A second look at Azure AD Connect Public Preview 2

Before viewing this post please refer back to my following articles if you require a base understanding of Microsoft Azure ADConnect and the features available.

  • I first posted on AADConnect and AADSync back in August last year.
  • I also presented on Cloud Identities at TechEd Melbourne and Sydney last year here.

This post will focus on what is new and what has changed.

As posted by Alex Simons (Azure AD Director) the Microsoft Azure ADConnect preview 2 was released earlier this year. I downloaded Azure AD Connect Public Preview Download from here. I started the installer and was presented with the screen to install the services. Note: I could have specified a SQL server if my Domain was large enough to warrant this (Microsoft recommends this for over 50,000 + users). I could specift a Service Account if that was a company requirement. I could also select import settings if I had a previous configuration that I wanted to apply to this ADSync server.  I left all options unselected and selected install.


The next option was to specifiy what I wanted to install, ADSync or SSO. I selected ADSync.


I then entered my Azure Global Admin credentials. The installer now creates and assigns a service account within Azure AD with the minimum permissions that it requires, which is a great improvement. I then entered my On-Premises credentials (this also creates a service account).


The following option allows for Group Based filtering.  I noted that you can only specify 1 group here which may suit some customers who do not wish to use OU based filtering. Microsoft added this option with the intention of pilot and evaluations of Azure AD and Office 365.  I selected ‘Synchronise all users and devices’.


Here I specify that a user is represented only once across all directories.


Here you can change your user attribute mappings.  This may be required if you are using for example Shibboleth for SSO or if you have some other customised requirements.


Optional features can be modified later, so don’t be overwhelmed by the amount of options.  You can re-run the wizard to make changes later if you need.

  • Exchange Hybrid- For an Exchange Hybrid migration to Office 365.
  • Azure AD attributes- if you only want to sync a smaller set of user attributes.
  • Password writeback- change a password in Azure AD and it writes back to On-Premises and verifies the On-Premises password policy.
  • User writeback- A user created in Azure AD is created in On-Premises AD.
  • Group writeback- Groups in Office 365 will be written back to your On-Premises Exchange forest.
  • Device Sync- Allows for Windows 10 computers enrolled with Intune or directly with Azure AD to sync to On-Premises AD. (we are seeing the start of managing a Windows-as-a-Service subscription model). This is called ‘Cloud registered Devices’. NOTE: This requires a 2012 R2 schema.
  • Directory extension- Use this if you want to sync a unique attribute to Azure AD, eg. a custom Linux attribute, or an Employee ID (currently limitations apply to certian values and characters).


The screenshot below is for Azure AD attributes.  So in my example I will not be using CRM so I remove the syncing of these attributes.


Below we have the option to remove attributes from being Synced.  Eg. An organisation may have extended their schema and used “extensionAttribute’s”. Perhaps these contain sensitive information, the administrator can simply uncheck these attributes so they are not synced.


Here we confirm which On-Premise destination we want to use for User writeback. Select the Users OU. Note: you can add/merge many domains to the one Azure AD subscription, so Write-Back destination is required. 


Here I ticked the box to start a sync after install.


Here you can see I have run the miisclient and can see that 60 objects have been synced automatically.


Here was can easily see errors. My user account had an error because AD and AAD had the exact same display name of aaron.whittaker. For this test environment I will ignore this error.


Next in Azure AD I create a new user called CloudUser1


Back on my Sync server I selected connectors at the top, then selected my Azure AD and run a ‘Full Synchronization’.


Below you can see the event for the CloudUser1 being synced to On-Premises.


Here we can verify that the user has been synced.  You can see I have applied an On-Premises group membership permission to a Cloud User.


To view my post on upgrading to AADConnect GA from Beta see my post here.

To get started refer to the following articles:

Post by Alex Simons

And follow these twitter handles:

@askariel  @Alex_A_Simons

To start planning for your business transformation you can deploy and test these features all from within your Microsoft Azure subscription.  If you don’t have a Microsoft Azure subscription you can take a trial here.

