New Microsoft Certification Roadmap

Microsoft has announced a new roadmap for their certifications.
The full announcement can be found at Born to Learn

For me the interesting stuff is in the newer exams for client devices. 695 and 696 are two that look promising and I will definitely go after on my certification path.

I have recently passed my MCSA on Office 365. There are to exams 346 and 347 which I did quite well at having been knee-deep in a couple of large deployments before leaving my last job.

This year I have a list of exams I want to write those are:

410 – Installing and Configuring Windows Server 2012
411 – Administering Windows Server 2012
412 – Configuring Advanced Windows Server 2012 Services
413 – Designing and Implementing a Server Infrastructure
414 – Implementing an Advanced Server Infrastructure
243 – Administering and Deploying System Center 2012 Configuration Manager
415 – Implementing a Desktop Infrastructure
416 – Implementing Desktop Application Environments
341 – Core Solutions of Microsoft Exchange Server 2013
342 – Advanced Solutions of Microsoft Exchange Server 2013

In the past I was part of study groups which helped me get through a bunch of the Windows Server 2003 exams. I did 290,291, 293 and 294 with study groups. We all got a copy of the Microsoft Study guide and we took turns presenting a chapter in front of the other members. It worked really well for me to help get me over the hump and get certified. I wouldn’t be where I am today without certification. I am planning to run another study group for the 70-410 and will post an announcement here once I everything setup.

The New Outlook app for IOS and Android

Microsoft announced last week a new outlook client for IOS and Android. It’s very slick and really nice. I like the way it handles multiple mail servers (Exchange, O365, Gmail, Yahoo, iCloud and Outlook) and adds support for Dropbox, Box and OneDrive for file storage. Like I say it’s really nice (graphical wise) and I’ve been playing with it on my phone.

But

For the nice interface it does have, stuff some stuff is missing; namely Contact Sync. I need that and love the way the older OWA client did that. Setting Out-of-Office doesn’t work either with this app. These features are not in there yet. I imagine they are coming soon though.

Now, the ugly. If you have MDM policies or corporate policies regarding storage of credentials, this app might not be for you. Right now it only supports ActiveSync remote wipe. It won’t prevent email from coming down on a device with no unlock code from an exchange server that requires an unlock code. It’s a feature that is planned and is coming. No ETA. It also only identifies the app not the device behind it, so it may not be ready for primetime in your corporate environment. It also stores AD credentials in the cloud. Again, a show stopper for some orgs. Check the comments in the Office blog post “A deeper look at Outlook for iOS and Android” for details on this. Also there is a document for IT Pro’s on Yammer which covers this as well. I made a quick link for it @ http://bit.ly/OutlookYammerThread

Also to point out there will be a YamJam on Feb 4th @ 9am PST.  They will be covering security and other features on this date. If you are interested in finding out more or seeing the direction this app is going in, I would suggest attending. The link to Yammer I posted above will take you to the details.

Installing and Updating Adobe Reader

I am working with a customer and assisting them with their application updates. One of the applications needing updating is Adobe Acrobat Reader MUI. This version of Adobe Reader allows it to be displayed in English or French depending on what language the user is using. Reader is also one of those pain in the ass applications that nag the user to update all the time, so getting in front of this one and updating proactively is always a good way to get ahead of the bullshit calls you’ll get to the service desk. The users shouldn’t have to be asked if they want to update. We should be managing that for them and we know if we can update based on testing those patches.

If you already have Adobe Reader installed, just follow the part in regards to the MSP file. But if you don’t have Adobe Reader installed yet, basically it’s a quick install and update. Here is the link to the Adobe ftp site if you need to download the files. ftp://ftp.adobe.com/pub/adobe/reader/win/11.x/ When you download the Enterprise build, Adobe includes an admin customization tool, but I just ignore that crap. Seriously, unless there is a good reason to run that junk I don’t use it. In my opinion and in my case, there isn’t a good reason to use it as I don’t deviate from the standard install.

 

Adobe-Reader-Directory

Adobe Reader Directory with install files.

Run msiexec.exe /I AcroRead.msi /q. This will install the base of Adobe reader. In my case it’s version 11.0.00. Next grab the current msp file. If you already had Adobe Reader installed, this is your starting step. These are similar to an MSI file but updates. The command to execute these is msiexec.exe /update AdbeRdrUpd11010_MUI.msp /q. This will install the update bringing the MUI up to in my case 11.0.10.

For those of you using System Center Configuration Manager as I am, there are a couple of ways to ensure the order is maintained. Out of Order will cause a failure or at least the base version of Adobe Reader without the update. Create two packages, one package with source files for the Adobe Reader install (msiexec.exe /I AcroRead.msi /q) and the second package will be the Adobe Reader MSP (msiexec.exe /update AdbeRdrUpd11010_MUI.msp /q). Once you have the packages, you have two ways you can do this.

One way to do this is to roll a task sequence with the Adobe Reader msi install first followed by the Adobe MSP patch in the next step. Advertise that task sequence to your collection and Bob’s your uncle.

The other way is to edit the program properties of the patch and tell it to run another package first. In this case, Adobe Reader will be the package you will select to run first. Save that and then the patch will be the package you advertise to your collections.

Configuration-Manager-Program-SCCM

Program Properties in Configuration Manager 2012 SP1

Here is after the deployment. My machine in English language –

Adobe-Reader-English

Adobe Reader welcome screen on an english computer.

And then changing my language to french, notice the recycle bin name. –

Adobe-Reader-French-MUI

Adobe Reader welcome screen on a french computer.

 

Fix a Windows Machine not getting its info from the KMS Server

I’ve noticed over the past little bit where servers were reporting they were not genuine. We have a KMS infrastructure and machines are authenticating against it, yet we are seeing some that are not able to talk any more.

