Today’s Tip…

Johan Arwidmark and Mikael Nyström deliver just over an hour of 300-level training that includes:

• Handling device drivers in deployment
• Common deployment issues
• Workarounds
• Guidance on parsing logs
• WinPE troubleshooting
• PXE troubleshooting
• Guidance on UEFI deployments
• Examples with SCCM and MDT
• Lots of live demos!

Training is available here: https://channel9.msdn.com/Events/Ignite/2015/BRK3318

The Product Group wants to know how Microsoft can improve SharePoint Server, SharePoint Online, Project Desktop, Project Server, and Project Online. You can lend your voice to the SharePoint and Project Server product group’s choices for functionality!

Here are the links to provide feedback at UserVoice.com:

For Project: https://microsoftproject.uservoice.com/

For SharePoint: http://sharepoint.uservoice.com/

Blogs for SharePoint:

https://blogs.office.com/sharepoint/

http://blogs.msdn.com/b/spblog/

Blogs for Project:

https://blogs.office.com/project/

https://blogs.technet.microsoft.com/projectsupport/.

In this episode, I spend lunch with Maribel Lopez, the owner of the analyst firm Lopez Research, and a regular contributor to Forbes.

In the first half of our discussion we talk about market consolidation, choosing an EMM vendor, powerlifting, and the difference between information access and mobile enablement.

You can subscribe to these videos here.

Today, Microsoft Surface announced four new schools—more than 23,000 devices—bringing Windows 10 devices into their classrooms, along with a 30% discount on Surface 3 education bundles for qualifying institutions through March 31, 2016.

旧ポータルではできた P2S VPN ですが、ARM環境でもちゃんとサポートされております。

以下ページに、そのための手順が記載されております。

 ・PowerShell を利用し、仮想ネットワークへのポイント対サイト接続を構成する

上記ページでは P2SVPNの構成だけではなく、VNETの作成からパブリックIPの確保から、全てを PowerShell でおこなってる非常に頑張った構成ですが、既にVNETがある場合は、以下の手順だけで大丈夫です。

1. ・証明書の構成
   1. 自己署名ルート証明書を作成
   2. クライアント証明書を必要分発行する
   3. ルート証明書のCER形式(Base64)のファイルを書き出す
2. ・管理ポータルから必要なリソースを準備する
   1. VNET に GatewaySubnet という名称のサブネットを作っておく(名称が固定なのに注意!!)
   2. パブリックIPを取得(動的でないと行けないことに注意)
3. ・以下 PowerShell を実行する

#準備したリソースの取得
$pip = Get-AzureRmPublicIpAddress -Name "パブリックIPの名称" -ResourceGroupName "リソースグループ名"
$vnet = Get-AzureRmVirtualNetwork -Name "VNETの名称" -ResourceGroupName "リソースグループ名"
$subnet = Get-AzureRmVirtualNetworkSubnetConfig -Name "GatewaySubnet" -VirtualNetwork $vnet

# 自己署名ルート証明書を準備
$texts = Get-Conent "ルート証明書のCERファイルへのパス"
$texts[0] = ""
$texts[$texts.length-1]= ""
$certstring = $texts -join ""
$rootcert = New-AzureRmVpnClientRootCertificate -Name "証明書名称" -PublicCertData $certstring 

#Gatewayの作成
$ipconfig = New-AzureRmVirtualNetworkGatewayIpConfig -Name "設定名称" `
    -Subnet $subnet  `
    -PublicIpAddress $pip
New-AzureRmVirtualNetworkGateway -Name "ゲートウェイ名" `
    -ResourceGroupName "リソースグループ名" `
    -IpConfigurations $ipconfig `
    -GatewayType Vpn `
    -VpnType RouteBased `
    -EnableBgp $false `
    -GatewaySku Standard `
    -VpnClientAddressPool "172.16.201.0/24" `
    -VpnClientRootCertificates $rootcert ` -Location ($pip.Location)

さて、これから仮想ネットワークゲートウェイを新規に作成するなら上記の手順でも構わないのですが、S2S接続や ExpressRoute による接続で既に仮想ネットワークゲートウェイを作成してしまっている場合、ここに P2S接続を兼ねさせることは出来るのでしょうか?