Aaron Whittaker

profile pic

Azure Active Directory and Windows 10: Microsoft’s Hybrid Vision

Azure Active Directory and Windows 10: Microsoft’s Hybrid Vision

As more and more companies make the transition from On-Premise to the Cloud, Microsoft believes that there will be a phase where companies run both data centers in parallel.  Microsoft believes that this Hybrid state will last for approximately 10 years.  Beyond these years most workloads will be in the cloud.

How can organisations manage users and devices from a single source of truth?  Microsoft has assisted with this Hybrid state allowing companies to administer cloud users, all with the assistance of Azure ADConnect. Today we are in a Cloud First era, if Cloud is not supported why not?

The days of imaging devices and adding them domains maybe coming to an end.  Companies will soon be able to manage Windows 10 (slated for first update) by simply joining them to Azure AD, with Azure AD Join.

This will be compatible with Microsoft Intune. Users will get a single sign on experience from their on premise applications, device and their cloud applications. This will be the start of large organisational process changes and is important as companies look to manage the plethora of mobile devices.  If your next device refresh is the same as your last one, it may be an outdated solution.

Let’s go for a test!  I installed Windows 10 build 10074 with Hyper-V on my laptop with 1.5 gig ram allocated (works, but definently needs resources), after installing I was presented with this screen


Here you can click Express or Custom, this just changes your Feedback and other experience related settings, then I got a loading screen


Then I selected “This Device Belongs to my Company”


I clicked continue make sure you read this screen first


Then I typed in my username and password


I got my password wrong first time, but this error gave me something interesting, my Azure AD branding that I configured at TechEd Australia last year came through.


Then I got this screen, after 10 minutes watching the circle I went got a coffee then played with my phone.


Then I got this log in screen


Logging in


Then this error.  Not sure if it was a VM, network or ram issue.


I selected Try Again and it worked immediately.  Please note the default PIN complexity requirements.  This pin may now automatically work across several different devices.


But what does this mean and what has happen to my machine?  It is not on a domain, but if you check the sysinfo it says my logon server is \\AzureAD.

Edit:  I tested SSO for Office 365 and Azure as suggested by Alex Simons.  I could only get Azure SSO to work.  With Office 365 each time I tried to enter the URL it would redirect back to Office 365 login page.

I am sure in the coming months we will see more features and capabilities added.  Keep a look out for more on this topic at this year TechEd’s, Ignite and Build events around the world.


The key benefits and capabilities of Azure Active Directory and Windows 10:

  • Consistent user experience.
  • Single Sign on
  • Automatic Enrollment
  • Support modern form factors – devices that don’t have domain join functions.

This feature has huge potential so it is good to start planning any organisational transformations before Windows 10 goes GA.

Look at the following comment from Deniz regarding this new feature”Works great, well done, already started planning to decommission all onprem servers including ADs and work with AzureAD only with a fileserver vm in Azure.”

To get started refer to the following article:

Post by Alex Simons and Ariel Gordon

And follow these twitter handles

@aaronw2003  @Alex_A_Simons @askariel

To start planning for your business transformation you can deploy and test these features all from within your Microsoft Azure subscription and a VM.  If you don’t have an Microsoft Azure subscription you can take a trial here.

Aaron Whittaker @AaronW2003

profile pic

User Group Session next month

Next months User Group session will be on Microsoft’s HDInsight in Azure, presented by Microsoft.  If you are currently interested in Big Data, then this is the session for you.

Dates to be confirmed.  The technical level of this session will be 300.

Please add comments for any items that you wish you have covered in this session.

eg. Power BI for Office 365, data analytics, migration, DataZen, Hadoop.


Look forward to seeing you then.

Aaron @AaronW2003

How to install Microsoft Office 2016

Register for the preview by going here
Then proceed to here to download the script
Download the Admin_OfficePreview.zip script

Uninstall any previous versions of Office 2013 and Project and Visio.

