by

Troubleshooting, Cleaning up and Removing your Azure Active Directory Tenant

A good way to familiarise yourself with a function within Azure is to set one up and play around.  Same applies to Azure Active Directory.  Whenever a new Azure Subscription is set up there is an Azure Active Directory that goes with it.  Same with Office 365 (O365), although you don’t see this, under the hood there is an Azure Active Directory that holds the users etc…

When you sign up using your Live ID the Azure Directory will always add the Live ID to your Active Directory name followed by “.onmicrosoft.com”.

Example: myawesomeliveID@outlook.com, the outcome will most likely be myawesomeliveidoutlook.onmicrosoft.com because both names have to be unique.  You can do many things like adding custom names and also change the name to something else by setting up another “tenant” in your Subscription and associate it.

Once you’re done and want to clean up your environment you can follow the below process:

Note: Sometimes its matter of selecting the tenant you would like to remove and hitting delete.  Most often you might encounter problems like below (although you might have cleaned up the environment), therefore I have outlined few extra steps:

Azure_AD001

Azure_AD002

Note: As of this writing the Azure Active Directory management is done via the classic portal: https://manage.windowsazure.com

  1. First remove all users and groups
  2. Remove any applications you have set up
  3. If you have enabled premium trial you will need to wait for it to expire
  4. Disable Directory Synchronization if you have enabled it

If you have set up quite few users through say, PowerShell it could be tedious to go and delete every singe one.  Follow the below steps to delete all at once:

  • Download Azure Active Director for Windows PowerShell (64-bit version) Link: Azure Active Directory Module for Windows PowerShell (64-bit version)
  • Connect to Azure Active Directory PowerShell with a Global Administrator account.  If you don’t have one set one up as a Global Administrator
  • Run the following command:
    • Connect-MsolService  (You will be prompted to enter the credentials of a Global Administrator – don’t use your Live ID).
      • Example: AADSync@myawesometenant.onmicrosoft.com (username)
  • In order to remove all synchronised Groups for Azure Active Directory, issue this command:
    • Get-MsolGroup | Remove-MsolGroup -Force

Azure_AD003

  • In order to remove all synchronized Users from Azure Active Directory, issue this command:
    • Get-MsolUser –All | where {$_.UserPrincipalName –notlike “*#EXT#*”} | Remove-MsolUser -Force
    • It’s expected you get the error message like below as you can’t remove your own account you’re running this command from

Azure_AD004

Note: Don’t issue the command:

  • Get-MsolUser -All | Remove-MsolUser -Force as this will remove your Live ID and you will no longer see the tenant in your Subscription.

Help is at hand:

The following blog post explains the process to reinstate the user if deleted accidentally:

Azure AD disappeared from management portal

http://superuser.com/questions/1051075/azure-ad-disappeared-from-azure-management-portal

Command to run: Restore-MsolUser -UserPrincipalName “Live ID”

  • Finally go into the tenant and delete your own account apart from the Live ID and select “delete”.  This should remove it.

Azure_AD005

Azure_AD006

Additional references:

https://support.microsoft.com/en-us/kb/2967860

https://msdn.microsoft.com/en-us/library/azure/jj151815(v=azure.98).aspx

https://azure.microsoft.com/en-gb/documentation/services/active-directory/

by

Windows 10 – Display driver stopped responding and has recovered! – Resolved

I have been running my Windows 10 (Version 1511 OS Build: 10586.420) for a while and getting updates via the standard “slow ring”.   However I have been continuously without fail multiple times in a day been getting “Display Driver Stopped Responding and has recovered!”  “Display driver Intel HD Graphics Drivers for Windows 8(R) stopped responding and has successfully recovered.”

I am running a Lenovo W540 with Intel(R) HD Graphics 4600 card.

As you can see by the message, it’s referring to me still running Windows 8.  Ok, away I go and update my drivers from Intel and also by running a tool called Driver Talent from the following blog:  http://www.drivethelife.com/windows-drivers/how-to-fix-display-driver-stopped-responding-and-has-recovered-on-windows-10-8-7-xp-vista.html.

In both instances my drivers were fully up to date.  But if you check the Driver Date: 17/07/2015 (on my machine below) and the one available from Intel’s website it doesn’t match up.

