – What are Linked Attributes?

26th of September, 2016 / / No Comments

A customer request to add some additional attributes to their Azure AD tenant via Directory Extensions feature in the Azure AD Connect tool, lead me into further investigation. My last blog here set out the customer request, but what I didn’t detail in that blog was one of the attributes they also wanted to extend into Azure AD was directReports, an attribute they had used in the past for their custom built on-premise applications to display the list of staff the user was a manager for.… [Keep reading] “Active Directory – What are Linked Attributes?”

Azure API Management Step by Step – Use Cases

23rd of September, 2016 / / No Comments

jorge-fotoUse Cases

On this second post about Azure API management, let’s discuss about use cases. Why “Use Cases”?                  

Use cases helps to manage complexity, since it focuses on one specific usage aspect at the time. I am grouping and versioning use cases to facilitate your learning process and helping to keep track with future changes. You are welcome to use these diagrams to demonstrate Azure API management features.

API On-boarding is a key aspect of API governance and first thing to be discussed. [Keep reading] “Azure API Management Step by Step – Use Cases”