TechEd 2013 North America is 6/2 through 6/6 in New Orleans!

http://northamerica.msteched.com/?mtag=TENAC9TEPage

I'll be there and I hope to see you there too! Alfred Ojukwu, Henry Schulman, and myself will be there from MCS presenting two sessions on App-V 5.0:

Sequencing Applications Using the New Microsoft Application Virtualization 5.0 Sequencer
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/WCA-B205#fbid=UNR8sVE6CJM
June 5, 2013 from 3:15PM to 4:30PM

Integrating the New Microsoft Application Virtualization 5.0 with other Virtualization Solutions
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/WCA-B324#fbid=UNR8sVE6CJM
June 6, 2013 from 8:30AM to 9:45AM

In addition, I'll be manning the MDOP and Desktop Virtualization booths periodically through the week so feel free to stop by!

 Hello Community, Luiz Henrique Lima Campos here today to update you on the latest news in the international community TechNet Wiki.
 
Let's talk first of the winners of the last day TechNet Wiki, April 20.

International Community

Patris_70 with Article: ایجاد Sites (fa-IR) - as he took the Award: Book. Windows® 8 Administration Pocket Consultant

Congratulations Patris and always keep helping us with TechNet Wiki, your articlesare veryimportant to theTechNetWiki.

 
  
Congratulations and thanks for your commitment and dedication to contribute to the community of Microsoft TechNet Wiki.

Brazil Community

MarceloSep with Article: Windows Server 2012 - Configurando GPO para bloquear acesso a dispositivos USB - as he took the Award: Book. Windows® Server 2012 Administration Pocket Consultant 

Congratulations Marcelo and always keep helping us with TechNet Wiki!

 
  
Congratulations and thanks for your commitment and dedication to contribute to the community of Microsoft TechNet Wiki.

Now for the prize of the Day May 30, 2013

The next prize will be on May 30, 2013, Awards are again one will be for the international community, and one Award for Brazil, as we previously reported we will send Books for any place in the world  we expect the participation of all.

Brazil: Book Certificação CompTIA Security+ | Yuri Diógenes e Daniel Mauser  2ª edição Brazil  and to the international Community : Book Windows® Server 2012 Administration Pocket Consultant

  
 
Want to know about the day TechNet Wiki? Go to:  http://social.technet.microsoft.com/wiki/pt-br/contents/articles/14147.technet-wiki-day.aspx

A big hug to everyone.

And not to forget to follow:

Facebook TechNet Wiki Day
@ tnwikiday
@ WikiNinjas
@ WikiNinjas_BR

TechNet Wiki Day
Luiz Henrique Lima Campos
Microsoft MVP, MCT,MCP,MCC,MCDST,MCSA,MCSA+M,MCTS e MCITP
Moderador no Microsoft Answers e TechNet Forums e Membro do TechNet Wiki Community Council
Visite o meu blog: http://luizhenriquelima.wordpress.com/
Me siga no twitter: @luizlima

by Julie Golding, US MPN Lead

If you are new to the Microsoft Partner Network, or are exploring your opportunities to deepen your engagement with Microsoft, you will want to understand what the Microsoft competencies are, and why they matter to both you and your customers. Competencies indicate expertise in a specific technology area that aligns to Microsoft products and technologies, so customers can identify IT experts to help solve their business challenges.

In this post, I’ll talk about the value of earning a gold competency, and provide you with information to help you get started. If you are going to the Worldwide Partner Conference in Houston this July, I am talking about competencies and other MPN opportunities in a session called “A guided tour of US Partner Programs and the resources that keep you informed,” (session numbers US12 and US12R). You can add this session to your schedule through WPC Connect starting May 28.

A company with a Microsoft gold competency has demonstrated its capability and commitment to meet the evolving technology needs of customers through solutions based on Microsoft products and technologies. Worldwide, only 1 percent of the companies in the Microsoft partner ecosystem have attained the distinction of holding a gold competency, and earned the right to showcase that distinction and market their competency by displaying a Microsoft Partner Network logo that specifies a company’s gold competency achievement.

Microsoft gold competency benefits

A recent IDC study determined that the Microsoft Partner Network benefits for companies with competencies have a tangible, business value of about $320,000. Highlighted below are four gold competency benefits that usually spark the most discussion and interest when I talk to partners about gold competencies:

• Access to up to 100 licenses for more than 40 Microsoft products, as well as licenses for competency-specific products, for internal use. Partners tell me that this benefit is one of the most valuable they receive, as it lets them show customers how they are using Microsoft-based solutions in their own organization.
• Dedicated account coverage, in person or phone-based, to act as your direct contact at Microsoft. He or she can play an important role in helping you utilize your membership benefits, save time, generate revenue, and identify opportunities.
• Windows 8 opens up many new opportunities for partners to incorporate application development into the solutions they deliver. Equip your developers with up to 10 Visual Studio Premium with MSDN subscriptions.
• Solution incentives that reward you for driving sales of specific Microsoft solutions, and create opportunities for you build sustainable revenue streams.

Microsoft gold competency requirements

In general, the main requirements for attaining a gold competency are listed below. Each competency has its own requirements, though, so you will want to review and understand the requirements for the specific competency you are pursuing. And, even if you decide that a gold competency isn’t right for you right now, I recommend aligning your technical and sales personnel to the certifications and assessments/accreditations for the competency that best maps to your Microsoft practice and business.

• Certifications– demonstrate technical expertise by employing or contracting with the specified number of unique Microsoft Certified Professionals who have passed relevant certification exams
• Assessments and accreditations– demonstrate sales, marketing, and/or licensing knowledge by having the specified number of people pass assessments
• Customer evidence and feedback– demonstrate success at building and deploying solutions relevant to the competency by submitting customer references, and use the Customer Satisfaction Index survey to measure customer satisfaction and loyalty
• Agree to meet a minimum Microsoft revenue amount
• Pay the gold competency fee

Join the MPN 101 group on Yammer to connect with Julie and with other subject-matter experts from the Microsoft US Partner Team.

