Updated Certification Roadmap Now Available

Microsoft have updated the popular Skills and Certification Roadmap to reflect the latest skills development and certification information, including the new Devices MCSE, Azure exams and exam electives.  For certification pathways, download the roadmap as a PDF here.

Aaron @aaronw2003

Teaming, QOS, and Virtual Fabric Adapters

By Aaron Whittaker

Lab: This is all done on Windows 2012 server.
Teaming: assume I have a x4 (quad) 10gig card for this discussion and demonstration.  That will give you an aggregate of 40gig in a team.  This is great and can be pooled using tagged/untagged traffic with QOS!

(First demo will be in GUI but can be done in Powershell [PS], the second demo can only be done in PS)

Go To Server Manger, Local Server, Select Teaming,  Tasks, New Team, Insert a team name and select the nics.

Insert a team name and select the nics.

Once this is done, select the team, select Team Interface, Add Interface, Enter a name and an additional port.

At the end of this demonstration we now have the team of nics that has untagged (default) traffic and also an additional DMZ VLAN 200.

We could add this to a single Hyper-V virtual switch and everything would work as expected.  Are we done? No. There is no isolation (customers may not like DMZ on the same virtual switch) additionally there is no switch QOS settings. Delete the interface and Team and start again.

In PowerShell lets make the a team with the same adapters.

New-NetLbfoTeam “4x10GbE Team” –TeamMembers “Ethernet 2″,“Ethernet 4″,“Ethernet 5″,“Ethernet 6″ –TeamNicName “4x10GbE”

Now we create a Hyper-V Virtual Switch that binds to the NIC team, this switch has bandwidth management set by KB/S.

New-VMSwitch “LM40GbE switch” –NetAdapterName “4x10GbE Team” –MinimumBandwidthMode Absolute –AllowManagementOS $false

New-VMSwitch “Mgmt40GbE switch” –NetAdapterName “4x10GbE Team” –MinimumBandwidthMode Absolute –AllowManagementOS $false

Now we can make many Virtual Fabric Adapters for the Hyper-V host.  Create a virtual NIC in the management operating system for Live Migration, and Virtual Machines.

Add-VMNetworkAdapter –ManagementOS –Name “LiveMig” –SwitchName “LM40GbE switch”

Add-VMNetworkAdapter –ManagementOS –Name “VMs” –SwitchName “Mgmt40GbE switch”

Assign a VLAN to the virtual network adapters.

Set-VMNetworkAdapterVlan –ManagementOS –VMNetworkAdapterName LiveMig –Access –VlanId 100

Set-VMNetworkAdapterVlan –ManagementOS –VMNetworkAdapterName Mgmt –Access –VlanId 1

For QOS/BandWidth managment, I refered to this

The reason to utilize the Add-VMNetworkAdapter cmdlet is we can now have a dedicated Virtual Network Adapter for the Host to assign to the Virtual Switch.  We can then have full switch isolation while utilizing a shared pool resource (the nic team).  Now that we have different switches we can set different bandwidth polices for different pools of VMs or VLANS.

All comments/suggestions are welcomed.

Aaron @aaronw2003

Installing and Running Azure Active Directory Sync AADSync Beta 3

Created by Aaron Whittaker.  Not to be reproduced without prior permission.

Ingredients Required: AADSync MicrosoftAzureActiveDirectoryConnect.msi installer from the BETA program (using version 3.7.1224), Domain Controller, Office 365 subscription, Azure, 2 Windows 2012 R2 domain joined servers, Public trusted certificate and a valid domain.

Time: A few hours.

My deployment is not complete and requires further work or your input.  I will mention that my virtual machines are running in another Azure subscription (which is a supported configuration see my TechNet article on the topic here).  I will investigate if something is blocking here (endpoints inbound and outbound.) 

The first time I tried this exercise I did not have a public trusted certificate.  I tried a Self Signed certificate but it did not work (Azure documentation says that it should).  So I purchased a domain, so I could a valid public certificate.

My existing environment consisted of a DC and a DirSync server.  I simply turned off the DirSync server and created a new server called AADSync and a WebAppProxy.  This normally leaves the sync’ed users populated in your Azure AD.  This was not an issue for me as the new DirSync server will take over, or I could have manually removed the now ‘In Cloud’ users.  I installed DirSync just via running the new AADSync DirectorySyncTool.exe installer (just using the default SQLExpress) and just configured and installed DirSync.  This was because I didnt have the certificate.

I ran the MicrosoftAzureActiveDirectoryConnect.msi installer on my server named AADSync.  The installer is only 976kb so it downloading all files as required.

Installing DirSync


The installer now installs the pre-requirements if required which is a nice feature!

  • .NET 3.5
  • SQL Express LocalDB
  • Azure Active Directory Sync Services
  • Sign-in Assistant
  • AAD Connector
  • Azure Active Directory module for Windows PowerShell

2 3

After going away and making an Azure subscription for my Office 365 tenant, here I entered my Office 365 public domain verified administrator account adminuser@brisbanecloud.net


Here I chose Customize.


I selected single AD forest.


I selected Single Sign On.