はい、これは可能です。その場合は、以下のスクリプトになります。

# 自己署名ルート証明書を準備
$texts = Get-Conent "ルート証明書のCERファイルへのパス"
$texts[0] = ""
$texts[$texts.length-1]= ""
$certstring = $texts -join ""

# 既存の仮想ネットワークゲートウェイを取得
$gw = Get-AzureRmVirtualNetworkGateway -Name "ゲートウェイ名" -ResourceGroupName "リソースグループ名"

# ゲートウエイにP2SVPNの設定を追加
Set-AzureRmVirtualNetworkGatewayVpnClientConfig -VirtualNetworkGateway $gw `
    -VpnClientAddressPool 172.16.201.0/24

# ルート証明書を登録
Add-AzureRmVpnClientRootCertificate -VirtualNetworkGatewayName $gw.Name `
    -ResourceGroupName     $gw.ResourceGroupName `
    -VpnClientRootCertificateName '証明書名称' `
    -PublicCertData $certstring

必ず、Set-AzureRmVirtualNetworkGatewayVpnClientConfig  を先に、その後でAdd-AzureRmVpnClientRootCertificateを実施してください。
先にAdd-AzureRmVpnClientRootCertificateを実施すると、登録先がまだ存在しないためエラーなります。

二つの PowerShell のスクリプトを紹介しましたがいづれもヘルプなどに記載されている、以下の証明書データの読み込み方とは異なる方法で証明書データを文字列にしています。

$text = Get-Conent .¥rootcert.cer
$certificatedtext = for ($i=1; $i -lt $Text.Length -1 ; $i++){$Text[$i]}

これは何故かというと、蒸気の作り方をした場合、$certificatedtext は1行1文字列を束ねた配列で文字列ではないのでその旨のエラーが出ること、単純に [string]$certifictedtext とキャストして文字列にすると今度は行と行の間に空白文字が入ってしまいこれまたエラーになるためです。上記の方法でしたら、例えば以下のように -replace で空白文字を潰しておけば使えます。

$text = Get-Conent .¥rootcert.cer 
$text2 = for ($i=1; $i -lt $Text.Length -1 ; $i++){$Text[$i]}
$certstring = [string]$text2 -replace ' ','' 

Deploy a cloud application quickly with the new Microsoft SDN stack

You might have seen this blog post recently published on common data center challenges. In that article, Ravi talked about the challenges surrounding deployment, flexibility, resiliency, and security, and how our Software Defined Networking (SDN) helps you solves those challenges.

In this blog post series we will go deeper so you’ll know how you can use Microsoft SDN with Hyper-V to deploy a classic application network topology. Think about how long it takes you to deploy a three-tier web application in your current infrastructure. Ok, do you have a figure for it? How long, and how many other people did you need to contact?

This series focuses on a deployment for a lab or POC environment. If you decide to follow along with your own lab setup you’ll interact with the Microsoft network controller, build an overlay software defined network, define security policy, and work with the Software Load Balancer.

• In Part 1 you’ll be introduced to the SDN stack and the three-tier workload app
• In Part 2 you’ll learn about the front end web tier and tenant configuration
• In Part 3 you’ll get into the application tier and the back end data tier

Here’s what you’ll need in your lab environment:

• Download and Install Windows Server Technical Preview 4
• Review the Planning Software Defined Networking TechNet article
• Download scripts from the Microsoft SDN GitHub repository
• Follow the Deploy Software Defined Networks using Scripts guide on TechNet

The first step in deploying the cloud application is to install and configure the servers and infrastructure. You will need to install Windows Server 2016 Technical Preview 4 on a minimum of three physical servers. Use the Planning Software Defined Networking TechNet article for guidance in configuring the underlay networking and host networking. The environment I used while writing this post and deploying the three-tier app has the following configuration:

• Three physical servers each with Dual 2.26 GHz CPUs, 24 GB of memory, 550 GB of storage, two 10Gb Ethernet cards
• Each host uses a Hyper-V Virtual Switch in a Switch-Embedded Team configuration
• All hosts are connected to an Active Directory domain named “SDNCloud”
• Each server is attached to a Management VLAN, and the default gateway is an SVI on a switch
• The upstream physical switch is configured with the same VLAN tags as the Hyper-V virtual switch, and uses trunk mode so that management and host network traffic can share the same switch ports