In this video, Microsoft partners talk about the value their Microsoft competency brings to their business. 

In this post, I plan to provide some top-level query debugging tips for SharePoint 2013 Search. I plan some follow up posts but I'm going to start small and build.

My search career has its roots in the old FAST Search and Transfer company so my technical roots are in FAST ESP. ESP, and even FAST Search for SharePoint 2010, provided a very simple way of debugging queries: the ESP query logs. Unfortunately, in SharePoint 2013, there is no isolated query log and SharePoint writes all query logging to the SharePoint ULS logs. In fairness, ULS stands for "Unified Logging Service" so it stands to reason that the query logs would live there.

The first thing you need is a tool for analyzing the ULS logs. I used ULSViewer available on MSDN but any tool, including scripts, that can read and filter on the log entries will do.

For this first post, I am going to focus on a specific issue I encountered.

I had posted some PDF's to a file share and setup a new content source to crawl that file share. After the full crawl completed, I ran a search. Couldn't find them. Hmmmm… maybe the system is still indexing, I'll give it a few minutes.

A few minutes later, I search again. Nothing.

I double check the crawl logs. A bunch of warnings but no failures.

I decide to look into the ULS logs to see if there's anything that might indicate an issue with either the query, the crawl or something else. It took a few minutes and a review of some messages with the product team and I finally figured it out.

First, based on some hints, I filtered on messages with "Query Processing" in the Category field. For a single query, it showed this:

The highlighted log entry shows my original query: "msdn" but all that was being returned was the federated query to Bing :-(.

I was baffled and was wishing I could have my old ESP 15100 QRServer interface back. Then, I looked through a small set of ULS log entries I had and found this:

Why is "Title=Paul" in there and where did it come from? … QUERY RULES!!!! I had created a query rule to demonstrate boosting based on certain tokens in the title of the document.

I deactivated my query rule and WAH-ZAM! my query started working and there were all of my file share documents. You'll also notice that there is an additional filter in there which excludes people profile content. That comes from the Result Source. The default result source excludes people profile content by default.

What else is out there? I'm looking and I'll let you know when I find out.

Summary: Microsoft Scripting Guy, Ed Wilson, talks about using Windows PowerShell to find computer security identifiers (SIDs) in Active Directory Domain Services.

Microsoft Scripting Guy, Ed Wilson, is here. TechEd 2013 is soon upon us—both in New Orleans and in Madrid. The Scripting Wife has been extremely busy working on her schedule and the schedule for the Scripting Guys booth. I, on the other hand, have been really busy working on the instructor-led labs for Windows PowerShell for New Orleans and Madrid. (Actually, the labs will be basically the same in New Orleans and Madrid…the “basically” portion depends on how much I have to change after New Orleans.)

Anyway, this post is not related to my instructor-led labs, but it is something I wanted to talk about for a while—that is, I am continually amazed at all the cool things I can do with the Active Directory cmdlets from the Active Directory module. One thing to keep in mind is that the module is updated in Windows Server 2012 and in the Remote Server Administration Tools for Windows 8.

Today I want to play around with SIDs…

Use the Get-ADComputer cmdlet

From time-to-time, I need to know the security identifier (SID) for a computer. Not often, mind you, but occasionally the need arises. A quick look on the Internet, turns up a lot of scripts that attempt to read from the registry. The problem is that on modern operating systems the registry key is protected.

A computer’s SID is stored in the HKLM\SECURITY\SAM\Domains\Account registry, but that registry key is protected, and not even the Administrator has rights to the key. This means that the administrator must take ownership of the key, and then add rights to the key. This is not a good idea.

The easy way to find the SID for a computer on the domain is to retrieve the value from Active Directory Domain Services (AD DS). To do this, I use the Get-ADComputer cmdlet and filter based on the computer name. In this example, I return the SID for my local computer. By using the Select-Object (select is an alias) at the end of the line, I return an object that has two properties: name and SID. I can then use those properties in other computations if I need to do so. This command and its output are shown here:

PS C:\> Get-ADComputer -Filter "name -eq 'edlt'" -Properties sid | select name, sid

name sid

---- ---

EDLT S-1-5-21-1457956834-3844189528-3541350385-1147

The cool thing is that because I am querying from Active Directory, I can easily return the SID from a “remote” computer. In the example shown here, I retrieve the SID from a computer named DC1 in the domain. I use the Format-List cmdlet (fl is the alias) at the end of the command so the output displays better on the blog.

PS C:\> Get-ADComputer -Filter "name -eq 'dc1'" -Properties sid | select name, sid | fl *

name : DC1

sid  : S-1-5-21-1457956834-3844189528-3541350385-1000

PS C:\> C:\fso\PsGetsid.exe

I used to use the PSGetSid.exe utility from the SysInternals tools. This tool also works remotely. However, there are two issues with the tool. The first is that it is a bit slower than querying AD DS. The second is that it returns a string that must be parsed if I want to use the information in other cmdlets. The output from the Get-ADComputer cmdlet and from PSGetSid.exe are shown in the following image.  The results are the same.

Well, that is it for now. I have to get back to work on my labs. Hope to see you in New Orleans or Madrid. If you are there, make sure to come by and say “hi” to the Scripting Wife and me.

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy 

In this episode, I discuss what to expect from TechEd North America (June 3) and TechEd Europe (June 25), as well as some of the big themes in my Day 1 keynote at both events. 

This is a huge event for the tech industry, and I look forward to seeing a lot of friends and partners in both cities!  If you haven't registered for TechEd yet, visit the official site here.

The downloadable files listed on this page contain the cross-component documentation for the Technical Scenarios for System Center 2012 Service Pack 1 (SP1). The available downloads include:

• System Requirements for System Center 2012 SP1 - last updated January 15, 2013
• Upgrade Sequencing for System Center 2012 SP1 - last updated January 15, 2013
• System Center 2012 SP1 Integration Map - last updated February 21, 2013. This diagram shows the integration points between the various System Center 2012 SP1 components.