Display_Driver_Stopped_Responding

Intel_Graphics4600

To resolve the issue follow the below quick steps:

Step 1: Go to Intel’s website and locate the Graphics drivers for your version.  For my laptop it was:  https://downloadcenter.intel.com/download/25489/Intel-Graphics-Driver-for-Windows-10-15-40-4th-Gen

Step 2: Download the .zip file and extract the content

Step 3: Open Device Manager and go to Display Adapters -> Intel(R) HD Graphics 4600 and select “Update Driver”

Update_driver011

Step 4: Select “Browse my computer for driver software”

Update_driver02

Step 5: Select “Let me pick from a list of device drivers from my computer”

Update_driver03

Step 6: Select “Have Disk”

Update_driver04

Step 7: Select “Browse” and point it to the .inf file in the “Graphics” folder from the downloaded drivers you extracted.

Update_driver05

Step 8: Select “Open” and “Ok” to update.

 

This resolved the issue for me and the driver displayed the new and correct version.

Intel_Graphics4600-updated

by

Recommended Reading….

Sharing some of the content (books, audio books) I have really benefitted from both professionally and personally.   Strong desire is the starting point for a successful life.

I leave you with some quotes:

“The cave you fear to enter holds the treasure you seek” ~Joseph Campbell

“Success = Progressive realization of a worthy goal” – Earl Nightingale

“Any ideas that is held in the mind, that is emphasized, that is either feared or revered, will begin at once to cloth itself in the most convenient and appropriate form available” – Andrew Carnegie

Sharing the links below from Amazon.com

Lead the Field: Earl Nightingale (Audio CD)

Lead the Field: Earl Nightingale (Hard Cover and Kindle)

The Power of your Subconscious Mind – Joseph Murphy

Subconscious Mind Power – James Thompson

The Richest Man Who Ever Lived: King Solomon’s Secrets to Success, Wealth, and Happiness – Steven K. Scott

The 7 Habits of Highly Successful People: Powerful Lessons in Personal Change – Stephen R. Covey

Change Your Thinking, Change Your Life: How to unlock your full potential for success and achievement – Brian Tracy

The Strangest Secret – Earl Nightingale (Audio CD)

Think and Grow Rich – The Landmark Bestseller – Napoleon Hill

The Famous Little Red Book That Makes Your Dreams Come True!- RHJ

Find Your Balance Point: Clarify Your Priorities, Simplify Your Life, and Achieve More – Brian Tracy and Christina Stein


More to come….

 

 

 

 

 

by

How do I remote desktop (RDP) onto a Azure Virtual Machine (VM) from my computer that is joined to another domain?

So you have set up your first VM and are ready to RDP onto it.  Somehow it doesn’t work! Hmm… the answer is simple yet sometimes confusing when you RDP from a machine that is joined to a corporate domain.

When the RDP console comes up (or start -> run -> type “mstsc” and then enter) select login from a different account (this is if you RDP onto VM’s in your corporate environment as it will contain your corporate username).

Next under “username” type in “\” backslash and then username i.e. “\username” (this is the username you setup when creating your Azure VM) followed by the password.

RDPonAzure01 RDPonAzure02

by

Having problems logging into your Microsoft Azure VM after creation?

Having setup a number of Virtual Machines (VM’s) on Azure you get the occasional one where you are adamant you entered the right password but when you remote desktop (RDP), it refuses you to login.  There are two simple ways you can try to gain access to your VM.

Option 1: Reset your VM password via the Azure Portal (https://portal.azure.com)

  • All VM’s must live inside a Resource Group (RG).  Select the RG where the problematic VM lives
  • Click on “All Settings” -> “Reset Password”
  • Try accessing your VM again

 

Option 2: Try redeploying your VM, which will migrate it to a new Azure host.

  • All VM’s must live inside a Resource Group (RG).  Select the RG where the problematic VM lives
  • Click on “All Settings” -> “Redeploy”
  • Select “Redeploy” at the bottom right corner
  • Try accessing your VM again

Redeploy-on-Azure

 

by

Microsoft Azure Network Security Group (NSG) Example

Here is a quick example of using Network Security Group (NSG) within Microsoft Azure to protect your workload.  In terms of design perspective you would setup a Virtual Network and then attach a large address space.  This would then be carved into smaller subnets for various workload like Internet facing traffic, middle-tier applications and back-end applications.  To control the traffic flow and enable security you can apply multiple NSG’s.  The effect would be as per diagram.