Introduction

Enterprise and hosting providers use their IT tool kits to address similar and reoccurring problems:

• Deploy new services quickly with enough flexibility to accommodate incremental demand for capacity and performance
• Maintain availability despite multiple failure modes
• Ensure security

Windows Server 2016 helps you address these challenges in the application platform itself, and for the networking technology we’ll cover in this blog it’s the same technology that services the 1.5 million+ network requests per second average in Microsoft Azure.

The scenario for the series is for a new product that our fictitious firm “Fabrikam” is launching to meet the demands for convenience and self-service in requesting a new passport, renewing an expired passport, or updating a citizen’s personal information. The application is called “Passport Expeditor” and it removes the need for a citizen to go to the passport agency and execute a paper-based process that uses awkward government-speak.

Passport Expeditor is based on a three-tier architecture, which consists of a front-end web tier to present the interface to the user, the application tier to validate inputs and contains the application logic, and a back-end database tier to store passport information. The software in each tier runs in the in a virtual machine, and is connected to one or more networks with associated security policies.

Figure 1: Passport Expeditor application architecture

External users will access Fabrikam’s Passport Expeditor cloud application through a hostname registered to an IP address that is routable on the public Internet. In order to handle the thousands of requests Fabrikam expects to see at launch, load balancing services are required and will be provided in the network fabric using Microsoft’s in-box Server Load Balancer (SLB). The SLB will distribute incoming TCP connections among the web-tier nodes providing both performance and resiliency. To do this the SLB will monitor the health probes installed on each VM and take any VMs which are “down” out of rotation until they become healthy again. The SLB can also increase the number of  VMs servicing the application during periods of peak load and then scale back down when load decreases.

Core concepts

Before we dive in, let’s spend a moment talking about some core concepts and technologies we will be using:

• PowerShell scripting: We will use PowerShell scripts to create the network policy and resources and use the HTTP verbs PUT and GET to inform the Network Controller of this policy
• Network Controller: The Microsoft Network Controller is the “brains” of the SDN Stack. Network policy is defined through a set of resources modeled using JSON objects and given to the Network Controller through a RESTful API. The Network Controller will then send this policy to the SDN Host Agent running on each Hyper-V Host (server)
• SDN Host Agent: The Network Controller communicates directly with the SDN Host Agent running on each server. The Host Agent then programs this policy in the Hyper-V Virtual switch.
• Hyper-V Virtual Switch: Microsoft’s vSwitch is responsible for enforcing network policy (such as VXLAN based overlay networks, access control lists, address translation rules, etc) provisioned by the network controller.
• Software Load Balancer: The SLB consists of a multiplexer which advertises a Virtual IP (VIP) address to external clients (using BGP) and distributes connections across a set of Dynamic IP (DIP) addresses assigned to VMs attached to a network.
• North/South and East/West traffic: These terms refer to where network traffic originates and is destined. North/South indicates the network traffic is going outside of the virtual network or data center. East/West indicates the network traffic is coming from inside the virtual network or within the data center.

Figure 2: Windows Server 2016 SDN stack

Perform the following steps to configure Windows Server Technical Preview 4 for the scenario:

1. Install the operating system on the physical server
2. Enable the Hyper-V Role on each host
3. Create a Hyper-V Virtual Switch on each host. Be sure to use the same name for each virtual switch on each host and bind it to a network interface
4. Ensure the virtual switch’s Management virtual network interface (vNIC) is connected to the Management VLAN and has an IP address assigned to it
5. Verify connectivity via the Management IP address between all servers
6. Join each host to an active directory domain

The system is now ready to receive the SDN Stack components, software infrastructure, and inform the Network Controller about the fabric resources. If you haven’t already retrieved the scripts from GitHub, download them now. All scripts are available on the Microsoft SDN GitHub repository and can be downloaded as a zip file from the link referenced (for more details on Git, please reference this link).