DOWNLOAD HERE

Yung Chou , Keith Mayer and Greg Shields from Concentrated Technology are back for part 2 of their deploying  and managing a service in the cloud series and in today's episode they demo for us how to plan for  and deploy RDS using System Center 2012 SP1 Virtual Machine Manager Service Templates. Tune in for this great follow-up episode and preview of an upcoming TechEd 2013 session. For more information of his TechEd  North America sessions is available at http://channel9.msdn.com/Events/Speakers/Greg-Shields.

So, you’ve got your Windows Azure subscription all set up (and if you don’t you can set up a FREE TRIAL HERE), and now you want to use PowerShell to work with your Windows Azure-based resources.  In case you weren’t aware, Microsoft provides a Windows Azure PowerShell module for scripted management of Windows Azure services. 

“Yes!  That’s what I want, Kevin!”

Okay then… here’s how you do it:

If you’re running Windows 7 w/SP1, Windows Server 2008 R2 w/SP1, or Windows Server 2008 w/SP2, you’ll need the most recent version of the Windows Management Framework installed.  This includes updates to Windows Remote Management (WinRM), Windows Management Instrumentation (WMI), and, importantly, Windows PowerShell 3.0.
If you’re running Windows 8 or Windows Server 2012, then you’re all set with the newest version of PowerShell.

Download and install the Windows Azure PowerShell cmdlets. Note that a restart may be required after installing this module.

Right-click on Windows PowerShell in your Start Menu or Start Screen and choose Run As Administrator.

Set the PowerShell Execution Policy for scripts by running the following command at the PowerShell command prompt:

PS C:\> Set-ExecutionPolicy RemoteSigned

Import the Windows Azure PowerShell module and supporting cmdlets by running the following command at the PowerShell command prompt:

PS C:\> Import-Module Azure

Download and save your Windows Azure Publish Settings file by running the following command at the PowerShell command prompt:

PS C:\> Get-AzurePublishSettingsFile

Import the saved Windows Azure Publish Settings file by running the following command (no "<"s, and with your full path to your .publishsettings file) at the PowerShell command prompt:

PS C:\> Import-AzurePublishSettingsFile "<full_path_to_your_saved_file>.publishsettings" 

And there you have it!  The importing of that .publishsettings file has installed the proper certificate locally so that your PowerShell session will be authenticated, and have a secured interaction with your Windows Azure subscription.

To test it, run the following command from the PowerShell command prompt:

PS C:\> Get-AzureSubscription

This should return some details about your subscription. 

Summary: Use Windows PowerShell to easily find disabled user accounts in Active Directory.

 How can I use Windows PowerShell to find disabled user accounts in Active Directory?

 Use the Search-ADAccount cmdlet from the Active Directory module:

Search-ADAccount -AccountDisabled

Welcome back for another analysis of contributions to TechNet Wiki over the last week (Fri-Sat) 

Firstly, the usual weekly leader board snapshot...

Congratulations to Peter AGAIN this week. Mehmet remains top for the month.

As usual, here are the results of another weekly crawl over the updated articles feed.

Most Revisions Award   Who has made the most individual revisions

Payman Biukaghazadeh is this week's winner, with 195 revisions over 56 articles! Wow great work Payman!

Ed Price - MSFT has made it to second, with an equally impressive 140 revisions over 80 articles! Back in the charts Ed!

Carsten Siemens has taken third this week, with 116 revisions over 101 articles! Great work again Carsten!!

Most Articles Updated Award   Who has updated the most articles

Different order for the article tallies:

#1 - Carsten Siemens with 101 articles

#2 - Ed Price - MSFT with 80 articles

#3 - Payman Biukaghazadeh with 56 articles!

Most Updated Article Award   Largest amount of updated content in a single article

The article most updated this week is How to Script the Export of Active Directory Objects Attributes, a new contribution by i.biswajith. a nice tidy article, well presented and just the kind of article we love to nom, nom, nom, at TechNet wiki. 

Longest Article Award   Biggest article updated this week

This week's largest document to get fiddled with was last week's second largest, the beloved E-Book Gallery for Microsoft Technologies, originally started by Monica Rush, but since updated by just about everyone who is anyone, making this a prize specimen, in both length and girth!. This week NINE people have updated it!! :D

Most Revised Article Award   Article with the most revisions in a week

I am very pleased to find that the article to receive the most revisions this week is mine - TechNet Guru Contributions - May. With 57 revisions this week!!

This is a new initiative we'd like you all to join in with, or tell your techie buddies, especially if they think they're a coding guru, this is a chance for them to prove it and get some recognition for their community offerings.

Smallest Significant Edit Award   Size isn't everything! Every edit counts.

Ignoring the addition of tags, this week's smallest but valuable tweak was again by last week's winner, Carsten Siemens.

It was again a spelling mistake recevivedreceived. Small but HUGE in the bigger scheme of things... Thanks again Carsten!

We thank you all for feeding our wiki for another week.

Nom, nom, nom! 

Best regards,
Pete Laker

안녕하세요

이동철입니다.

5월 포스팅이 좀 늦었죠 ^-^,, 점점 게을러 지는 제 모습을 보고, IT 업계의 은퇴가 얼마 남지 않았음을 느낍니다. 그래도 여러 가지 정황상 IT 일을 좀 더 해야 하는데,,, 어쩔 수 없죠,, 걍 열심히 하는 수 밖에,,,, 여러분들도 늘 파이팅 하시기를….

이번 주제는 제목과 같이 Windows Server 2012의 ADCS를 이용한 사설 Two-Tier Hierarchy PKI 설치 및 구성에 관한 내용입니다.

Two-Tier Hierarchy PKI 라고 하니,, 뭔가 대단한 것이 있을 것으로 생각하신다면,, 오해이시구요…

Two-Tier Hierarchy PKI는 Standalone Offline Root CA를 구성하고, 하위에 Enterprise Subordinate CA를 구성하는 구조입니다.