 

Note: Always check https://azure.microsoft.com for up to date information

Network_Security_Group_example

 

by

Example of DIP, PIP, ILPIP and VIP on Microsoft Azure

Here is a quick example of how the IP addressing works both on the Azure Service Manager (ASM) Classic Portal (https://manage.windowsazure.com) and the Azure Resource Manager (ARM) Portal (https://portal.azure.com)

DIP = Dynamic IP Address,  IP address given to each virtual machine.  This can be set to static “DHCP reservation” (don’t configure this address within the virtual machine itself as you will loose access)

PIP or ILPIP= Instance Level Public IP is directly attached to a VM.  Example of use: Passive FTP server that needs large amount of ports open.

VIP = Public facing Virtual IP assigned to a cloud service from a Pool of IP’s managed by Microsoft (assignment -geo-political region)

EP = End Point

Note: Always check https://azure.microsoft.com for up to date information

Example_VIP_DIP_PIP_Public_IP_Azure

by

Microsoft Enterprise Agreement (EA) Account Owners – CAUTION when login in using accounts with other Azure benefits!

If you are doing your Azure licensing through Microsoft Enterprise Agreement (EA), you will benefit from various discounts depending on the band you fall into.  Normally with EA customers you also tend to have multiple other discounts like MSDN, BizSpark, MPN etc…)

More info:  https://azure.microsoft.com/en-us/pricing/enterprise-agreement/

Below is a quick CAUTION for Enterprise Agreement Account Owners.

EA Account Owners cannot use the same login for EA and other Azure offers.  Doing so will convert the other Azure subscriptions e.g. MSDN benefits that they own into EA.

Example:

If a user is added to the EA Portal as an Account Owner and logs in with the Microsoft Account (Live ID) that is also associated with their individual MSDN Azure benefits, then this benefit will be converted into EA MSDN type, losing the $50, $100, $150 monthly credit.

A big WARNING will be displayed when login in for the first time.  Select “Continue” if you have read and agree or select “Cancel” if you don’t wish to associate (in most cases).

EA_Account_Owner_MSDN_Warning

 

Oops pressed by mistake?

How do you recover your individual MSDN Azure Benefits?

  1. Delete the Account Owner from the EA portal (after removing or moving any Azure subscription you might have associated with this Live ID) and sign up for the individual MSDN subscription anew.
  2. Delete the MSDN subscriber from the MSDN Administration site in the Volume Licensing Software Center (VLSC) and re-assign the subscription, making sure that you use a different login Live ID.

If unsure, you can also log a ticket from the Azure portal using https://portal.azure.com and select Help+Support.

Azure_Help_Support

Saying all this, you will be invited to a concierge on boarding meeting to review the EA portal and what to watch out for.  If this hasn’t happened then you can schedule one via:

http://aka.ms/AzureEntSupport

Problem type: “Onboarding”

Category: “Schedule a customer on boarding call”

“Start Request”

EA_onboarding

by

Connect a Virtual Network (VNET) to an ExpressRoute circuit using Azure Resource Manager (ARM)

If you are in a position where you need to connect an ExpressRoute circuit using Azure Resource Manager (ARM), there is some documentation out there to help you with setting this up (links below).  As the ARM portal went General Availability (GA) on 2nd December 2015 it makes sense to start building your environment using the current portal (https://portal.azure.com) compared to the classic portal (https://manage.windowsazure.com) if you are in a position to do this.

Note: Resources tied to the classic portal can’t currently communicate with resources tied to the current portal (as of this writing – this might change so please look at http://azure.microsoft.com for more information).

Links to good material / documentation:

Official Microsoft Azure Documentation on Express Route:
https://azure.microsoft.com/en-gb/documentation/articles/expressroute-howto-circuit-arm/

Really good blog that takes you through the entire process of setting up an ExpressRoute and connecting this using ARM.  The below PowerShell command lets are also courtesy of the below blog:
http://blogs.technet.com/b/privatecloud/archive/2015/10/23/creating-and-connecting-an-expressroute-circuit-with-azure-resource-manager.aspx

ExpressRoute FAQ:
https://azure.microsoft.com/en-gb/documentation/articles/expressroute-faqs/

Below is an example of setting up an ExpressRoute circuit using ARM.