Fabric resource deployment

The Network Controller must be informed of the environment it is responsible for managing by specifying the set of servers, VLANs, and service credentials. These fabric resources will also be the endpoints on which the controller enforces network policies. The resource hierarchy and dependency graph for these fabric resources is shown in Figure 3.

Figure 3: Network controller northbound API fabric resource hierarchy

The variables in the FabricConfig.psd1 file (see sample here) configuration file must be populated with the correct values to match your environment. Insert the appropriate configuration parameter anywhere you see the mark “<<Replace>>”. You will do this for credentials, VLANs, Border Gateway Protocol Autonomous System Numbers (BGP ASNs) and peers, and locations for SDN service VMs.

When customizing the FabricConfig.psd1 file:

• Ensure the directory specified by the InstallSrcDir variable is shared with Everyone and has Read/Write access.
• The value of the NetworkControllerRestName variable must be registered in DNS with the value of the floating IP address of the Network Controller specified by the NetworkControllerRestIP parameter.
• The value of the vSwitchName variable must be the same for all Hyper-V Virtual Switches in each server.
• The LogicalNetworksarraycontains the fabric resources which correspond to specific VLANs and IP prefixes in the underlay network. In this post series, we will only be configuring and using:
  • Hyper-V Network Virtualization Provider Address (HNVPA): Used as the underlay network for hosting HNV overlay virtual networks.
  • Management: Used for communication between Network Controller and Hyper-V Hosts (and SDN Host Agent)
  • Virtual IP (VIP): Used as the public (routable) IP prefix through which external users will access the HNV overlay virtual network (e.g. Web-Tier). Routes to the VIPs will be advertised using internal BGP peering between the SLB Multiplexer and BGP Router.
  • The Transit and GREVIP networks are used by the Gateways (not covered in this post series). In the future, the SLB Multiplexer will also connect to the Transit logical network.
• The Hyper-V host section is an array of NodeNameswhich must correspond to the physical hosts registered in DNS. This section determines where to place the infrastructure VMs (Network Controller, SLB Multiplexer, etc.).
  • The IP Addresses for the Network Controller VMs (e.g. NC-01) must come from the Management logical network’s IP prefix.
  • The IP Addresses for the Software Load Balancer VMs (e.g. MUX-01) must come from the HNVPA logical network’s IP prefix.
• The Management and HNVPA logical network prefixes must be routable between each other.

Figure 4: Deployment environment

After customizing this file and running the SDNExpress.ps1 script documented in the TechNet article, validate your configuration by testing that the requisite fabric resources, e.g. logical networks, servers, and SLB Multiplexer, are correctly provisioned in the Network Controller by following the steps in the TechNet article. As a first step, you should be able to ping the Network Controller (NetworkControllerRestIP) from any host. You should also verify that you can query resources on the Network Controller using the REST Wrappers Get-NC<ResourceName> (e.g. PS > Get-NCServer) and validate that the output includes provisioningState = succeeded.

Note: The deployment script creates multi-tenant Gateway VMs. These will not be used in this blog series.

Figure 5: Network controller provisioning 

The final check is to ensure that the load balancers are successfully peering with the BGP router (either a VM with Routing and Remote Access Server (RRAS) role installed or Top of Rack (ToR) Switch. Border Gateway Protocol (BGP) is used by SLB to advertise the VIP addresses to external clients and then route the client requests to the correct SLB Multiplexer. In my lab I am using the BGP router in the ToR and the switch validation output is shown below:

Figure 6: Successful BGP peering

Summary and validation

In this blog post, we introduced the Passport Expeditor service which can be installed as a cloud application using the new Microsoft Software Defined Networking (SDN) Stack. We walked through the host and network pre-requisites and deployed the underlying SDN infrastructure, including the Network Controller and SLB. The fabric resources deployed will be used as the basis to instantiate and deploy the tenant resources in part II of this blog series. The Network Controller REST Wrapper scripts can be used to query the fabric resources as shown in the TechNet article here.

In the next blog post: Front-end Web Tier Deployment and Tenant Resources

The SDN fabric is now ready to instantiate and deploy tenant resources. In the next part in this blog series, we will be creating the following tenant resources for the front-end web tier of the three-tier application shown in Figure 1 above:

1. Access Control Lists
2. Virtual Subnets
3. VM Network Interfaces
4. Public IP

We’d love to hear from you. Please let us know if you have any questions in the comments!