Run the following to download the source files. (I am installing EN US 32 bit version)
PS C:\Users\aaron\Downloads\Admin_OfficePreview\Admin_OfficePreview> .\setup.exe /download
Run the following to install Office 2016.
PS C:\Users\aaron\Downloads\Admin_OfficePreview\Admin_OfficePreview> .\setup.exe /configure C:\Users\aaron\Downloads\Admin_OfficePreview\Admin_OfficePreview\Install_en-us\ProPlus_en-us_x86.xml

The installer will start up.


The installer will minimise to the taskbar.


Run the following to install Project 2016.
PS C:\Users\aaron\Downloads\Admin_OfficePreview\Admin_OfficePreview> .\setup.exe /configure C:\Users\aaron\Downloads\Admin_OfficePreview\Admin_OfficePreview\Install_en-us\Project_en-us_x86.xml
Run the following to install Visio 2016.
PS C:\Users\aaron\Downloads\Admin_OfficePreview\Admin_OfficePreview> .\setup.exe /configure C:\Users\aaron\Downloads\Admin_OfficePreview\Admin_OfficePreview\Install_en-us\Visio_en-us_x86.xml

Enter your registered details to Trial Software.



I am running Windows 10 build 9926.  I get the following error when I use the snipping tool and I attempt to email from within the tool (Via Outlook 2016).


Licensing Update:

You only get a few days grace without a valid license.

How to activate -> you simply need enter credentials for a valid Office 365 mailbox.  No other licenses/key will work.

profile pic Aaron @AaronW2003

Road Testing Microsoft’s (Acompli) new Outlook app on iOS and Android

Outlook app on iOS and Android

Late last year Microsoft bought Acompli to bolster its mobile app offerings now ranging all main mobile platforms.

I thought I would install and test both on my Samsung Galaxy S4 and my iPhone 5s.

Outlook app on Android:

The current Android offering is rather limited compared to the iOS version.  Connecting to On Premise exchange, Office 365 and Yahoo all passed.

Default Inbox ‘Focused’ (unread emails) view.



Default Inbox ‘Other’ view.



Settings options.


Outlook app on IOS:

Connecting to On Premise exchange, Office 365 and Yahoo all passed.

I was trying to get used to the Focused and Other views of my messages.  To change these settings under settings, badge count, all.


Email Thread view.  Note the colored icons for people. eg. AW = Aaron Whittaker.  The default view shows the last email from the thread “Will do in 25 mins”.


Great Calendar view from within the app.


Add your files through your choice of online storage accounts.


Again the contacts show up with a colored icon under people, also from with the same app.


iOS app settings options.


Having used both for a week now I can say that there are no issues with either, but the iOS version definitely has more features.  I found Outlook to be more customisable than the built-in mail apps or the Yahoo app in either platform (Android or iOS).  I like having the Mail, Calendar, Files and People buttons all within the one app.  Hopefully Microsoft will bring these missing features to Android with an update soon.


Additionally just today there was the announcement that Microsoft bought iOS, Android calendar vendor Sunrise for $100 million, definitely not the old Microsoft or climate that we were accustomed to.  Perhaps this will replace the existing Acompli calendar?


*** Update 16/02/2015 – Any emails with an attachment sent from either application did not get delivered.


profile picAaronW @aaronw2003

Veeam Backup and Replication with Cloud Connect into Azure #ToTheCloud

Non sponsored article.

There is one company that always impresses me.  Veeam has  simple UI’s, cheap and clear pricing models and products that just work on first install.  This week I found with Cloud Connect, Veeam is always three steps ahead of its competitors.


What is Veeam Cloud Connect?  Veeam Cloud Connect establishes a SSL tunnel over the internet to Cloud Storage with no VPN required.

Why would I need Cloud Connect?  Firstly are you a customer, or are you a Veeam partner?

  • Customers have the ability to send their existing backups offsite to cheaper cloud storage and to remove the need for tapes.
  • Partners can license Veeam Cloud Connect connection through the Veeam Cloud Provider (VCP) program.  They will be able to build their own remote repositories designed to be multi-tenant and scalable.

Where is the remote repository?  It could be in a Partners datacenter, or Public Clouds.  This post will focus on transferring backup data to Azure storage.

Let’s Kick the Tires.

