Upcoming MVA Courses

I was poking around on Microsoft Virtual Academy today and discovered a bunch of great looking live events that are coming up in the next several weeks.  If you've never checked out MVA, now is the time to visit and register!

• Feb 25th - Getting Started with PowerShell Desired State Configuration (DSC) 
• March 3rd - Azure and Open Source: What You Need to Know
• March 26th - Azure Active Directory Core Skills Jump Start

The Imperfect Lab: Deploying More VMs

As I mentioned, I had created my first VM in my Imperfect Lab with the Azure Portal.  But I wanted to be able to do this using PowerShell from my workstation To recap my "physical" set up so far:

• VNETs
• ImperfectNet
• AnotherNet
• Storage Accounts in Different Regions
• imperfectstore (West US)
• anotherstore (East US)
• Cloud Services
• imperfectcore
• anothercore

(I don't think I've mentioned it before, but if you are just starting out and need to get your ISE connected to you Azure account, just run Add-AzureAccount. You'll get prompted for your credentials.)

To start, I'm just going to create an additional server in the same network as my current domain controller.  Then I'll have a server I can promote to DC later, or use for another service. 

If you have multiple subscriptions and/or multiple storage accounts set up, like I do, you need to make sure Azure knows where you want to put things. My subscription happens to be the Visual Studio one.

Set-AzureSubscription -SubscriptionName "Visual Studio Ultimate with MSDN" -CurrentStorageAccount "imperfectstore"

Then you'll want to configure the basic variables for your VM. In this case, this is the adminstrator name and password, as well as the name of the Windows Server 2012 R2 image available at the time of this exercise. You'll want to make sure to get the current name of whatever OS you want to install.

$un = "adminname"

$pwd = "secretpassword"

$image = "a699494373c04fc0bc8f2bb1389d6106__Windows-Server-2012-R2-201411.01-en.us-127GB.vhd"

Pick up that VM image the full list with: Get-AzureVMImage | Select ImageName

Then,  configure a few more variables using the New-AzureVMConfig.  In this case, I'm settting the server name and instance size, pulling in the username and password variable I set with the lines above and specifying the pre-existing subnet I want to use.

$newVM = New-AzureVMConfig -Name "Server2" -InstanceSize "Small" -Image $image |

     Add-AzureProvisioningConfig -Windows -AdminUserName $un -Password $pwd |

     Set-AzureSubnet -SubnetNames "FirstSubnet"

Finally, kick off the VM creation with one of the following options: 

• Into an Existing Cloud Service: New-AzureVM -VMs $newVM -ServiceName "imperfectcore" 
• Into an New Cloud Service:  New-AzureVM -VMs $newVM -ServiceName "newcloudservice" -Location "West US" -VNetName "imperfectnet" 

Give this all a few minutes to cook and your new VM will be deployed. I haven't joined it to the domain yet... baby steps here, baby steps!  I like to make sure one thing works at time, so it's easier to troubleshoot when I have issues.  That's what a lab is for, right?  

Update (12/26/14): For easy access to these code snippets, you can find them here.

The Imperfect Lab: Standing Up Active Directory in Azure with PowerShell Remoting

Today in my Imperfect Lab, I needed to start adding some servers so I could build out a domain. So I popped over to the management portal and quickly spun up "DC-Cloud1" in the "FirstSubnet" of my ImperfectNet.

• ImperfectNet
• FirstSubnet (192.168.1.0/24) <- right in here!
• HalfSubnet (192.168.2.0/25)
• Gateway (192.168.3.200/29)

I logged in and was just about to click "Add Roles/Features" when I paused. What fun is that? I've installed AD a million times that way and it would be way more interesting to do it from PowerShell ISE from my laptop. So I closed out my RDP session and got to work.

First you have to install the remote access certificate on your local machine. To do that you want to download this script - Configures Secure Remote PowerShell Access to Windows Azure Virtual Machines.  Put is somewhere easy to access, open it in PowerShell ISE and then feed the script your personal variables to install the certificate on your machine.  Once that's done, you'll be able to use the lines below to open a PowerShell session directly to your VM. (For more info Michael Washam's script, check out his post, Introduction to Remote PowerShell with Windows Azure.)

$uri = Get-AzureWinRMUri -ServiceName $cloudServiceName -Name $Name 
$cred = Get-Credential  
Enter-PSSession -ConnectionUri $uri -Credential $cred  

Now that I had a secure, remote session it was time to install Active Directory.

Add-WindowsFeature -name ad-domain-services -IncludeManagementTools
Install-ADDSForest -DomainName "yourdomain.com" -ForestMode 5 -DomainMode 5

Those "mode" numbers are adjustable for controlling the forest and domain functional levels. 5 is for 2012. For Server 2003 functional level use 2, for Server 2008 use 3.