Standalone Offline Root CA는 실제 컴퓨터 인증서 및 사용자 인증서와 같은 단말 컴퓨터나 단말 사용자를 위한 인증서를 직접 발급하는 것이 아니라, 오로지 하위의 별도의 CA에만 CA 자신의 인증서만을 발급하는 인증 기관입니다.

그렇다면, 실제 컴퓨터 인증서 및 사용자 인증서와 같은 단말 컴퓨터나 단말 사용자를 위한 인증서를 직접 발급하는 역할은 바로 Enterprise Subordinate CA가 수행합니다.

그럼 이러한 복잡한 계층 구조의 PKI를 구성하는 이유는 무엇일까요? 바로 보안적인 이유 때문입니다. 즉, 실제 인증서를 단일 계층 구조의 Root CA가 직접 발급하게 되면, 해당 Root CA 서버는 항상 online 상태이어야 합니다. 이와 같이 Root CA가 항상 online 상태라면, 보안적으로 위험에 노출되는 확률이 그 만큼 높다고 봐야 합니다. 이러한 구조의 단점을 해결하기 위한 Two-Tier 또는 Mulit-Tier Hierarchy 구조로 PKI를 구성하기를 권장합니다.

실제 최상위 Root CA는 워크 그룹 서버에 설치 및 구성한 후, 네트워크에서 분리시킵니다. 분리 시킨 후, 하위에 Enterprise Subordinate CA를 설치 및 구성할 경우에, 별도의 이동 저장 장치를 통해, Enterprise Subordinate CA 자신의 인증서를 요청 및 submit 합니다. 이러한 구조를 이용하게 되면, 최상위 Root CA는 네트워크에서 분리되어 있으므로, 보안적으로 좀 더 안정적인 구조를 유지할 수 있습니다. 최상위 Root CA가 네트워크에 연결되어 있는 경우에, 해커로부터 최상위 Root CA의 Private Key를 도난 당한다면, 전체 PKI 구조를 해커가 장악할 수 있는 경우도 가정할 수 있습니다.

Two-Tier Hierarchy PKI 구조에서 아래와 같이 구성할 것을 권장합니다.

• Standalone Offline Root CA: Workgroup으로 서버 설치
• Enterprise Subordinate CA: Active Directory Domain 멤버 서버 설치

본 가이드의 데모 환경은 아래와 같습니다.

• Standalone Offline Root CA: Contoso Root CA (CA01, 192.168.0.11)
• Enterprise Subordinate CA: Contoso Issuing CA (CA02.CONTOSO.com, 192.168.0.12)

본 가이드에는 Two-Tier Hierarchy PKI를 구성한 후, 그룹 정책을 이용한 인증서 자동 발급을 위한 간단한 구성 방안도 Exercise 7에 소개했습니다. 기타 인증서에 관한 좀 더 세밀한 내용은 아래 링크를 참조하세요.

• [Dongclee 의 12월 첫번째 포스팅] 도대체 Windows OS 환경에서의 PKI는 어떻게 배포 및 관리하면 될까요? ( http://blogs.technet.com/b/dongclee/archive/2010/11/30/dongclee-12-windows-os-pki.aspx )

곧 6월입니다. 6월 포스팅은 게으름 피우지 않고 최대한 빨리 하도록 노력하겠습니다.

늘 건강하세요.

Summary: Microsoft Scripting Guy, Ed Wilson, talks about using Windows PowerShell to build multiple virtual machines with Hyper-V.

Microsoft Scripting Guy, Ed Wilson, is here. One of the really cool things that I love about Windows 8 is having real-live, honest-to-goodness, Hyper-V built in to the operating system. And of course, that means also having the Windows PowerShell cmdlets to manage it. With the power of modern laptops (the Scripting Wife has 32 GB of RAM, a solid-state drive, and a SATA 3 drive on her new laptop), running multiple virtual machines is a real option—and a real treat.

The other day, I needed to create three virtual machines to test my instructor-led lab scenario that I am creating for TechEd in New Orleans and Madrid. Because I am in the process of redoing my network, I do not have access to any advanced deployment tools. It’s just me, my laptop, and Windows PowerShell. Because my objective is to build three virtual machines (not to write the perfect script), I decided to knock out a quick script. The result is shown here:

$name = "Client1","Server1","Server2"

$name |

Foreach {

    new-vm $_ -MemoryStartupBytes 512MB -SwitchName InternalSwitch `

    -BootDevice cd -NewVHDPath "F:\VM\$_\Virtual Hard Disks\$_.vhdx" `

    -NewVHDSizeBytes 127GB }

Foreach($n in $name)

{

 if($n -match 'client')

    {

     Set-VMMemory -VMName $n -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 4096MB -StartupBytes 2048MB -Buffer 20

     Set-VMDvdDrive -VMName $n -Path $((Get-Item F:\winsource\*client*).fullname)

    }

 if($n -match 'server')

  {

   Set-VMMemory -VMName $n -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -StartupBytes 1024MB -Buffer 20

   Set-VMDvdDrive -VMName $n -Path $((Get-Item F:\winsource\*server*).fullname)

  }

}

Get-VM $name | Start-VM

Three important cmdlets

Because I only needed to create three virtual machines, I hard coded the machine names into a variable. I also thought it was a good idea to use easy-to-remember names. This part of the code is no surprise:

$name = "Client1","Server1","Server2"

New-VM

Now I come to the first important cmdlet: New-VM. The New-VM cmdlet creates a new virtual machine. The basic configuration for all three virtual machines is the same. I specify the startup memory, the name of the switch, the boot device, the path to the VHD, and the size of the VHD. I pipe the three computer names to the New-VM cmdlet, and I end up with three new virtual machines. This portion of the code is shown here:

$name |

Foreach {

    new-vm $_ -MemoryStartupBytes 512MB -SwitchName InternalSwitch `

    -BootDevice cd -NewVHDPath "F:\VM\$_\Virtual Hard Disks\$_.vhdx" `

    -NewVHDSizeBytes 127GB }

Set-VMMemory and Set-VMDvdDrive

Now I need to walk through the computer names by using the ForEach command. For each of the computer names, I will set the virtual machine memory and the DVD drive information. But because I will have different memory and different DVD info depending on if the operating system is a client or a server, I use the If statement.

