The joys of ADFS and TMG

So, we’ve finally initiated our upgrade from Live@Edu to Office 365 this week.

I’ve just finished applying the finishing touches to it now, but it has been quite the journey. Especially as I’m on my 2nd reinstall of my ADFS server, and 3rd of my Dirsync server.

I also found that the documentation and support from Microsoft was rather lacking. I think a lot of it comes down to the amount of components involved in getting a cloud federation set up, but none the less it hasn’t made things easy.

I think one support call sums it up really, Dirsync synced our entire AD to Office 365, but we only use it for students. Not a problem, I set the UPN suffix just for the students in AD, so that it would be nice and easy to run a powershell to single out those users and add the licenses. I know basic powershell and a few of the MSOL cmdlets, but not really any of the automation side, so sent in a support ticket to Microsoft. They then told me that I should just increase our number of licenses and then give everyone a license using the default cmdlets. Which I did, and it does work. However, we now have 5x the amount of licenses than we actually needed, which seems rather excessive.

Anyway, putting that rant aside, I’ve spend a lot of time today looking into getting our ADFS authentication working externally for Office 365. I noticed that on my test machine, it was throwing up a strange error. ADFS was sending the user back to Office 365, and then Office 365 would show an error relating to the UPN containing special characters.

After some investigation, I found it came down to TMG doing some translations during the authentication.

In the end I used the following settings in my rule to publish ADFS using TMG:

• Forward the original host header
• Requests appear to come from the original client
• HTTP settings set to disable ‘Verify normilization’ and ‘Block High bit characters’
• NTLM Authentication turned on
• Disable ‘Apply Link Translation to this rule’

And on the IIS end on the ADFS server:

• Enable the use of Forms and Windows authentication

Hopefully I can take a bit of a rest from setting up Office 365 now, but if any of you hit a similar problem then I hope this helps.

 

Microsoft Exam 70-410 Installing and Configuring Windows Server 2012

Well, I took my first step towards my Server 2012 MCSA/MCSE today and managed to pass 70-410 today.

70-410 mostly just covers the installation of the OS and roles and administration.

I revised by using my Server 2012 test lab (which is still running along perfectly by the way), and also by watching all of the CBT nugget clips for the exam. I think that unless you’ve been a heavy user of 2012 for quite a while, then you’d struggle without the CBT videos. They taught me an awful lot.

I can’t really talk about the exam itself, since Microsoft puts a NDA on all the tests, but I’ve got to say I was really surprised that IPv6 didn’t come up. Maybe I just got lucky, since if you don’t know about the Microsoft tests, they essentially have a giant pool of questions and you get served a selection of them from various categories. This means that every test is unique. I imagine somewhere else in the world right now, some poor soul got my share and has an entire exam full of IPv6 questions.

Hyper-V ended up being my strongest section, not surprising really since it’s probably one of the server features I use most on a day to day basis.

Next up, I’ve got to start preparing for 70-411 which is “Administering Windows Server 2012″

Windows 8 Deployments and proxy settings

I’ve been playing about with creating a Windows 8 task sequence in MDT and I’ve noticed something along the way. It seems that the metro UI (by default) doesn’t use IE’s proxy settings.

I just thought I’d pass on a quick fix if you find this affects you, you need to make the following command run during the task sequence

netsh winhttp set proxy ProxyIP:Port

Personally, I would do this by adding it as a program install without any source files, but there are plenty of other methods too.

Skydrive teething problems

All has been plain sailing in SkyDrive land for me recently. Until today that is, I decided to have a bit of a clean up, and Skydrive didn’t seem to like that. 

It started off by me trying to move some folders into a new folder using the web interface. I imagined that once I’d told it what to do, then I could move onto the next thing, but it seems to need you to wait for it to finish. So I had to go back and try again, only for it to now have a folder of the same name so it adds a (1) and I now have 2 folders.

“Enough of the web interface, I’ll just use the desktop app” I thought, then I realised that despite the icon saying ‘Skydrive – Up to Date’, none of these changes have moved across. In fact the new folder I initially made hasn’t even appeared.

I’m hoping if I come back to this later today it’ll have managed to sync itself back up, but it’s a bit worrying that it believes it has synced up when it hasn’t.

SQL Humour

I really want to do this when I become a parent!

Credit: XKCD

Technet Blogs

Just thought it was worth giving a quick plug for 2 really good Technet Blogs:

http://simon-may.com/

and

http://blogs.technet.com/b/andrew/

If you’ve been to any of the travelling TechDays events, then chances are you’ll have already met Simon and Andrew. If you haven’t, then make sure you check the upcoming dates, they are well worth your time.

Basically these 2 go around doing tutorial days based around a huge variety of things. Most recently there has been a lot on Windows 8, Server 2012, Private Clouds (System Center) and Hyper-V. I think the huge advantage of learning from them is that they spend a lot of time at these events talking to all us end users so they know the features that are worthwhile to us. They also experiment a lot, they don’t simply read off a Microsoft guide book explaining hypothetical perfect scenarios that we aren’t likely to come across, they are actually running demo environments and simulating for themselves and that is a lot more beneficial.

Anyway, in addition to their in person events, they both produce really interesting content in their blogs so go check them out!

Aiming to be paperless

So I’ve recently started using a lot more in the way of cloud services, and I’ve decided that actually my life would be a lot easier if everything was both stored in a way that I can access it anywhere, and if all my documents were indexed.

Now the large majority of people are still very skeptic about cloud services, and talking about how you are trusting them with your data, and what if they lose it or get hacked. And the reason I’m not concerned with that is that we are talking big companies here (In my case I’m using Skydrive for my general file storage, and Evernote for my notes).