Finally, just in case I wanted easy access to RDP to the machine, I installed the newest Remote Desktop Connection Manager 2.7. This way I don't have to download and keep track of RDP files from the Azure Portal every time. (Shout out to Tommy Patterson for letting me know about that version update last week!)

Week 5 of Modernizing Your Infrastructure with Hybrid Cloud

This is the 2nd to last week of the  "Modernizing Your Infrastructure with Hybrid Cloud"  series and in part 5, Yung Chou and Keith Mayer demonstrate ways in which you can manage and automate your hybrid cloud environment. Tune in for this demo heavy session as they showcase System Center, Microsoft Azure and the Windows Azure Pack as well as PowerShell for Azure, PowerShell DSC for configuration management and Azure Automation for automated runbooks.

•  [1:15] When architecting a Hybrid Cloud infrastructure, what are some of the important considerations relating to management and automation?
• [4:09] You mentioned PowerShell for automation ... how can PowerShell be leveraged for automation in a Hybrid Cloud?
• [7:54]  Is PowerShell my ONLY choice? Are there other automation and configuration management solutions available for a Hybrid Cloud?
• [11:12] DEMO: Let's see some of this in action
• Brief tour of System Center and Azure / Azure Pack management portal interfaces
• Getting started with PowerShell for Azure, Azure Pack automation
• Intro to PowerShell DSC for configuration management
• Intro to Azure Automation for automated runbooks

Also upcoming for the blog posts related to this week:

• Tue: Getting Started with On-Demand Private Clouds with Azure Pack by Keith Mayer
• Wed: Automating the Hybrid Cloud with PowerShell and Azure Automation by Keith Mayer
• Thu: PowerShell Desired State Configuration (DSC) by Kevin Remde
• Fri: Monitoring the Hybrid Cloud by Dan Stolts

Happy Valentine's Day From TechNet Radio!

Its time to break out the “We ♥ PowerShell” candy and cuddle up with your favorite PowerShell cmdlets as Dr. Love…er…we mean Dr. Scripto, joins us for this special Valentine’s Day edition of TechNet Radio. Tune in as Blain Barton and Ed Wilson dish out the PowerShell love advice and give us their Top 14 things they love about Windows PowerShell.

• [1:17] I have a lot of workloads out there, is Windows PowerShell everywhere I need it to be?
• [2:12] Is Windows PowerShell really readable code?
• [3:10] Is it easy to get started with Windows PowerShell?
• [5:54] Is Windows PowerShell well documented via the community, and via books and blogs? 
• [7:32] I think I’m addicted to Windows PowerShell.  Should I see a doctor?
• [9:12] We are on version 4.0 now- does PowerShell get better with age?
• [10:16] Is Windows PowerShell easy to use? 
• [11:08] I’ve been using PowerShell forever, but have some newbies that want to learn, is it easy to get help
• [12:57] Is Windows PowerShell Self Discoverable? 
• [14:06] Is Windows PowerShell Self Documenting?
• [15:39] Does Windows PowerShell really save IT time
• [17:38] Does Windows PowerShell really save IT money?
• [20:12] Is knowing Windows PowerShell good for job security? 
• [20:56] I don’t always script, but when I do, should I use PowerShell and why? 
• [23:08] Are PowerShell and Azure meant for each other?
• [24:54] A PowerShell Love Poem: “How do I love thee PowerShell….let me count the ways…”

Here is a direct link to the episode:

http://channel9.msdn.com/Shows/TechNet+Radio/TechNet-Radio-IT-Time-Valentine-s-Day-Special-The-14-Things-we-LOVE-about-PowerShell

Northern California Powershell Users Group in SF!

Tonight, I had the honor of hosting the Northern California Powershell Users Group in San Francisco.  The topic was using Azure with Powershell.

For those of you who were there, a lot of conversation revolved around provisioning and managing Azure and I wanted to mention that Microsoft (via Technet Events) just finished up a round of IT Camps for Azure IaaS.

At those events, attendees build out a dev/test environment in Azure and while most of the lab guide detailed everything out with using the GUI, there was a bonus challenge at the end that included doing everything with Powershell.

If you are looking to start using Azure with Powershell and want a good place to start experimenting, I suggest getting a free Azure Trial and then downloading the lab manual to give it a shot yourself.  You can find a copy of the lab manual at http://aka.ms/SlidesPlus under the “Azure Camp – Fall 2013” folder.

You’ll find the “Challenge Exercise” and instructions on where to find the necessary Powershell, towards the end of the manual.

Enjoy!