To set the memory, I use the Set-VMMemory cmdlet, and I specify that I want to use dynamic memory in addition to the minimum and maximum bytes. I also set the startup memory. Next, I set the DVD drive to point to the ISO of the operating system I want to use.

This portion of the code is shown here:

Foreach($n in $name)

{

 if($n -match 'client')

    {

     Set-VMMemory -VMName $n -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 4096MB -StartupBytes 2048MB -Buffer 20

     Set-VMDvdDrive -VMName $n -Path $((Get-Item F:\winblue\*client*).fullname)

    }

 if($n -match 'server')

  {

   Set-VMMemory -VMName $n -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -StartupBytes 1024MB -Buffer 20

   Set-VMDvdDrive -VMName $n -Path $((Get-Item F:\winblue\*server*).fullname)

  }

Start me up

The last thing to do is to start the newly created virtual machines. To do this, I use the Get-VM cmdlet and supply the three computer names that are stored in the $Name variable. I pipe the results to the Start-VM cmdlet. Now, I still have to walk through the wizard, but that actually goes pretty quickly on modern operating systems.

Join me tomorrow because I have an awesome guest blog about WSUS by Honorary Scripting Guy, Boe Prox. You don’t want to miss it—the post absolutely rocks!

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy 

Firmy i organizacje mogą udostępnią witryny tworzone na SharePoint, użytkownikom spoza własnej organizacji. W przypadku SharePoint 2010 wymagane było zakupienie licencji SharePoint for Internet Sites, dla każdego serwera SharePoint, który był udostępniany użytkownikom zewnętrznym. Pociągało to za sobą dodatkowe koszty.

Dla SharePoint 2013 zasady te uległy zmianie i licencje “ … for Internet Sites” nie jest już wymagana. Nabywca licencji na serwer SharePoint 2013 już w cenie samego serwera uzyskuje prawo do wspólnej pracy z użytkownikami zewnętrznymi.

W dokumencie “Prawa do używania produktów licencjonowanych przez firmę Microsoft”, mamy następujący zapis:

Zwolnienie z obowiązku posiadania Licencji CAL dla użytkowników uzyskujących dostęp do opublikowanych treści

Licencje CAL nie są wymagane w przypadku uzyskiwania dostępu do treści, informacji i aplikacji, które publikują Państwo za pośrednictwem Internetu (tj. bez ograniczenia do sieci Intranet lub Extranet).

Oznacza to, że dla treści, informacji i aplikacji publikowanych w Internecie nie są wymagane licencji dostępowe CAL do SharePoint, nie istnieje również dla tej wersji licencja SharePoint for Internet Sites.

Należy jednak pamiętać o tym, że sam SharePoint korzysta z SQL Server oraz Windows Server, dla których to serwerów należy zapewnić odpowiednie licencje.

Chcesz wiedzieć więcej. Sprawdź poniższe łącza:

• Lista produktów (Product List) –http://www.microsoft.com/licensing/about-licensing/product-licensing.aspx#tab=2
• Prawa do używania produktów (Product Use Rights,“PUR”) –http://www.microsoft.com/licensing/about-licensing/product-licensing.aspx#tab=1

During configuring content deployment between pre-production environment and live environment we faced the following issue that caused a failure in content deployment job.The list of content deployment jobs is accessed from central administration in general application settings section

During troubleshooting we have noticed that some features with prefix PWS that are related to project server are displaying in $Resources format instead of clear names as indicated below:

another note is that In top level site collection there is a list created by default as part of the publishing site template called Issues , all fields are displaying in $Resources format as well as indicated below

By clicking the columns in the Issues list one corrupted column is causing a problem called $Resources:FieldTitle_Links, by clicking on “delete this invalid field” error page is getting displayed with internal error without having any details in SharePoint logs or in event viewer!

This common name for the field that causing the problem seems to be “related issues”, the current  environment is upgraded from SharePoint 2007 version.

we found that this could be fixed by deleting the Issues list and recreating it using Issue Tracking List as indicated below

The new list has everything working fine and column names are displaying correctly ,the list were empty in our case so no information is lost

Now re running content deployment succeeded from pre-production to production environment

Fast wäre es mir passiert und ich hätte dieses Thema ein drittes Mal in einem Blogartikel beschrieben: eine Domain will und will nicht aus Office 365 entfernt werden. Um eine Domain aus Office 365 zu entfernen, helfen diese beiden Artikel:

Domain aus Office 365 per PowerShell entfernen (18.04.2013)

Office 365 oder: wie entferne ich eine Domain aus dem Service (16.09.2011)

Heute war ein Tenant jedoch besonders hartnäckig: obwohl bereits alle User geändert wurden, gelöschte Benutzer aus dem Papierkorb entfernt wurden, Verteilerlisten korrigiert wurden ließ sich die Domain trotzdem nicht entfernen. Dabei hatte ich doch schon “alles gemacht”.

Die Ursache war eine Mail-Enabled Sicherheitsgruppe, wo die Domain noch als Proxyadresse hinterlegt war.

Mittels folgender Befehle melden Sie sich bei den Exchange Online Cmdlets an und setzen die Proxyadresse der Verteilerliste:

$LiveCred = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection

Import-PSSession $Session –AllowClobber

Set-DistributionGroup -Identity NAMEDERDL –EmailAddresses smtp:myname@contoso.onmicrosoft.com

Nach kurzer Zeit erscheint dann der zweite Name nicht mehr in der Gruppenabfrage und Sie können die Domain entfernen.

