Azure AD Domain Services – What you can do, and what you can’t do

Since Microsoft has Released Azure AD Domain Services, many questions are coming up, and the top one of them might be: Can I join my Windows 10 Client through the internet to my Domain and receive Group Policies? No, you can’t.
But besides this, there are other questions that remains to be answered, and I will try to do so.
The first thing is to explain, what is required to get the Azure AD Domain Services (AAD DS) up and running:
1. Create a group in Azure AD called “AAD DC Administrators”
2. Create a VNET in Azure if not already existent
3. Activate the AAD DS in the Azure Portal:
Active Azure AD Domain Services
4. Update DNS Settings for the specific VNET
And now, you are ready to go, for a more detailed explanation refer to this Microsoft Article.

Continue reading

ConfigMgr – NDES Certificate Deployment fails due to Network Device Enrollment Service failure

I was struggling a little bit within my LAB trying to get the Network Device Enrollment Service (NDES) up and running again for the Simple Certificate Enrollment Protocol (SCEP), which is I believe not that simple, but anyway. I was really unsure what I did have changed (because I changed a lot in the last month within my LAB), that would have stopped the functionality of the Certificates to my devices, but I had a start point, the event log of the NDES Server told me the following:
The Network Device Enrollment Service cannot retrieve one of its required certificates (0x80070057). The parameter is incorrect.
The Network Device Enrollment Service cannot be started (0x80070057). The parameter is incorrect.

Network Device Enrollment Service error
Continue reading

Azure AD – Remove Registered Device

Today I was asked how to remove a registered Device from the Azure Active Directory, for all of those asking, what is a registered Device, see this Azure Article, and you can automate this step for your users, if you are following this Azure Article. But what if you would like to remove the registered Device of a User? You can do that through the Portal:
Azure AD Remove Device trhough Portal
Or you can use PowerShell to do that! Continue reading

ConfigrMgr – The complete Backup (currently)

Motivated from my attend at IT/Dev Connection in Las Vegas, I wanted to create my complete Backup from ConfigMgr so far.
Because I was required to copy a lot of work from other people together, I decided to create a blog with each detailed step to achieve a fine Backup at the end, and I will start from the beginning, until we have reached our goal:
SQL Backup Maintenance
Continue reading

ConfigMgr – In-Place Upgrade of SQL from 2012 to 2016

Hi,
today I did an In-Place Upgrade of my SQL Installation from SQL 2012 to the 2016 Release which is also supported by System Center Configuration Manager Current Branch (1606).
Everything went fine except the Report Service, I received the following errors within the upgrade:
Action required:
The upgrade process for SQL Server failed. Use the following information to resolve the error, and then repair your installation by using this command line: setup /action=repair /instancename=MSSQLSERVER

Feature failure reason:
An error occurred during the setup process of the feature.

Error details:
§ Error installing SQL Server Reporting Services
A HTTPS sertificate is not configured on the Web site.
Error code: 0x80131500
Visit http://go.microsoft.com/fwlink?LinkId=20476&ProdName=Microsoft+SQL+Server&EvtSrc=setup.rll&EvtID=50000&ProdVer=13.0.1601.5&EvtType=0x589E8944%400x8285294C&EvtType=0x589E8944%400x8285294C to get help on troubleshooting.

TITLE: Microsoft SQL Server 2016 Setup
------------------------------

The following error has occurred:

The Report Server WMI provider cannot create the virtual directory. This error occurs when you call SetVirtualDirectory and the UrlString is already reserved. To continue, clear all URL reservations by calling RemoveURL and then try again.

For help, click: http://go.microsoft.com/fwlink?LinkID=20476&ProdName=Microsoft%20SQL%20Server&EvtSrc=setup.rll&EvtID=50000&ProdVer=13.0.1601.5&EvtType=0x589E8944%25400x9A8ECB73

And within ConfigMgr, the srsrp.log showed up with the following errors:
sql_update01
Continue reading

Windows 10 – Deploy Profile Picture to Logon Screen

In my current deployment I wanted to get our fancy pictures from Active Directory to our Windows 10 Machines where it can be used for the logon screen and other places like start menu:
Windows 10 Logon Screen User Picture

First, I want to let you know, how I add the Picture to my user accounts. Well this is quite simple, I just use those two lines of Powershell:
$userphoto = [byte[]](Get-Content "C:\temp\MYUserPic.jpg" -Encoding byte)
Set-ADUser -Identity MYUserPic -Replace @{thumbnailPhoto=$userphoto}

If this is done, and you have also Azure AD Connect in Place, your picture will be synced to Azure AD as well, and therefore the picture will show up in Office365. Mind that there are different recommendations for specific systems (Exchange, Office365, Skype for Business), but you can also use high-resolution images. See also this Microsoft Knowledgebase article for issues with pictures larger than 100kb: Technet Article Exchange Online Hybrid Image size
Continue reading

ConfigMgr 1606 – Configure Client Cache Size (Configuration Manager Current Branch)

Hi reader,

the newest Version of System Center Configuration Manager Current Branch (1606) is rolling out these days with a lot of new features and opportunities. But one of my favorites is definetly a very practical one: How often would you like to easily change the configured Cache size of a Configuration Manager Client? Not that much, but it does happen. In the past, we were required to set a new Cache Size value with WMI (a VBScript or Powershell would have done the job), but with 1602 you can now configure the Cache size with the clients settings:
Configure Cache Size configmgr
Continue reading

Office365 – Manage Updates through Configuration Manager

Today I had the problem that some clients were failing to install the Client 365 Package from our System Center Configuration Manager (1602). I have set up the configuration for the Office 365 installation through GPO, this process is outlined on the following TechNet Article: Manage Office 365 client updates with System Center Configuration Manager
But the client did not even start to download the update:
Office 365 Update fails
Continue reading

Windows and Local Administrator permission delegation

In this post, I would like to explain, what my experiences and solutions for the delegation of local Administrator permissions are. In a Client deployment Scenario, you will often be asked for a solution to provide IT Professionals and maybe also end users with local Administrator permissions. I will point out the most useful solutions which I do prefer.

  1. Local Administrator Account
  2. Permanent Local Administrator permissions for IT Professional
  3. Microsoft Local Administrator Password Solution for spontaneous permission
  4. Local Administrator delegation based on group per client

Continue reading