Assumption:

ExpressRoute circuit has been provisioned by ISP / NSP, therefore they would have also configured the Private or Public Peering.

The steps that will be covered:

  1. Install Azure PowerShell (WMF 5.0)
  2. Install AzureRM (Resource Manager) PowerShell modules
  3. Create a new VNET (Virtual Network) to link to your ExpressRoute circuit
  4. Create an ExpressRoute Gateway
  5. Connect the ExpressRoute Gateway to your ExpressRoute circuit

/*******************************************************/
STEP 1

Depending on what version of Windows you are running (assuming you have Windows 7, 8 or 10) I would recommend to download Windows Management Framework (WMF) 5.0 from the link below or type in Azure SDK using Bing / Google  (link below) and download Windows PowerShell under command-line tools.

http://www.powershellgallery.com/

Powershellgallery

https://azure.microsoft.com/en-us/downloads/

Azure-SDK-Powershell

Note: You will most likely need to reboot your machine

/*******************************************************/
STEP 2

Once WMF is installed, open up Microsoft Azure PowerShell or Windows PowerShell ISE (Integrated Scripting Environment) – Preferred.

Next we will install the Azure Resource Manager (ARM) modules (there are few ways but below should suffice).

Note: If below command let doesn’t work then follow Step 1 again to reinstall and reboot machine.

Link: http://www.powershellgallery.com/packages/AzureRM/

#Save AzureRM modules locally
Save-Module -Name AzureRM -Path C:\AzureRMmodules\

#Install the AzureRM modules
Install-Module -Name AzureRM

#Import all of the AzureRM* modules within the known semantic version #range
Import-AzureRM

#Add AzureRmAccount Module
Add-AzureRmAccount

#Login to your Azure Subscription
Login-AzureRmAccount

#Select the subscription (if you have multiple) of where you would like to #connect up the ExpressRoute circuit
Get-AzureRmSubscription (list all the subscriptions)

Select-AzureRmSubscription -SubscriptionId “”

#To get details of your provisioned ExpressRoute circuit with the service #key:
Get-AzureRmExpressRouteCircuit

/*******************************************************/
STEP 3

In this example, I am assuming we are setting up the ExpressRoute onto a fully managed MPLS network, therefore the Public or Private peering will be taken care off by the Internet Service Provider (ISP) or Network Service Provider (NSP).

When we setup the Virtual Network (VNET) on Azure we need to specify the address space  we will be using:

i.e. A VNET will have an address space(s) – range from which we can set up one or more subnets.

Example:

Address Space: 10.174.4.0/22

Subnet1: 10.174.4.0/25  (workload here will be able to communicate with rest of the MPLS network)

#Create a Virtual Network (VNET) with subnet1 and gateway subnet

#Give a name of the Subnet
$subnet1Name = “Subnet_Name1”

#The address range for the subnet
$subnet1AddressPrefix = “10.174.236.4.0/25”

#Give a name of the Gateway Subnet
$subnet2Name = “ExpressRoute_Gateway_Subnet_Name”

#The address range for the Gateway Subnet (must be /28 as a minimum)
$subnet2AddressPrefix = “10.174.7.0/28”

#Give a name of the Virtual Network
$vNetName = “Virtual_Network_Name”

#Specify Virtual Network Address Space
$vNetAddressPrefix = “10.174.236.4.0/22

#The name of the Resource Group where the ExpressRoute has been setup #(this would have been done during circuit provisioning)
$rg = “Your_ExpressRoute_ResourceGroup_Name”

#The Resource Group Location
$rglocation = “North Europe” 

#S1 and S2 variables will store the Subnet Configuration
$s1 = New-AzureRmVirtualNetworkSubnetConfig -Name $subnet1Name -AddressPrefix $subnet1AddressPrefix
$s2 = New-AzureRmVirtualNetworkSubnetConfig -Name $subnet2Name -AddressPrefix $subnet2AddressPrefix

#Create the Virtual Network using the above stored variables
vnet = New-AzureRmVirtualNetwork -Name $vNetName -ResourceGroupName $rg -Location $rglocation -AddressPrefix $vNetAddressPrefix -Subnet $s1, $s2 