Leaders are embracing the need to partner with IT to help them gain actionable insights from data. Attesting to this, The Economist recently published a study, “Big data evolution: Forging new corporate capabilities for the long term,” which found that companies “that have a well-defined data strategy are much more likely to say that they financially outperform their competitors — in fact, strategic data managers are four times as [likely] to report that they are substantially ahead of peers.” As a result, “a new kind of partnership has emerged between IT and the business … Not only is this resulting in less dead-weight friction about the goals and approach to data initiatives, but it is also allowing IT to up their game.”

Data’s contribution to business success is ever-expanding, however, unless IT can help transform more data into actionable insights, then it is not providing the business with the trusted information they need to uncover new business opportunities and fuel innovation.

Modern BI platform

For IT to remain responsive and agile to the business demands they need a modern Business intelligence (BI) and analytics platform that provides trusted datasets and metrics that can be easily accessed, consumed and shared by the right people.

SQL Server continues to evolve to let you benefit from data without incurring extra cost from expensive add-ons or facing additional expenses for training IT staff. Because the enhancements to SQL Server 2016 are based on technology that IT is already familiar with, IT can build on existing skill sets to perform modern BI and analytics responsibilities and supporting a modern data strategy. For example, SQL Server 2016 lets IT transform data into easily understood, trusted data models with user access control to make sure only appropriate users see sensitive data. This means IT can transform complex data from multiple sources into powerful, scalable models that business analysts can easily understand and access by using familiar data analytics and discovery tools such as Excel or Power BI.

But these enhancements are just the beginning. The release of SQL Server 2016 starts the cloud-paced cadence of new capabilities in Microsoft’s comprehensive enterprise-ready BI platform. This approach enables organizations to continuously build on existing investments to create, manage, and consume business insights on premises and in the cloud. With all this, SQL Server 2016 provides what you need to transform data into actionable insights to help advance your business, including mobile and hybrid BI. To learn more about the modern advances built into SQL Server 2016, read about what you can expect and the Microsoft BI reporting roadmap here. Upcoming blog posts in this series will dive into the technology that makes all this functionality possible.

Mobile BI

Accommodating mobile users has become a key requirement of BI&A efforts. Businesses recognize that the number of mobile workers will continue to increase as the number of smartphones and mobile devices increases. And with this growth, users expect IT to support their mobile devices as the means to access the information they need to do their jobs whenever and wherever they need it — from business executives to the individual employee; whether they are in the warehouse, visiting a customer, or at the airport; and whether they are connected or not.

SQL Server 2016 delivers built-in mobile BI capabilities for both IT and business users. IT professionals have the tools they need to administer user access and shared data sets in one place. Business users can then access insights in an intuitive, engaging way from their desktop and mobile devices and expect the insights to be optimized for different form factors and major mobile platforms.

When you think about optimizing your data infrastructure and maximizing your IT personnel, mobile BI is an important consideration. Providing BI access to more employees can help you transform the decision making process and make your organization agile.

Hybrid BI

As your organization transitions to the cloud to benefit from flexibility and scale, you might still have many data sources that reside on premises. Microsoft BI tools support this trend so that you can transition to the cloud at your pace and take advantage of a hybrid BI solution that will let you continue to benefit from existing on-premises investments. For example, you can pin a Reporting Services paginated report item to a Power BI dashboard so you can view all your information in one place. Or you can access on-premises data from the Power BI service without the need to move the data to the cloud.

Trusted BI platform: Building on your foundation

SQL Server has gained a reputation as a trusted and scalable platform, and has been recognized as a leader in Gartner’s Magic Quadrant for Business Intelligence and Analytics. (Download the Gartner Magic Quadrant for Business Intelligence and Analytics Platforms). With that knowledge and the Microsoft data platform infrastructure that organizations depend on today, business and IT can strengthen their data partnership by building on the existing skills and technology and the advances built into SQL Server 2016. Grow your business bottom line by confidently relying on the Microsoft data platform, knowing that it will work with what you have—whether your data and tools reside on-premises or in the cloud—and it will scale with your business as your data and reporting needs grow over time.