Wollen Sie das gleiche bei einer Person erreichen, bitte die Schritte wie hier beschrieben durchführen. Im wesentlichen funktioniert es genauso, nur ersetzen Sie das Set-Distributiongroup durch Set-Mailbox.

Collaboration. The idea that we are better when we work together. Isn't that something we often hear about, especially in IT? Well kids, I'm here to say it AGAIN! Within Microsoft, 'collaboration' and working with others across boundaries is critical given the breadth and depth of our technologies. In fact, management has made collaboration one of the key criteria of our annual reviews within the PFE org.

In this post, I've lined out how to collaborate the use of one of the features of System Center Configuration Manager (SCCM) to keep tabs on your settings and configurations across your Windows systems while you sleep.

Now, I'm a Platforms guy and this is a Platforms blog but OH! how I love thee, Desired Configuration Management (a super-cool facet of SCCM). To keep me honest, I collaborated w/ a peer PFE whose focus is Configuration Manager, aka ConfigMan. He promised to make sure I'm not tellin' tales outside of school.

I'll walk you through using System Center Configuration Manager's Desired Configuration Management (DCM) to keep tabs on the critical configurations set on your server fleet:

• Check Antivirus signatures, driver versions, VM Integration Services versions
• Check Service Pack or other updates
• Check certain file/folder/versions or details
• Run a script/code and parse the output
• You can check for the existence or the lack of something
• You can make the settings required or optional/conditional
• Your imagination might just be your only limitation with what you can check

First, a quick bit about Desired Configuration Management – DCM (http://technet.microsoft.com/library/gg681958.aspx)

DCM is designed around the idea of individual settings (called Configuration Items or CIs) combined into sets of settings (called Configuration Baselines or CBs) which are then 'deployed' to members of a 'Collection' within SCCM. Configuration Items in DCM have built-in versioning so if you change a setting, there is a whole UI dedicated to reviewing/comparing past and current values of settings, including export, restore, etc. This is known as 'Revision History' and is just one more of the really cool and powerful pieces of this DCM business.

You might create a common collection of settings that are universal to all your Windows Server systems, then layer on top of that common base, OS-specific settings and lastly, app-/role-/feature- specific settings. This is but one way of doing it - you might have a different idea for how you'd design the solution.

Step One– define the target settings and values.

• This aspect can take quite a bit of homework, research and testing but I'd bet many/most of you know where to look and how to check for your key configurations.
• Once you knock out the research, you can setup DCM to check those settings/values in a just a couple of hours.
• There are Configuration Packs you can download (http://www.microsoft.com/en-us/download/search.aspx?q=%22configuration%20pack%22&p=0&r=10&t=&s=availabledate~Descending)
• Our Security Compliance Manager tool has Config Pack objects that can be imported/consumed by DCM (http://technet.microsoft.com/en-us/library/cc677002.aspx)
• For this post, I'm using two registry settings values from the following sample of some settings for my Domain Controllers:
  • The blue shaded columns are:
    • the criticality level I want to assign in DCM for non-compliance
    • the names I'm going to use in the DCM UI for consistency (a HUGE facet of HildeIT – naming standards)
      • If you'd like to digress to some of my other HildeIT posts, feel free but come right back – this is a good post J
        • http://blogs.technet.com/b/askpfeplat/archive/2012/03/21/windows-base-os-build-bullet-point-festival-2012.aspx
        • http://blogs.technet.com/b/askpfeplat/archive/2012/08/06/first-do-no-harm.aspx
        • http://blogs.technet.com/b/askpfeplat/archive/2012/08/21/welcome-to-server-manager-2012-style.aspx
        • http://blogs.technet.com/b/askpfeplat/archive/2013/04/01/one-little-victory-get-value-from-the-remote-server-administration-tools-on-windows-2012-and-or-windows-8-today.aspx
        • http://blogs.technet.com/b/askpfeplat/archive/2012/06/04/a-global-enterprise-in-your-basement-lab.aspx
  • These registry paths all start with HKLM\System\CurrentControlSet\Services

Step Two– Setup your DCM folder hierarchy and storage view/structure

• This requires some planning and a bit of thought, as well as the proper permissions in SCCM – which you might not have. Work with your SCCM resource to help you – remember the first word of this post?
• The UI splits up the Configuration Items (CIs) from the Configuration Baselines (CBs)
• For my scenario, I setup a 'root' folder for the Role ('Domain Controllers') and then a sub-folder for the OS version/SP level

Step Three– Create your CIs

• The wizard in CM2012 SP1 really shines here. I went through this process in CM 2007 and WHOA DADDY was it 'rich' with many, many, MANY pages in the CI wizard.
• Right-click the Configuration Items sub-folder and choose 'Create Configuration Item'

   

• The Wizard will walk you through all the steps:
  • Give it a consistent name and description so in 8 months or 8 years, when someone asks 'who did this and what is it for?' there are ready answers
    • I also created a 'category' for Domain Controller settings to help with filtering settings once I get 1000s of settings (similar to Tags in a Blog).

   

   

   

  • Choose the OS version(s) the settings assessment will apply to and click Next…

   

  • Click 'Add' to create a new Setting – you repeat this for each setting you want evaluated as part of this Configuration Item
    • You might combine multiple settings into one CI or you might have only one setting per CI

• Choose the desired options for the setting and click Next …
  • There are options for Registry values, AD queries, files, script output, etc – LOTS of flexibility

• One KILLER aspect to CM 2012 SP1 here … the 'Browse' button above…
  • For my registry setting, I can connect to either the local registry for common settings or a remote registry, where a specific setting can be found
  • You just browse out to what you want…
  • Thank you to whomever put this in the product J

     

     

• I created two CIs but I wanted to change the 'Severity' from Informational to Critical, so I did:

   

• Notice the highlighted checkbox below about 'Remediation' – yes, you can even have DCM auto-repair settings if you so desire.
• I'm a bit more of a control-freak than that and typically, I'm scared stiff when someone mentions automatically changing ANYTHING but this is another example of the power of this tool
• USE CAUTION

   

• Summary … working …. Complete!