/*******************************************************/
STEP 4

# Create an ExpressRoute Gateway (Note: The process to set up the #Gateway can take 10 minutes or longer)

#Name of the Gateway Public IP (This will generate a Public IP for the VNet #Gateway and it’s only there if you wish to set up a separate VPN (like S2S) 
$GWPublicIPName = “GwPIP”

#Give a name for the IP Configuration
$IPConfigName = “Ipconfig”

#Give a name for the ExpressRoute Gateway
$GWName = “ExpressRoute_Gateway_Name”

#PIP variable to store the AzureRm Public IP address (Allocation Method #choose “Dynamic”)
$pip = New-AzureRmPublicIpAddress -Name $GWPublicIPName -ResourceGroupName $rg -Location $rglocation -AllocationMethod Dynamic 

#Subnet variable
$subnet = $vnet.Subnets[1].Id

#IPConfig variable to store the Virtual Network Gateway IP configuration
$ipconfig = New-AzureRmVirtualNetworkGatewayIpConfig -Name $IPConfigName -PublicIpAddressId $pip.Id -SubnetId $subnet 

#Create the ExpressRoute Gateway (Gateway Type must be “ExpressRoute”)
New-AzureRmVirtualNetworkGateway -Name $GWName -ResourceGroupName $rg -Location $rglocation -GatewayType ExpressRoute -IpConfigurations $ipconfig 

/*******************************************************/
STEP 5

#Link the ExpressRoute Gateway to the ExpressRoute Circuit

#The name of the ExpressRoute circuit – if unsure run the following #”Get-AzureRmExpressRouteCircuit” to identify the name given
$CircuitName = “ExpressRoute_Circuit_Name”

#Get Azure ExpressRoute circuit and store into the ckt variable
$ckt = Get-AzureRmExpressRouteCircuit -Name $CircuitName -ResourceGroupName $rg

#Give a name for the ExpressRoute Virtual Network Gateway Connection
$ERConnectionName = “ExpressRoute_Gateway_Connection_Name”

#Get Azure Virtual Network Gateway and store into the gw variable
$gw = Get-AzureRmVirtualNetworkGateway -Name $GWName -ResourceGroupName $rg

#Setup a new Azure Virtual Network Gateway Connection of type #ExpressRoute
$conn = New-AzureRmVirtualNetworkGatewayConnection -Name $ERConnectionName -ResourceGroupName $rg -Location $rglocation -VirtualNetworkGateway1 $gw -PeerId $ckt.Id -ConnectionType ExpressRoute

Note: The provisioning might take sometime.  Once done you can test by accessing VM’s on either side.  Make sure you allow the relevant ports from the Azure VM Firewall

 

by

Windows Server 2003 / 2008 / 2012 Group Policy (ADMX, ADML, ADM) – Mixed mode

If you’re running a mixed environment where you have Windows Server 2003, 2008 and 2012, can you manage Group Policy in this side-by-side environment?

Yes, but it’s important to note that in Windows Server 2008, Microsoft introduced a central store (to avoid GPO bloating) with ADMX and ADML templates to manage your  Group Policy (GP).

Windows Server 2003 (ADM Templates)

Windows Server 2008 and higher (ADMX and ADML Templates)

————————————————————————————————————————–

Question:

Can you run two GP environments side-by-side (ADMX/ADML and ADM) without causing problems, and is this supported (central store and ADM)?

Answer:

Yes, but ADMX template always win if in conflict with ADM.

————————————————————————————————————————–

Question:

If we start using a central store and manage our custom ADM through higher OS level would this jeopardise any configuration on the existing ADM’s?

Answer:

No, this will be fine.

————————————————————————————————————————–

Recommend Approach:

The best recommend approach is to move ADMX and migrate the ADM to ADMX using full armours ADMX migration tool.

XML-based format with Full Armor’s release of the ADMX Migrator tool, which Microsoft has licensed and made available through the Download Center.  This tool provides a mechanism to convert your existing ADM files into ADMX format via a simple but effective user interface.  This tool can also be used to create ADMX files afresh, which means you now have a way to create ADMX files without needing to understand the underlying ADMX format.

Links:

ADMX Migrator: https://www.microsoft.com/en-us/download/details.aspx?id=15058

Group Policy Team Blog:  http://blogs.technet.com/b/grouppolicy/