Upgrading a Windows Server 2003 Domain Controller

Customers seem to be finally getting the message about end of support for Windows Server 2003. Support ends in July. (July 14,2015 actually) So I have been assisting customers in preparing for their upgrade.

In most cases, the Server 2003 box is a 32-bit box so the an in-place upgrade path is non-existent. So I have designed steps for a side by each upgrade. The idea here is to bring up a new box on Server 2012, promote it to a domain controller and then demote the old 2003 Server DC.

*Update – One note before you start, you need to be at the Windows 2003 Domain and Forest level.

After installing the domain services role, click in the upper right, then click on Promote this server to a domain controller. 


Next fill in the Deployment Configuration options. As you can see , I have selected Add a domain controller to an existing domain, selected a domain and entered my credentials.




Next I observe the settings, enter in a password for Domain Services Restore Mode (don’t lose this password) and click Next



Click Next 


Observe settings and click Next


Observe settings and click Next



Click Next 



Click Next



After the pre-req checks, click Install


Once this completes, the server will reboot and you’ll have a new Domain Controller running a more modern version of Windows Server.

Next post I’ll cover off demoting the Windows 2003 Server.



Setting up Quickbooks as an Application in Azure AD

Adding applications to your Active Directory implementation in Azure AD is fairly straight forward. Let me walk you through a setup and show you what you’ll need to do.

First you need sign up for Windows Azure. This part is free, just go to your free azure trial.  Note that having an Active Directory in Azure does not cost anything. You can add a limited number of applications under the free version as well but can’t use two-factor authentication.

Next you need to create a directory. The Microsoft MVA I recorded with Anthony Bartolo covers this off way better then I can do here. So go on and watch it, follow along and once you are familiar with that, come on back.

You should now have an Active Directory in Azure. Here is a screenshot of my directories.


Once your users are created and working properly, head over to the applications.


In the applications area, click add in the lower bar on the screen.



Click on Add an application from the gallery


Next search for the application you want. In my case I entered in Quickbooks and searched for it. Find the app, click on it and click the check mark.


Now that you’ve added the application, you need to assign it to the user. The wizard will bring you to this screen. First click on Configure single-sign on.


Here you are going to select Password Single Sign-On then click the check mark.


Next you will go back to the Your app has been added! screen. Click Assign users


Change the sort to users (or if you want to assign to a group, leave it as is). Find the group or user you want, select it and then click ASSIGN.


You will get a warning screen. You have the option of putting in credentials in for the user (great if you don’t want the user to know the underlying password for the application) or the user will be prompted for them first time if you do not.

Next direct the user to myapps.microsoft.com and have the user log in. If you have two-factor authentication on then you will be challenged for the second piece of authentication. Two-factor authentication is available on Azure AD, but it has a cost for each user who needs it. Having two-factor authentication is a great way to lock down your system though.

Once the user logs in you will screen like the following.


Click on the application, in this case Quickbooks and then you will be prompted for Quickbooks credentials if the admin didn’t enter them in and you have not done so yet.Azure-Active-Directory-Screen-13

Once you do this, you’ll be good to go.


Clearing the Windows Update Cache

I’ve been seeing issues with Windows updates where computers are getting errors checking in with WSUS. Out of 250 computers I have half a dozen that have update errors. The fix for these is to clear the Windows update cache.

Clearing the cache is straight forward.

  1. Open a command prompt as administrator
  2. run “net stop wuauserv”
  3. go to the windows folder and delete the SoftwareDistribution folder.
  4. run net start wuauserv

There is a Microsoft fixit you can use as well. Check out this link http://support.microsoft.com/Default.aspx?kbid=971058 for more information.

Setting up a Delayed Charge in Quickbooks Online

I moved to Quickbooks Online from Quickbooks Pro. In Quickbooks Pro I had the option to mark an invoice as a draft. It let me keep track of hours I was billing to a customer without actually creating a receivable that would show up on aging reports, etc. That feature, sadly is missing from Quickbooks Online (maybe I am the only person who used it, don’t know). My bookkeeper, who is awesome, suggested another option, use a delayed charge.

Creating a delayed charge is pretty straight forward. From the  customer portal, click on the plus sign (+)at the top of the screen and then select Delayed Charge, as seen in the picture here.


This will bring you into the delayed charge screen.  Enter the required information. In this case I created a consulting charge. Then click Save and close.


You can do this multiple times and add extra lines in a delayed charge.

When you are ready to actually invoice, return to the customer portal, click on Unbilled Activity to filter your delayed charges. Then click Start invoice for the customer you wish to invoice.


Now you will be brought to the familiar invoice page. You probably know what to do here. Note you may need to tab through the invoice to get the tax to show up correctly. Here’s hoping this is something that can be resolved in a later update.


That’s all there is to it.


Unattended Install of VMWare Workstation 11

One of the apps a lot of places I consult for use is VMware Workstation 11. They use it to test out deployments, apps, that sort of thing. I use both VMware Workstation and Hyper-V running on Windows 8.1. Both have benefits and draw backs, but that’s not what this article is about.

Installing it unattended so you can script the install is rather tough. The instructions on the VMWare site are plain wrong and don’t work as advertised. I am not even sure why the stuff is there it’s so bad. Luckily, I was able to find an install guide online and thought I’d pass it along.

If you download the install you will get file named along with the version in the name.

