Azure SQL configure Azure AD user authentication (Manual)

When moving your applications to the cloud, it makes sense to start using Azure Services to get the best service, highest availability (SLA) and worry free maintenance provided by Azure. The next step is to use Azure AD identities with Azure SQL Database.

Schematic overview of Azure SQL with AAD integration, and optionally synced from on-premise AD.

Within a few steps you will have Azure AD user authentication setup.

Continue reading “Azure SQL configure Azure AD user authentication (Manual)”

Deploy Azure Application Gateway with http to https redirect

Azure Application Gateway is an advance type of load-balancer. Where an Azure Load-balancer routes traffic on the transport layer (OSI Layer 4 | TCP + UDP) the Application Gateway is a way more advanced load-balancer. It can route based on URL as well on path’s. On top of that it can do much more, like SSL offloading, autoscaling, redirection, multiple site hosting and the most import of all, it can include a web application firewall (WAF)

Afbeeldingsresultaat voor azure application gateway

With all the features that the Azure application gateway provides, we should be able to setup multiple websites listening on different ports and url’s behind one Azure Application Gateway with just one external IP address.

With this guide you should be able to setup an application gateway with multiple site hostname match and http to https redirect. In this manual we will be using Atlassian Jira and Confluence as an example.

So what are we going to setup:

  • Deploy Azure application gateway
  • Configure 2 external URL’s (jira.2azure.nl and confluence.2azure.nl)
  • We will redirect port 80 to 443 for both websites
  • Jira will be listening on port 8080 internally (Default port)
  • Confluence will be listening on port 8090 internally (Default port)

For this guide the VNET, subnets and the virtual machine hosting both websites have already been deployed. During this guide we will not deploy a Web Application Firewall, I will tell more about that in upcoming blog article.

The setup in an overview.
Continue reading “Deploy Azure Application Gateway with http to https redirect”

How to setup Azure Lighthouse (Manual)

Microsoft released Lighthouse last weekend, and since this is a great feature, I wanted to implement it as soon as possible, but the Microsoft docs might be a bit confusing, so I wanted to simplify the manual, so here it is! We will be using PowerShell, as this makes life so much easier, and faster.

Requirements:

  • Your admin tenant needs to have a valid Azure subscription
  • You need to have a native user account with the new Owner role in the tenant that you want to manage (Customer tenant)
  • Azure PowerShell module: AZ (Install-Module -Name az)
Continue reading “How to setup Azure Lighthouse (Manual)”

AD Connect Force synchronization

If you have an AD Connect server, you sometimes require a faster sync than the default 30 minutes. This can be done very easily by entering one Powershell command. Open a Powershell window, and load the AD Connect Sync Powershell module:

Import-Module ADSync

Once imported, you have 2 options. For a full sync, type the following command:

Start-ADSyncSyncCycle -PolicyType Initial

For just syncing the changes, type the following:

Start-ADSyncSyncCycle -PolicyType Delta

Reset Azure AD User password with a predefined password

In the Azure portal you can reset the password of a user, but this is always a temporary password. But PowerShell to the resque again, lets set the password in Azure AD with PowerShell with a predefined password! On your Windows device open a PowerShell prompt and connect to Azure AD. (Click here if you don’t know how to)

First we need to get the object ID from the user where we want the password to be reset. Run the following command (replace emailadres):

Get-AzureADUser -filter "userPrincipalName eq 'username@2azure.nl'"

Copy the ObjectId from the user where you want to have the password reset. And run the following commands (replace the password text for the new password):

$password = ConvertTo-SecureString 'Please enter the new password' -AsPlainText -Force

Set-AzureADUserPassword -ObjectId  "a8d5e982-6c3d-406e-a533-a21b275e3d37" -Password $password

Deploy Office 365 plugins using the Admin Portal

From the Office 365 Admin portal it is possible to deploy Office plugins to users, both specific as all users. With this manual we will deploy a plugin from the store, but you can deploy custom apps as well. The advantage of using plugins from the store is that the plugins get automatically updated, so nothing you have to worry about anymore!

Step 1: Login to the office portal, go to the admin center, and from there go to Settings, Services & add-ins, and Deploy Add-in

Continue reading “Deploy Office 365 plugins using the Admin Portal”

How to deploy Azure Active Directory Domain Services (AD DS)

Today we will learn how to deploy Azure AD Domain services. So let’s go to the Azure portal and let’s get you started!

Step 1: Go to Azure AD Domain Services and create a new Azure AD Domain services!

Step 2: Now we can start te setup of ADDS, fill in your preferred domain name. You can leave the default which is the same as your Azure Active Directory name ending with .onmicrosoft.com, but I would recommend a public URL like in my case adds.2azure.nl.

Continue reading “How to deploy Azure Active Directory Domain Services (AD DS)”

How to deploy Azure File Sync

You still have your old network drives? Still need to setup a VPN to access your file shares? Or have you migrated all your files to Azure file share but you need a higher performance for your Autocad files?