My co-worker and I began troubleshooting it, we jumped on the KMS Server and just checked stuff was on and working. It was, if it wasn’t, all hell would have broke loose.

Next we jumped on the Windows Server being affected. We looked at the product info and it stated no information. I wish we had grabbed a screenshot. If I get another server with this issue, I’ll repost.

Next we jumped to the command prompt and type

slmgr /ipk YC6KT-GKW9T-YTKYR-T4X34-R7VHC.

This key is the KMS key you use when you want Windows to use KMS instead of MAK. This changed the server from not having info to be unlicensed and needing a key. Next we force the server to communicate with the KMS server. 

Next we run

slmgr /ato

Once the machine checks in with the KMS server you are good to go. Again, this is with the assumption that your KMS server is up, running properly and has hit the threshold for number of machines needed to start activation.

If you need all the keys for KMS activation, here you are  http://technet.microsoft.com/en-us/library/jj612867.aspx

Using PowerShell to Set Properties on a List of Groups

In a previous post on Using PowerShell to Get a List of Groups from Active Directory, I showed you how to get a list of groups and export it to a CSV file. Now that we’ve done that, I’ll show you how to use that data to feed another set of commands where you can edit the groups. If you work with Address Book Segregation or new Address Lists in Office 365, you’ll need to do this at some point so that the data populates.

Lets import the file we created in PowerShell in that last post and import it into the routine here.

Import-csv $filename | %{Set-ADGroup -Identity $_.SamAccountName -Replace @{extensionAttribute1="YourTextHere"} }

What we are doing is importing the CSV file and then for each line in the file (the % {} handles that), we are using the Set-ADGroup cmdlet using the SamAccountName column as our identity and replacing extensionAttribute1 with a string of “YourTextHere”. You can change anything you want on the group, name description, etc.

Note that I am using $filename for the filename value. You can also use a string, say “.\filename.csv” as that works fine as well. I often use $filename as I am usually doing this in a routine which runs daily and I am changing the filename based on date. In a future post I’ll share with you my user provisioning PowerShell script for Office 365 which licenses up the users.

Using PowerShell to Get a List of Groups from Active Directory

I’ve been busy the past bit manipulating my QA environment to better match the production environment. One of the things I’ve needed to do was pull a list of Active Directory (AD) groups from certain Organizational Units (OUs) and put them into a CSV file where I can then use it to do things like change the email domain, descriptions, etc.

The command you need is as follows, note you need to run this from a machine with the Active Directory PowerShell module installed on it.

$filename = ".\ExportedGroups.csv"
Get-ADGroup -Filter '*' | select-object * | where-object {$_.distinguishedname -like "*,OU=Container,*"} |Export-Csv -Path $filename

What the above script is doing using Get-ADGroup to grab the list of groups, selecting all the fields in the group, using a where-object to figure out which OU we want to use. The OU in this example is container but can be whatever you want or if you have OUs with the same name, then use more of the OU structure like “*,OU=Container,OU=Unique Parent Container,*”.

Finally we export the results to a file named ExportedGroups.csv which is located in the same file as the script.

Windows Modern Apps not Running Properly

Ever work on windows 8 or 8.1 and find the modern apps won’t start?

Yesterday I tried opening my modern apps and all I’d get is a black screen then bomb back to the start screen.

Piss me off, I wanted to use the music app to drown out the background noise around the office.  So I dug into it and found this handy PowerShell script.

((Get-ChildItem “HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\InboxApplications”) | Get-ItemProperty).Path | Add-AppxPackage -Register -DisableDevelopmentMode

I ran that and I was back in business. Or back into Xbox Music. I found this script on this article:

http://answers.microsoft.com/en-us/windows/forum/windows8_1-windows_store/all-modern-apps-fail-to-start-after-windows-81/a80793c7-c214-43ec-9ca9-5c758f9ad840

Saving an Office 365 PowerShell Export with the Current Date in Filename

Powershell Logo

Working with PowerShell for my Office 365 projects, I have created a couple of scripts to provision users and to run through and assign users specific address books.

One of things I do is dump all my new users to a CSV file. However, I want a file created each time its run showing me which users are created.

First thing is to make a variable with the current date in the format you would like.

$CurrentDate = Get-Date -format dd.MMM.yyyy

Next I create the filename in a variable using the combination of the filename I want and the date variable.  (The code is all one line, but might not display that way here.)

$filename1 = "c:\Export\Users\Provision-Student" + $CurrentDate + ".csv"

Finally I then call the file by piping a command to export-csv.

Get-MsolUsers -All Domain "contoso.com"| Select UserPrincipalName | export-csv -path $filename1


I schedule this to run once daily and every day I have a file all my users in the contoso.com domain.

In another post I’ll show you how to clean up these files so you aren’t overrun with them.

Vulnerability CVE-2014-1776

Be aware of a security issue for Internet Explorer 6 to 11.

The full information about the bug from Microsoft can be found here. Note there is no fix for Windows XP. If you are still running it, get off it. Until a fix is released, there are mitigation strategies you can apply.

The following article from Microsoft covers off some strategies to help protect your environment.

https://technet.microsoft.com/en-US/library/security/2963983

Updating Hardware Devices Running Lync Phone Edition

I’ve had a Polycom CX600 sitting on my desk for a few months now. It’s been acting up in that it was unable to connect to the Lync server. I figured it needed an update but wasn’t sure how to update these devices.

Turns out there is a handy feature as part of Lync Server since 2010. Basically you download the updates, then run a powershell command.

Get-CsService -WebServer | ForEach-Object {Import-CsDeviceUpdate -Identity $_.Identity -FileName C:\updates\ucupdates.cab}

This will update all Lync servers running web services which in my case meant two standard edition servers. Which in turn will push the updates down to the devices. Pretty handy.