Run that file with the following switches. For example ->

Vmwareworkstation-x.y,z.exe /s /nsr /v ADDLOCAL=ALL DISABLE_AUTORUN=0 EULAS_AGREED=1 DESKTOP_SHORTCUT=1 QUICKLAUNCH_SHORTCUT=0 AUTOSOFTWAREUPDATE=0 DATACOLLECTION=0 SERIALNUMBER=”abcde-fghij-klmno-pqrst-uvwxy” REBOOT=ReallySuppress /qn /LiV C:\temp\Install_VMwareWorkstation_11.0.0.log

You can add the file to your applications in Microsoft Deployment Toolkit (MDT) and use the above line with a proper serial number to deploy it automatically.

The original article I found is located at IT Ninja

Ensuring your Azure Website is Fast to Load

So I’ve been playing a bit with WordPress on Microsoft Azure. One of the things I quickly noticed was that the site was slow to load when I first accessed it. A wait time of 10 – 15 seconds was not uncommon. For a production website, that’s unacceptable. I figured there had to be a way to speed this up, no one would use the Azure service if it is that slow.

The fix is an easy one provided you are not using the free or shared tier. (I am using Standard Tier) Go to the configuration tab and part way down the screen there is a toggle for Always On. Basically, if this is set to Off, the site goes to sleep to save system resources when it hasn’t been accessed for a while. Great idea for a test site, not so good for a live site. So just change the Always On setting to On and you are finished.


Provisioning Users in Office 365 Who are Not Provisioned

One of things when setting up Office 365 is to provision new accounts with licenses. There is a quick and easy way in Office 365 to get a list of these users and then provision these users. Login to your Office 365 account via PowerShell

Get-MSOLUser -Domain "contoso.com" -UnlicensedUsersOnly -All | Select UserPrincipalName | Export-Csv -Path 

Once you have a file full of your unlicensed users you can then set each of the users with an Office 365 License. Using the same filename we created above we can run the following command which will basically loop for each user in the file and set the license.
Import-Csv -Path “c:\temp\filename.csv” |%{Set-MsolUserLicense -userPrincipalName $_.UserPrincipalName -AddLicenses “contso:ENTERPRISEPACK”}

How did I get the license to use? Easy, Just run  Get-MsolAccountSku and it will list off your licenses. For a full page of information check the TechNet blog for more of these.  I am also sure there is a way you can use a variable to pass the values on without creating a file, but I do like having the file for a sanity check if something goes wrong.


The Gruffalo’s Child

I had the chance this past weekend to take Nathan to the Gruffalo’s child. It was at The Grand Theatre and put on by Tall Stories. The city also had a table setup to make crafts. In typical Nathan style, he made 2 puppets. The kid loves doing arts and crafts.



We waited for the show to start and one of the things that impressed me most was about five minutes before the show started the mouse, who is one of the main character’s in the show, comes out and starts working the crowd asking for cheese. The reason this impressed me is as one who has done a fair number of IT presentations over the years, meeting the crowd beforehand gives a good feel to gauge your audience.


The show started shortly after and I will say it was very well done. The person playing the Gruffalo also plays the part of the Snake, Owl and Fox and he did a great job mixing it up. All the actors were very good and I caught the lady playing the mouse smiling from ear to ear as she rested along side the stage waiting for her next part in the play. You could tell she was enjoying performing the show. There was a joke or two that maybe only the adults would have picked up but this show did a great job of entertaining all ages. I see they are moving on to the United States now but if you do get the chance go see a show, do it as I don’t think you’ll be disappointed.



Pictures of the Gruffalo’s Child play are courtesy of Tall Stories.








Hybrid Cloud for IT Pros – A Series on Azure

Microsoft Tech Evanglists in the US are posting a series on Azure called Hybrid Cloud for IT Professionals. The link to it is http://blogs.technet.com/b/it_pro/archive/2015/03/07/the-hybrid-cloud-and-the-it-professional-the-blog-series.aspx?linkId=12794611.

Azure is capable of many things. I use it to host websites and also use it to host some of my own domain controllers and some of my ADFS infrastructure. Learning to schedule how to turn off resources when not needed is a skill that will help you save money using Azure as well.

I find Azure is a great tool, helping me deploy things quickly but I find not all customers are able to take advantage of it. Some have regulatory hurdles (data sovereignty) and some just don’t have the man power or knowledge to do that. If you find you are the latter, get in contact with me and I can help with that.

Securing SQL Traffic using Certificates

I am deploying Microsoft Bitlocker Administration and Monitoring (MBAM) for a customer and one of the things we want to do is encrypt the traffic between the front end application server and the SQL Server. Here is what the topology looks like from TechNet.

Securing the connection between the two servers is relatively straight forward. First get a certificate from your favourite Certificate authority (can be internal or can be 3rd party in this case, your choice) and import it into your personal certificate store. What kind of cert do you need, check TechNet for the answer to that question. Basically it needs to be able to handle server authentication. Once imported, right-click on the certificate and manage the keys.

Screenshot for managing certificates

Here you assign read access to the keys to the account that runs the database service which will use the certificate. In my case I used a service account of srvdbsi01 so I assign that account the rights of read.

Screenshot of the properties for manage keys

Open SQL Configuration Manager. Expand SQL Server Network Configuration and right-click on Protocols for MSSQLSERVER or whatever the name of the instance you want to secure is.


Next set the certificate by selecting it from the pull down list.


Then click on the flags tab and set the Force Encryption to Yes.


Now restart the SQL service and you’ll be good to go.