Stay tuned to this blog series for in-depth details on SQL Server 2016 analysis, reporting and BI innovations, and click below for further reading and to try SQL Server 2016 CTP3 for yourself.

See the other posts in the SQL Server 2016 blogging series.

I’ve had the luxury of doing SCOM work for several years now, across many different client types and infrastructure, and one of the constants that I see in most every environment that I’ve worked in is a lack of planning surrounding how SCOM will be used in their environment.  There are a number of reasons for why this is, ranging from a lack of understanding about how the tool works, to internal political issues, administrative problems such as lazy or secretive administrators, to many other things as well.  The solutions to these problems are not always easy and require a bit more than just tossing in a piece of technology so that we can check a box and say “we have monitoring.’'  The reality though, is that this is precisely how many SCOM environments are designed.

We at Microsoft have often been very good at solving technical problems, and the SCOM community as a whole has a number of fantastic blogs ranging from frequent bloggers such as Kevin Holman, Stefan Stranger, and Marnix Wolf to folks such as myself who are far less intelligent and do far less blogging.  In all, if you need to solve a technical problem in SCOM, it’s not hard to do it as someone has already done it.  Unfortunately, I think this is where we can often fall short, as we leave it up to our customers to use our products, and they can have some very interested ways of using them.   SCOM is no different.  The biggest problem with SCOM that I see is that organizations never address the people or processes surrounding the technology that they purchased.

First, let’s start with the obvious. SCOM is very good at telling users that something is wrong.  It’s not hard to spin up, and after tossing in a few management packs, you will quickly start seeing alerts ranging from simple noise to real problems.  SCOM engineers quickly realize that there are lots of really cool Microsoft and Non-Microsoft MPs out there along with some really good ideas (and bad ones).  It does not take long for a customer to deploy a bunch of agents, import some management packs, and next thing they know, their alerts screen is full of red and yellow alerts indicating that something may be wrong. 

What I find from here though, is that the alert management process pretty much stops at this point.  Yes, there are organizations that truly do try to have an end to end alert lifecycle, but in just about every organization that I’ve visited, they are stuck at this point even while thinking they aren’t.  These orgs have a SCOM administrator, who often wears multiple hats, and maybe perhaps a tier 1 staff watching the active alerts to some extent. Usually, tier 2 and 3 are completely disengaged, never touching the SCOM console or perhaps going so far as actively resisting monitoring attempts. In an attempt to bring monitoring issues to light, orgs decide to send emails or generate tickets on alert generation.  Generating tickets usually frustrates the help desk, as SCOM can quite literally generate thousands of alerts a day, which essentially also makes SCOM our own private spam server.  Administrators create rules and put SCOM alerts in folders, and in the end, nothing gets changed while the same alert generates tens, hundreds, or even thousands of emails that go unanswered, and the problem is never actually solved.

The problem is never solved because of a fundamental lack of understanding of what needs to be done and why.  There are a few reasons why alert management is necessary:

1. There are technology issues with the product which require it.  State changes are not groomed from the database while the state of the object associated is unhealthy.  A failure to manage alerts and fix issues associated with them leaves data in the database beyond its grooming requirement. Likewise, state and performance data can be stored in the DataWarehouse for a long period of time. Failure to manage alerts can lead to a very large DW, often times containing lots of data that the customer could care less about and eventually leading to performance issues if it is not being managed.
   
2. All environments are different.  This should go without saying, but it means that it is impossible for SCOM to meet the exact needs of your organization OUT OF THE BOX.  Thresholds for alerts in one organization may be too high, while in others too low.  In some orgs, the monitor or rule is not applicable, and in some cases, what they really want to monitor is turned off by default.  As such, the SCOM administrators primary job is to tune alerts.