   

   

   

Step Four– Create your Configuration Baseline(s)

• Again, use a solid naming convention when creating the CB folder structure
• Right-click the proper folder and choose 'Create Configuration Baseline'

   

   

• Provide a good name in-line with the defined naming standard and a solid description
• Click the 'Add' drop-down and select – in this case – Configuration Items
  • Notice Software Updates is an option – you could specify that a certain Service Pack be an element of your Compliance Baseline?

   

• Select your CIs to add to your CB and click OK:

   

• Again, here I set the 'category' to Domain Controllers

   

   

• Click OK to complete the Configuration Baseline creation; notice towards the bottom "Configuration Baseline Status" – "Deployed: No"

   

   

Step Five– Deploy your Configuration Baseline(s)

• From the Ribbon, click 'Deploy'

   

• Define the appropriate settings and click OK
  • I selected:
    • A target of 100% compliance
    • To log events (which can be captured by SCCM Alerting, and by SCOM
    • I browsed to find the appropriate Collection I wanted to deploy to
    • I set the Schedule for every 6 hours (4x per day) but I'd likely be fine with once a day
      • One thing about frequency – these evaluation cycles can place a load on your systems so don't go nuts
        • SCCM has a built-in protection to not re-evaluate less than 15 minutes

   

Step Six– Pick-up sticks. Then, after your ConfigMan infrastructure and Agents have refreshed, you can check the individual systems and get a nice local Compliance Report and/or use the CM Console/Reporting

• Now, the CB will show up as "Deployed: Yes" and "Compliance Count:" numbers will be shown:

• To scan the Compliance state locally on a system, open up Control Panel >> Configuration Manager >> Configurations tab

   

   

• Click to highlight the Configuration Baseline (in my case, there's only one) and click 'Evaluate'
  • Notice, in my screenshot, it says 'Compliant' and shows the last evaluation date/time – awesome
  • If you are a bit impatient like me and you don't see the Baseline listed, hop over to the 'Actions' tab, highlight "Machine Policy Retrieval and Evaluation Cycle" and click 'Run Now.'
  • Additionally, I can click 'View Report' and see a locally-rendered HTML report – more awesomeness

     

  • For comparison, here's another DC that is NOT compliant:

     

     

  • And the non-compliance issue/details are displayed further down in the Report…
    • I only screen-shot'd the NTDS path failure but the GC non-compliancy was there, too

   

• Within the SCCM Console, you can view the compliance:
  • Via the in-box Compliance Reports…

   

  • Via the Deployments details:
  • Or via the Configuration Baseline details, too:

   

  I really love the DCM piece of Config Manager and the 2012 UI and Wizards make it soooo easy even I can do it.

  What settings do you watch? How do you watch them today? Do you have experience using DCM?

  Happy trails and I'll see you out there on the march towards a 'well-managed infrastructure.'

  Cheers!

   

   

As you may know, Active Directory provides authentication and authorization mechanisms as well as framework from within other related services that can be deployed. As an LDAP compliant database, it contains most commonly used objects such as users, computers, and groups which can be organized into organizational units or OUs by any number of logical or business needs. Group Policy Objects or GPOs are then linked to OUs to centralize the settings for various users or computers across an organization. Part of the quandaries that IT professionals face is taking advantage of nuances provided in Active Directory in newer server offerings such as Windows Server 2012.  As detailed in Pierre's post, "Windows Server 2012 Active Directory – What’s New?", Active Directory provided in Windows Server 2012 is provided impactful enhancements.  Yet some organizations choose not to migrate due to reasons of uncertainty.

This Step-By-Step, suggestion online via the IT Professionals Community of Greater Toronto, is to help deal with that uncertainty and provide guidance for IT professionals looking to migrate their organizations Active Directory offering from Windows Server 2003 to 2012.

Prerequisites

1. Download Windows Server 2012. If you plan on completing this Step-By-Step in a virtual lab, it is recommended to download the FREE Hyper-V Server 2012 first.
   
2. Complete Step-By-Step: Adding a Windows Server 2012 Domain Controller to an Existing Windows Server 2003 network

Transferring the Flexible Single Master Operations (FSMO) Role

1. Open the Active Directory Users and Computers console on your new Windows Server 2012 computer.
   
2. Right click your domain and select Operations Masters in the sub menu.
   
3. In the Operations Masters window, ensure the RID tab is selected.
   
4. Select the Change button.
   
   
   
5. SelectYes when asked about transferring the operations master role.
   
6. Once the operations master role has successfully transferred, clickOK to continue.
   
7. Ensure the Operations Master box now shows your new 2012 Windows Server.
   
8. Repeat steps 4 to 6 for the PDC and Infrastructure tabs.
   
9. Once completed, clickClose to close the Operations Masters window.
   
10. Close the Active Directory Users and Computers window.

Changing the Active Directory Domain Controller 

1. Open the Active Directory Domains and Trusts console on your new Windows Server 2012 computer.
   
2. Right click your domain and select Change Active Directory Domain Controller... in the sub menu.
   
3. In the Change Directory Server window, selectThis Domain Controller or AD LDS instance.
   
4. Select your new 2012 Windows Server.
   
   
5. ClickOK to continue.
   
6. Back in the Active Directory Domains and Trusts window, hover over the Active Directory Domains and Trusts found in the folder tree on the left hand side to ensure the server now reflects your new 2012 Windows server.
   
7. Right clickActive Directory Domains and Trusts found in the folder tree and select Operations Manager... in the sub menu.
   