Entered my local Domain Admin credentials.


Error: Here is where I ran into my first issue.  I only had a .cer file, once I made a self signed .pxf I still could not proceed.  

I pressed back several times and proceeded with Express settings.

9 10 express 11 12

After this new Installer I was able to go in and configure DirSync as described in my previous post here.  The DirSync configuration wizard ran as normal and as expected.  The location to administer dirsync changes is in the location shown below.  This is still no DirSync app showing on the desktop or under programs.

21 22

 Installing SSO

Here are the steps for SSO configuration.

I went away and purchased brisbanecloud.net, then created a free public trusted certificate.  Then I re-ran the Azure AD Connect Preview shortcut located on my desktop for a second time.  Here you can see that my Office 365 credentials (now also Azure creds) were required.  If you go into the installer and press back a few times as you can see it saves your settings (only for that install session).  I selected Continue, entered my Active Directory credentials, next.


Here I browse and select my Public Trusted certificate.  It must be in PFX format.  I enter my password.  From the drop down I select the URL.

Error: Subject name must have www.  I went and renamed my pfx file and reloaded it to fix this issue.

I selected next, then I added my AADSync server which will become my ADFS federation server, next

34 after pfx password  36

Then I selected my Web Application Proxy server,

Error: Here I had to enable PSRemoting on the WebAppPrxy server via PowerShell.

Then I selected next.


Then I entered my same Domain Admin credentials (Enterprise admin was required), next.  Then I selected Create a group Managed Service Account for me and next.

40 41

Then from the drop down I had this error.

Error:  The domain needed www. in it.

I went to Azure as it mentions ‘Azure’ in the error and verified http://www.brisbanecloud.net under domains in Active Directory (WAAD) as shown below.

43 44

Back on the installer there was no update to my latest change.  I went and removed the domain from Azure and then added http://www.brisbanecloud.net within Office 365 domains.  Immediately after a press of previous and then next on the installer, I was able to see the correct address of www.brisbanecloud.net.


After reviewing the options I also selected Configure password hash.  The installer started and things looked good.

46 47

Then I received another error.

Error: Can’t remotely install Active Directory PowerShell.

After getting the same error a few times, I ran the following on WebAppProxy, DC, and AADSync servers.

Administrative PowerShell: set-WSManQuickConfig

Administrative PowerShell: winrm QuickConfig

Administrative PowerShell: enable-psremoting -force 

48 error 49 powershell commands

Then I selected retry to attempt the install again.

Error:  An error occurred while executing the ‘Convert-MsolDomainToFederated’ command. Microsoft.Online.Administration.Automation.DomainNotRootException —> Microsoft.Online.Identity.Federation.Powershell.FederationException  ……  The task ‘Create AAD Trust’ has failed.

So them I though I will just run this command manually with an Administrative PowerShell.

PS C:\> Convert-MsolDomainFederated -DomainName brisbanecloud.net

50 51

Then I got a new error

Error: This was a credential issue since the user account is now syncing.  I needed to change the credentials so I closed it and went to re-run the installer again (as there was no back button).


So I re-ran the Azure AD Connect (Preview)

Error: An error occurred while executing the ‘Update-MsolFederatedDomain’

I thought I should try to manually run this command in PowerShell.

PS C:\> Update-MsolFederatedDomain -domainname:brisbanecloud.net

Successfully updated ‘brisbanecloud.net’ domain.

As you can see below I am still getting an issue.  I have not had another chance to try a different workaround as yet 95% completed…



Thoughts and Comments



Hyper-V Recovery Manager is avaliable

Hyper-v recovery manager in Azure has been in beta for a while now and has just gone to GA.  The cost is per VM protected per month.

Orchestrate protection and recovery of private clouds

Windows Azure Hyper-V Recovery Manager can help you protect important services by coordinating the replication and recovery of System Center 2012 private clouds at a secondary location.

Automated protection

System Center 2012 Virtual Machine Manager clouds can be protected through automating the replication of the virtual machines that compose them at a secondary location. The ongoing asynchronous replication of each VM is provided by Windows Server 2012 Hyper-V Replica and is monitored and coordinated by Hyper-V Recovery Manager.

Continuous Health Monitoring

Hyper-V Recovery Manager monitors the state of Virtual Machine Manage clouds continuously and remotely from Windows Azure.

Orchestrated Recovery

Can automate the recovery of your datacenter to a secondary location.

Cost: Is per VM protected per month.

Performing an In Place upgrade from 2012 to 2012 R2

My host (Windows 2012) was running 1 virtual machine.

pre upgrade

I doubled clicked the iso to mount it, ran the setup, then selected install.  I received no warning telling me to power off my VM.

installThen selected No Thanks to downloading updates,

Capture2I then selected a GUI install

Capture3I then Accepted the terms and selected next,

Capture4I then Selected upgrade,

Capture5The install took slightly longer than 10 minutes.  Once the install had finished and I logged in, the machine was on the domain, all roles and features were installed as expected, Hyper-V was fine.  I powered on my Virtual DC.  The DC powered on fine and there were no issues at all.  This was a very painless operation with minimal downtime.