Tuning, while seeming like a simple job, requires teamwork. While it would be nice if your SCOM administrator is a technology guru, the reality is that this engineer likely knows bits and pieces about AD, Platforms, Clustering, Skype, DNS, IIS, SharePoint, Azure, Exchange, PKI, Cisco, SAN, and whatever else you happen to have in your environment.  He or she will likely not know these products in detail and as such relies on tier 1 and 2 to investigate issues as well as tier 3’s input as problems are uncovered.  That problem is further complicated by processes which need to change as actions by other IT administrators/engineers can lead to additional alerts for reasons as simple as not putting an object into maintenance mode before rebooting it.

As such, an alert management lifecycle is necessary to handle the end to end life of an alert, whether that be creation to resolution in the event of real problems or the tuning of alerts to reduce noise.  

Part 2:  What is the goal of an Alert Management Process?

Part 3:  Completing the Alert Management Life Cycle.

Register for the TechNet Virtual Conference 2016

Fabulous February is here at last!

This is the month some of the greatest names in TechNet Wiki history will step forth and give us knowledge!

That's YOU by the way!

Drop us a little ray of sun, a few lines of love, or virtual valentine!

Your revelations could enrich so many more if you copied it for posterity into the wiki of wisdom

We need heroes! We need YOU! Join us and grow your reputation amongst some of the greats of the community!

All you have to do is add an article to TechNet Wiki from your own specialist field. Something that fits into one of the categories listed on the submissions page. Copy in your own blog posts, a forum solution, a white paper, or just something you had to solve for your own day's work today.

Drop us some nifty knowledge, or superb snippets, and become MICROSOFT TECHNOLOGY GURU OF THE MONTH!

This is an official Microsoft TechNet recognition, where people such as yourselves can truly get noticed!

HOW TO WIN

1) Please copy over your Microsoft technical solutions and revelations to TechNet Wiki.

2) Add a link to it on THIS WIKI COMPETITION PAGE (so we know you've contributed)

3) Every month, we will highlight your contributions, and select a "Guru of the Month" in each technology.

If you win, we will sing your praises in blogs and forums, similar to the weekly contributor awards. Once "on our radar" and making your mark, you will probably be interviewed for your greatness, and maybe eventually even invited into other inner TechNet/MSDN circles!

Winning this award in your favoured technology will help us learn the active members in each community.

January's entries are now being judged, but below are December's mighty winners and contenders!

BizTalk Technical Guru - December 2015

Forefront Identity Manager Technical Guru - December 2015

Microsoft Azure Technical Guru - December 2015

Miscellaneous Technical Guru - December 2015

SharePoint 2010 / 2013 Technical Guru - December 2015

Small Basic Technical Guru - December 2015

SQL BI and Power BI Technical Guru - December 2015

SQL Server General and Database Engine Technical Guru - December 2015

System Center Technical Guru - December 2015

Transact-SQL Technical Guru - December 2015

Universal Windows Apps Technical Guru - December 2015

Visual Basic Technical Guru - December 2015

Visual C# Technical Guru - December 2015

Wiki and Portals Technical Guru - December 2015

Windows PowerShell Technical Guru - December 2015

Windows Presentation Foundation (WPF) Technical Guru - December 2015

Thanks in advance!

Ninja Ed and the infamous...
Pete Laker

Summary: Learn how to install a module from the PowerShell Gallery.

 How can I easily install a module from the PowerShell Gallery?

 Use the Install-Module cmdlet in Windows PowerShell 5.0, and specify the name of the module.

Уважаемые коллеги!

Подготовлен документ с планами разработки Microsoft Dynamics AXи информацией по выпущенной функциональности по состоянию на 04 февраля 2016 года.

Файл в приложении

In support we see many cases come through looking to create a customized synchronization rule to adhere to different business rules utilizing the Azure AD Connect (Azure AD Sync Services (AADSync)) Tool.  Here, I am creating this blog to provide some guidance on how to create a custom synchronization rule inside of the Azure AD Sync Services (AADSync) tool.  This blog is a sample illustration of how to take givenName and sn and flow those values into the displayName attribute. 