8. In the Operations Master window, clickChange to transfer the domain naming master role to the 2012 Windows Server.
   
9. When asked if you are sure you wish to transfer the operations master role to a different computer, clickYes.
   
10. Once the operations master is successfully transferred, clickOK to continue.
    
11. ClickClose to close the Operations Master window.
    
12. Close the Active Directory Domains and Trusts console.

Changing the Schema Master

1. Open a command prompt in administration view on your new Windows Server 2012 computer.
   
2. On the command prompt window, enterregsvr32 schmmgmt.dll and hit enter.
   
3. Once completed successfully, clickOK to close the RegSvr32 window.
   
   
   
4. Close the command prompt.

Add the Active Directory Schema Console from MMC

1. Open a MMC console on your new Windows Server 2012 computer.
   
2. Click File> Add/Remove Snap-in...
   
3. In the Add or Remove Snap-ins window, selectActive Directory Schema and click the Add > button.
   
   
   
4. ClickOK to continue.

Change the Schema Master

1. In the same MMC console, right clickActive Directory Schema and select Change Active Directory Domain Controller... in the sub menu.
   
2. In the Change Directory Server window, selectThis Domain Controller or AD LDS instance.
   
3. Select your new 2012 Windows Server.
   
4. ClickOK to continue.
   
5. A warning will appear stating that the Active Directory Schema snap-in in not connected. ClickOK to continue.
   
6. Hover over the Active Directory Schema folder in the folder tree to ensure the new Windows Server 2012 computer is shown. 
   
7. Now right clickActive Directory Schema and select Operations Master... in the sub menu.
   
8. In the Change Schema Master window, clickChange to transfer the schema master role to the 2012 Windows Server.
   
9. When asked if you are sure you wish to transfer the schema master role to a different computer, clickYes.
   
10. Once the schema master is successfully transferred, clickOK to continue.
    
11. ClickClose to close the Change Schema Master window.
    
12. In the MMC, clickFile> Exit.
    
13. When asked to save the console, clickNo.

 Once completed, open the Active Directory Users and Computers console to verify that the Active Directory database successfully replicated to your new Windows Server 2012 computer.  Be aware that the database replication may take some time depending on the number of objects in Active Directory.

Removing the 2003 Windows Server from the Global Catalog Server

1. Open Active Directory Sites and Services on your new Windows Server 2012 computer.
   
2. Expand the Sites folder, then the Default-First-Site-Name folder, then the Servers folder.
   
3. Expand both listed servers. One should be your new 2012 Windows Server and one should be you 2003 Windows Server.
   
4. Right clickNTDS Settings found under your old 2003 Windows Server.
   
5. In the sub menu, selectProperties.
   
6. Under the General Tab, unselectGlobal Catalog and then click the Apply button.
   
7. ClickOK to continue.
   
8. Close the Active Directory Sites and Services window.
   
9. Verify that your new 2012 Windows Server is running the FSMO role by opening the command prompt in Administrative view and running the following command: Netdom query fsmo.
   
10. In the Network and Sharing Center, be sure to change the Preferred DNS server to match the Alternate DNS server, then delete the IP address listed under the Alternate DNS server should it currently be pointed to the old 2003 Windows Server.

All that's left is to demote the old 2003 Windows server by first adding the new 2012 Windows Server as the Primary DNS, followed by running DCPROMO to demote the old 2003 Windows server. 

对于IT 专业人员和开发者，可以采用多种方式创建和管理虚拟机（VM），其中主要包括：使用管理门户（Management Portal）、通过PowerShell脚本及通过自己编写程序使用REST API方式等。

对于通过PowerShell脚本，可以采用自动化的方式，大大方便了IT人员的工作量，同时也便于灵活配置及脚本代码复用。

最近在编写一段自动创建Windows Server虚拟机的代码的时候，发现无法运行下去，具体错误界面如下图：

系统提示：“Cannot process command because of one or more missing mandatory parameter”。

查找MSDN看命令格式：New-AzureQuickVM和New-AzureVM：

http://msdn.microsoft.com/en-us/library/windowsazure/jj152839.aspx

Parameter Set: Windows

New-AzureQuickVM -ImageName <String> -Password <String> -ServiceName <String> -Windows [-AffinityGroup <String> ] [-AvailabilitySetName <String> ] [-Certificates <CertificateSettingList> ] [-DnsSettings <DnsServer[]> ] [-HostCaching <String> ] [-InstanceSize <String> ] [-Location <String> ] [-MediaLocation <String> ] [-Name <String> ] [-SubnetNames <String[]> ] [-VNetName <String> ] [ <CommonParameters>]

http://msdn.microsoft.com/en-us/library/windowsazure/jj152815.aspx

Parameter Set: ExistingService

New-AzureVM -ServiceName <String> -VMs <PersistentVM[]> [-DeploymentLabel <String> ] [-DeploymentName <String> ] [-DnsSettings <DnsServer[]> ] [-VNetName <String> ] [ <CommonParameters>]

Parameter Set: CreateService

New-AzureVM -ServiceName <String> -VMs <PersistentVM[]> [-AffinityGroup <String> ] [-DeploymentLabel <String> ] [-DeploymentName <String> ] [-DnsSettings <DnsServer[]> ] [-Location <String> ] [-ServiceDescription <String> ] [-ServiceLabel <String> ] [-VNetName <String> ] [ <CommonParameters>]

好像没有什么不妥；经过进一步排查和搜索，发现原因出在了使用PowerShell创建虚拟机必须提供新参数：-AdminUserName。

MSDN上述两篇文章的内容尚未更新。

具体请见：https://github.com/WindowsAzure/azure-sdk-tools/blob/master/ChangeLog.txt

“BREAKING CHANGE: New-AzureVM and New-AzureQuickVM now require an –AdminUserName parameter when creating Windows based VMs.”

同时需要注意的是，在提供-AdminUserName的时候，不能选择”Administrator”或者”Admin”这样的用户名，从安全性角度而言，一些常用的管理员名称、密码，也不建议使用，以避免被恶意攻击所利用。

虽然是一个小的改变，但值得赞同，毕竟安全性是个非常关键的问题。