PowerShell... Now Less Daunting

Last Friday, I had the luxury of attending another PacITPros TechDays... It was all about PowerShell.  Jason Helmick taught in SF and in the East Bay.  Both days were completely packed. PowerShell IS where Windows is going for administration.

If you haven't had the chance to listen to Jason talk about PowerShell, you are missing a great chance to learn how to use it. Jason is fun, upbeat and knows his stuff.  Check out his blog (http://www.jasonhelmick.com/) for more about PowerShell.  He might just mention where he'll be speaking next.

So what did I take away from the class?

1) Learn this: get-help
Seriously, it's ALL about RTFM. Learn it, love it, learn how to use it. It's all there.

2) Don't type this:  get-service | stop-service
PowerShell can give you a bunch of ways to make your job easier and another bunch of ways to screw up big time. Read and comprehend before you press enter. PowerShell doesn't ask if you are sure.

After 8 hours of lecture and labs, Jason didn't teach us the "Top 10 PowerShell Commands for Administering Windows".  We didn't walk out of class with a handout of the everything we'd need to know.  Quite the contrary.  Jason taught us where to find what we needed and how to figure out if whatever we were trying to do would work or not.  And that is really all you need to be comfortable with the command line of the future for Windows.

Migrating to Exchange 2010 (Part 2) - Certificates

Depending on your installation of Exchange 2010 and what internal and external services you want to provide, you'll likely need a new SSL certificate from a 3rd party provider. You probably already have a basic mail.company.com certificate, but that's just not going to cut it anymore. 

If youl'll be supporting mailboxes on a previous version of Exchange or providing access to supporting Outlook Anywhere, you'll likely need additional host names on your certificate, like legacy.company.com and autodiscover.company.com. This will require a SAN (Subject Alternate Name) certificate. 

Exchange supports different URLs for internal and external access and after a typical installation, your internal URLs will be set to the FQDN of the server name (server.company.com) and external URLs will be set to whatever host name you specify during the install of the CAS server, like mail.company.com. 

In order for us to get a shiny new SAN certificate, we had to revoke our existing mail.company.com while we were waiting for the new certificate to be issued. This would cause some temporary certificate problems with anyone who tried to use Outlook Web Access, but since this was a weekend project and I already declared the entire weekend as a maintenance window I wasn't too concerned about it. 

Meanwhile, I moved all my users mailboxes to the new server. All the Outlook clients were happy with the server's self-signed certificate, which was great, since our 3rd party certificate provider took a few days to finish issuing the new cert. Once the new certificate came, I loaded it onto the mail server and authorized it for IIS to use.

My OWA certificate errors disappeared, but shortly there after we started getting reports of Outlook 2007 complaining about the certificate having a different name than what it was expecting. This was because we didn't include the server name as part of the certificate, but all the internal URLs referenced the FQDN of the server's real name.   

Some of the internal URLs can be change in the Exchange Management Console, but there are a few that are easily overlooked since you can only change them using PowerShell, particularly the URLs for Autodiscover and EWS (Exchange Web Service). 

Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.company.com/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.company.com/ews/exchange.asmx

Then be sure to recycle your MSExchangeAutodiscoverAppPool in IIS.  You can read more about this issue in Microsoft's KB 940726.

Exchange 2010 Lab: Things I've Learned So Far

This month, I've been trying to concentrate on working on my test lab for Exchange 2010.  I've done a lot of reading about Exchange 2010, but now is the time where the rubber hits the road and I can start seeing what I've been reading actually means in practice.  Also, this gives me a reason to start paying attention to PowerShell, since I've have little need for it so far and I know I need to start learning it!

I did a pretty standard, "out of the box" installation of Exchange for this first test and I was having a problem moving mailboxes and creating databases.  If you are already a member of the Organization and Recipent Management groups in AD, then you might need to rerun the "setup.exe /PrepareAD" command to reapply the permissions. 

Yes,  the PrepareAD switch is run when you do the standard install.  And yes, even when I manually checked all the permissions they looked fine.  However, rerunning /PrepareAD solved my issues. Want to read more about Exchange Trusted Subsystem permissions and how they fit in?  Go here, to Richard's Exchange Ramblings on TechNet Blogs.

And for a little useful PowerShell, here's how to find the versions of Exchange you have installed in the entire organization:
Get-ExchangeServer | Format-Table Name, *Version*
For reference, all build numbers listed in this KB Article - http://support.microsoft.com/kb/158530

Finally, if you've been tweaking the Rentention Policies and want to kick off the Managed Folder Assistant immediately to see if your policies work for a particular user, here's the PowerShell for that too.
Start-ManagedFolderAssistant -Identity *MailboxOrMailUserIdParameter*
The full explanation of that command can be found here.