I think that between me and Microsoft, Microsoft might have the upper hand on backups and on protecting themselves from hackers. I’d also point out that as always, the number one internet rule applies, don’t put anything on the internet that you don’t want to be seen by other people. I’m never going to be putting my bank statements on here. My Evernote is usually filled with my random thoughts/links, a few ideas I’m thinking about for at work, recipes and business cards. This stuff would be of very little use to anyone if they did happen to get a copy. Security is also what you make of it, if you wanted to be extra secure then you could easily have an encrypted container (e.g. using Truecrypt) on your skydrive/dropbox/other service.

Coming back to my initial point when I was making this post, I am hoping to be completely paperless (Certain things, like my driving licence, aside) by the end of the year. This is both at work and at home. I’ve already made pretty big steps towards both of these. I have had a complete sort out of all my expanding files, clearing out anything out of date, and uploading to Evernote anything that is still relevant. Now with me being a major Microsoft supporter, you might wonder why I haven’t chosen OneNote for my notebooks. And I think if we were talking purely about uploading on a desktop I would use OneNote everytime. OneNote also has a big advantage in collaboration which we use quite a bit within our office. The weak side is the mobile apps. I know with Evernote that all my devices can do what I need, whereas OneNote loses a lot of features between Desktop and Mobile versions, and also is still lacking versions for certain phone OS’s. Another thing I love with Evernote are the extra mobile apps. In addition to the main app, I also use Evernote Hello. This is a specialised app that will take a picture of your business card, and take the information out of it, and save both the picture and the information in a note. Doing this in the normal app would’ve been awkward, and even if they built the feature in (and the same with the other specialised apps), then it would end up cluttering it when I just want to make normal notes. The end result is that all my business cards I’ve collected, are now virtualised and fully indexed. No more flicking through them all trying to find the right one! Unfortunately, only the main app is available for Windows Phone, but on my iPad I am able to get the full suite, and I believe that’s the same on Android too.

I also made a decision to clear up a lot of my virtual clutter which was where SkyDrive comes in. I want to store all my documents up on SkyDrive for universal access, leaving just my applications and my media files on my local machines. It’s a bold move, but I’ve had quite a few occasions, both from myself and other members of our staff, when you need to get at a file only to remember it’s not on the penstick you’re carrying, or that the only copy is on your home PC. The major downside to this is the amount of space. SkyDrive gives you 7GB as standard. So you either have to be very selective with your uploads, or you have to pay extra. Going back to the point earlier about backups, the SkyDrive program can sync my stuff down to my main PC. So if (in the extremely unlikely event) SkyDrive was shut down or was temporarily out of action, I’d still have all my files.

I’ll stop now anyway since this has become a really long post, but I’ll keep you all up to date with how I’m getting on with this.

System Center 2012 SP1

System Center 2012 SP1 is finally out in the wild. So for anyone running a SC environment and looking at Server 2012 then you’ll be glad to know it is now fully supported. The key points being that Ops Manager can now monitor those servers, and DPM can now backup S2012 as well.

Another big thing is that it can now be installed onto S2012 hosts. I’ve not given this a go yet, but I’ve got a test environment ready to start loading it onto shortly, so I’ll let you know how that turns out.

BETT Highlights – Brother AirScouter

Well, I got back from BETT a day or two ago, so I figured I’d give you a little glimpse into what was on show.

There was a massive emphasis on Tablets and Ultrabooks this year. And as you’d expect plenty of interactive whiteboards from various manufacturers too. I’ve got to admit that overall I was underwhelmed. Lots of the products on displays were just rehashes of the same old devices we’re all used to. Some of the technology was also completely outdated, for example there was at least 4 or so versions of the Windows 7 RM Slate. A poor performing processor, paired with a poorly responding touch panel, with a digitizer pen being the only redeeming factor but my problem isn’t with the device itself, it’s more so why is valuable display space being taken up by a low-end Windows 7 tablet with a processor which is generations behind. It completely baffles me!

Something that stood out from the rest was the Brother AirScouter shown above. If you’ve seen/heard about Google Glass then you probably have a general idea of how this works, but for everyone else, it basically is a pair of glasses that overlays a small 800×600 display in the corner of your view. At the moment it is all fairly new technology, so it is has a wired control box that connects via USB, and it is a full mirror of your PC display as opposed to a custom UI. To be completely honest, I have no idea why this was at the show. It is not available for retail in anywhere but Japan, and it is aimed at the industrial sector, but none the less I was extremely eager to try it.

The example they demonstrated was using the device to follow a simple set of instructions in a slideshow. Some Lego blocks were placed on the table, and you’d go step by step through the video, controlling it with a Kensington presenter.

It worked perfectly, after a minute my eyes had fully adjusted to having this floating display. It’s still in its early days, but I certainly see this kind of device being part of our future. There are just so many ways in which this could be utilised. 

It’s nice to see that these companies are doing there best to innovate, and it was certainly a refreshing experience.

Quick Tip: Batch create test users

Here’s a handy command for when you need to mass create users in your test lab:

FOR /L %i in (1,1,100) DO NET USER TestAccount%i P455w0rD /ADD

Basically, this command will create 100 accounts, called TestAccount1 through to TestAccount100.
They will all be in the default "Domain Users" group. You can change 100 to any number and it'll adjust the amount of created users accordingly. You can also change the account name, and password (although make sure it still meets your complexity requirements).

You'll have to organise them afterwards, but it's a very quick way to get a test lab ready.