STEPS TO CREATE CUSTOM SYNCHRONIZATION RULE

1. Open the Synchronization Rules Editor
2. Select Inbound
   
   Inbound Synchronization Rule: Takes data from Source Connector Space to Metaverse
   Outbound Synchronization Rule: Takes data from the Metaverse to the Target Connector Space
   
   
3. Click the Add New Rule button in the upper right
4. Edit Inbound Synchronization Rule
   
   1. Description Page
      
      1. Name: In from AD - Update displayName attribute
         
         *NOTE: I like to try and stay in sync with the naming format used in the Synchronization Rules Editor.  You can provide any name that you desire here.  The key is to remember that you want to understand the purpose of this synchronization rule.
         
         
      2. Description: Updates the displayName attribute with the values of givenName and sn
      3. Connected System: <On Premise Active Directory>
      4. Connected System Object: user
      5. Metaverse Object Type: person
      6. Link Type: Join
      7. Precedence: 93
         
         *NOTE: I chose a lower number so that it would have the higher precedence.
         
         Synchronization Rule

         ---

         A Synchronization Rule is a configuration object with a set of attributes flowing when a condition is satisfied. It is also used to describe how an object in a connector space is related to an object in the metaverse, known as join or match. The Synchronization Rules have a precedence indicating how they relate to each other. A Synchronization Rule with a lower numeric value in precedence has a higher precedence and in case of an attribute flow conflict, higher precedence will win the conflict resolution.

         As an example we will look at the Synchronization Rule “In from AD – User AccountEnabled”. We will mark this line in the SRE and select Edit.A Synchronization Rule has four configuration sections: Description, Scoping filter, Join rules, and Transformations.

   2. For the purpose of this custom synchronization rule, we are not going to have any Scoping Filter and/or Join Rules. 
      For more information on these two items, please review the Understanding the default configuration page.
   3. Transformations Page
      
      1. Click the Add Transformation button
      2. Flow Type: Expression
      3. Target Attribute: displayName
      4. Source: [givenName]&" "&[sn]
      5. Apply Once: <empty>
      6. Merge Type: Update
         
         
   4. Click the Save Button

ADDITIONAL INFORMATION

• Understanding the default configuration: https://msdn.microsoft.com/en-us/library/azure/dn800963.aspx
• AADSync - Configure Filtering - Part 1: http://blogs.technet.com/b/steady/archive/2015/01/08/aadsync-configure-filtering-part-1.aspx
• AADSync - Configure Filtering - Part 2: http://blogs.technet.com/b/steady/archive/2015/01/09/aadsync-configure-filtering-part-2.aspx

いつも Office 365 をご利用いただきありがとうございます。

Exchange Online ではいくつかのレポート機能とトラブル シューティング ツールが組み込まれているため、今回はそれらのツールをご紹介します。

ご紹介するツールは既にTechNet やExchange チーム ブログでも既に公開しておりますが、ご存知ではないユーザー様が多数いらっしゃるため改めて本ブログとして紹介させて頂きました。
Exchange Online に関して有益なレポート機能やトラブル シューティング ツールを知りたいという方はまずは以下の公開情報を参照して頂き、ご要望に合ったツールがあるかどうかご確認下さい。

Title: Exchange Online での監視、レポート、メッセージ追跡
Url: https://technet.microsoft.com/ja-jp/library/jj200725(v=exchg.150).aspx

多くの機能があることがお分かりになるかと思いますが、その中でメールボックスの監査ログやメッセージ追跡はよく使用する機能であり、それらの機能の具体的な活用方法を以下のブログにてご紹介しておりますので、是非ご活用頂ければ幸いです。

Title : メールボックス監査ログの活用
Url   : http://blogs.technet.com/b/exchangeteamjp/archive/2015/11/11/using-mailbox-audit-log.aspx

Title: Exchange Online で検知されたスパム、マルウェア一覧の出力について
Url   : http://blogs.technet.com/b/exchangeteamjp/archive/2014/11/11/3640897.aspx

*******************************************************************************************************************************
本記事は 2016 年 2 月 4 日時点で執筆されたものであり、ご紹介したコマンドレットの動作、機能は今後変更される場合がございます。また 2015 年秋以降からレポート関連機能に問題がございましたが、2016年2月時点で大多数のレポート関連機能では問題が解消しております。ただし一部のレポート関連機能では問題が継続しているという報告があるため、解消が確認できましたら、本ブログでご報告させて頂きます。
*******************************************************************************************************************************