High level overview of Azure File Share Sync

Wait no longer, Azure File Sync to the rescue! Where you would have your Azure File Share for sharing files, you can use Azure File Sync to make a local cache of your Azure files, or sync your local file server to Azure Files. In this manual we will help you setup Azure File Sync with a existing Azure File Share. I already have a Azure File Share, mapped as a network drive Z:

Azure File Share mapped as the Z: Drive
Continue reading “How to deploy Azure File Sync”

Uninstall Office 365 Click-To-Run Updates

There are cases where you want or need to uninstall an Office update. Office 365 installations use a different update than the old Office 2013 & 2016 installations. Where the old installations are a point in time installation, click-to-run always downloads the latest version and then runs the setup. You can revert to an older version but its different than in the past where you could just uninstall an KB update.

Steps

Step 1: Check build number and find previous build number

In one of your office programs go to the options menu and go to Office Account. Find your current and previous version on the Microsoft website: Update history Office365 ProPlus by date

Afbeeldingsresultaat voor office 365 build number

Continue reading “Uninstall Office 365 Click-To-Run Updates”

Re-establish trust with Active Directory domain

If you ever had to restore a domain joined machine, or a laptop/desktop that didn’t connect to the domain in a long time, it might happen that the domain relationship is broken. When you try to logon you get the following error:

“The trust relationship between this workstation and the primary domain failed.”

What you can do is leave the domain, and rejoin the domain, however, it is better to reestablish the trust relationship. Log in on the computer with a local admin account and run in a privileged PowerShell window the below script. After running a reboot should do the trick.

Use the following command to re-establish the trust with the domain:

$domaincontroller = “Name of the domain controller”
$credential = Get-Credential

Reset-ComputerMachinePassword -Credential $cred -Server $domaincontroller

Set or clear immutable ID

Below are the 2 options to reset or change the immutable ID. These are sometimes required when you want to sync your users, or when you receive a sync error.

Calculate and set immutable ID (Recommended)

This method is the best way to make sure that AD Connect gets a proper sync. We are going to connect to the on-premise AD, and calculate and set the immutable ID in Azure AD / Office 365. So first we connect to Active Directory.

Import-Module Active Directory

Now, lets grab the GUID of the user and create the ImmutableId

$userUPN = "testuser@2azure.nl" 
$guid = [guid]((Get-ADUser -LdapFilter "(userPrincipalName=$userUPN)").objectGuid)
$immutableId = [System.Convert]::ToBase64String($guid.ToByteArray())

The last command will be used to write the ImmutableId to the AAD / Office 365 user:

Get-MsolUser -UserPrincipalName $userUPN | Set-MsolUser -ImmutableId $immutableId

Clear immutable ID in Office 365 (Not advised)

The easy way is to clear the immutable ID in Azure AD/ Office 365. This will let AD Connect think that the account has never been synchronized and will sync it based on a soft match. However I wouldn’t recommend it. But if you ever need to do it, here is the commands to do it.

Clear ImmutableId for only 1 user:

Get-MsolUser -UserPrincipalName testuser@2azure.nl | Set-MsolUser -ImmutableId $null

Clear ImmutableId for all users:

Get-MsolUser -All | Set-MsolUser -ImmutableId $null 

Azure AD exclude user from password experation policy

Connect to Azure AD with PowerShell:

Connect-azuread

Now we would like to get an overview of all users, run the following command:

Get-azureAduser

If you have the UserPrincipalName or email address we might shorten the list to just that single user bij adding a filter:

Get-AzureADUser -ObjectId <UserPrincipleName> 

Next task is to link the default password policy without a password expiration to this user. Run the following command:

Set-AzureADUser -ObjectId <UserPrincipalName> -PasswordPolicies DisablePasswordExpiration

Once this has been completed, verify if the policy has been set correctly with the following command:

Get-AzureADUser -ObjectId <UserPrincipalName> | fl UserPrincipalName,passwordpolicies

Connect to Azure AD with PowerShell

On your Windows device open a PowerShell prompt. To be able to connect we first need to make sure that the PowerShell module has been installed. Run the following command and confirm all questions with yes

Install-Module -Name AzureAD

Now we are ready to connect to Azure AD. Because of the different Office 365 clouds, it might be required to add the option -AzureEnvironmentName. Please review your environment below, by default you are hosted in Worldwide.

Office 365 cloud Command
Office 365 Worldwide (+GCC) Connect-AzureAD
Office 365 operated by 21 Vianet Connect-AzureAD
-AzureEnvironmentName AzureChinaCloud
Office 365 Germany Connect-AzureAD
-AzureEnvironmentName AzureGermanyCloud
Office 365 U.S. Government Connect-AzureAD
-AzureEnvironmentName AzureUSGovernment

Run the command:

Connect-AzureAD

You will now be prompted with a sign-in prompt. After sign-in you are connected

Log in screen