I went to the new Azure Portal at https://portal.azure.com/ I selected New, Everything, Searched for Veeam, and deployed Veeam Cloud Connect for Service Providers.  **Unfortunatly this failed for me.  I am using a MSDN Azure subscription.  To deploy this Cloud Service you require a pay-as-you-go subscription.


I started following this deployment guide by Sam Boutros to manually deploy it (cost many extra hours 1-2 days with trial and error).

I deployed a VM in Azure (destination storage location), I also added a TCP endpoint of 6180.  I did not add any extra storage to my Azure VM for this test.  Then I installed Veeam Backup & Replication 8.


All required prerequisites are installed by the installer.


I then applied the latest patch which Veeam alerts you to install.  The first load after a reboot takes a few mintues.  The Veeam services are on a delayed start to allow for MSSQLExpress to start.


Then I obtained a free 1 month trial Cloud Connect license from my friendly local Veeam sales team in Sydney.  Once you apply this license you receive a new button down on the bottom left called Cloud Connect Infrastructure.


Then I generated a new self signed certificate as I received an error when I attempted to install my public trusted certificate (pfx).



I copied my certificate Thumbprint details to a text file (you will need them later on the source)

cert thumb

I then created a new Cloud Gateway and changed my public IP address, and my port.

4 - Copy

I then created 2 new users.  I set a quota to the resource that the users is able to access.

5 6

On my local source server (Windows 2012 R2) I then installed Veeam Backup & Replication 8.  Again I applied the latest Veeam patch.  I then applied the same licenses.  I went to Backup Infrastructure and right licked on Managed Servers to add my server.


I selected a Hyper-V host


I entered my local hosts address


I entered credentials and the ports were left as default.

I had lot’s of trouble with this, I tried to use Windows 8.1/10 Hyper-V host and unfortunately this is not supported, also I had some firewall wall issues.  Links you may need to refer to are below if you encounter similar issues.

Enable file and printer sharing           Disable UAC        Veeam Requirements

On your source host you can diagnose the logs here C:\ProgramData\Veeam\Backup\Setup and the source files that are uploaded to the host are here C:\Windows\Veeam\Backup\Upload.  There is only 1 suggestion I make to Veeam here, a simple port testing pool built-in would be handy.  The tool uses a pool range of ports not a specified port.  This is so each Host (source) can send its traffic on a separate dedicated port.





Then once this agent was installed and configured it alerted me that my Windows 2012 R2 Hyper-V host required some Microsoft patches.  I downloaded them and applied them.


You will now note in the Veeam console I now have an additional option on the top left Service Providers.


Then I went here and added my Veeam Cloud Connect host/service from Azure.


I entered my user account and my Thumbprint from the certificate (Azure Cloud Connection VM earlier).



Now you can see that I have my Service Provider


Veeam even has De-duplication and a WAN accelerator built-in for free!

Let’s configure the WAN accelerator.  Select WAN Accelerators and Add, change any ports and streams if necessary.


Select your WAN Cache.






Backup job– Let’s send backup data straight to the cloud.  Select Backup & Replication, Backup Job, Add your Virtual Server from your Host, Next.


Change your Backup repository from the default to your newly connected Cloud Repository, I changed my Restore points to keep only 4 copies on disk, Next.


Select your required schedule.


Finish, and the job runs successfully.


So we have added our Veeam Cloud Connect Service Provider.  We have installed Veeam Backup and Replication directly on my 1 Hyper-V host.  We can now send all backups directly to the cloud with transfer speed improvements up to 50 times faster with the WAN Accelerator.  Azure storage is cheaper than tapes.  We don’t have to worry about tapes, tape drives, tape libraries, tape schedules, and offsite storage facilities.  Data recovery will now be quicker.  So when someone asks you if you are in the cloud you can say “you are all in”.  A special thanks goes to Gnani Lavu from Veeam support in Sydney for his assistance.

I also expect more great news to come from the Veeam KickON in Russia this coming week so follow these on Twitter @Veeam_APAC @Veeam @VMDoug @Chas_clarke

Comments appreciated.

profile picAaron Whittaker @AaronW2003