We all need some good news on the verge of perhaps a stressful week. This post is to attempt to do that.
Verizon is planning to offer unlimited data after much pressure from competing brands including Tmobile.
Open project is a project management toolkit that is open source and supports scrum and agile. It uses code available on GIThub.
I found a way to connect Windows 7 machines to active services in Microsoft Azure. There is a process to get it free from Microsoft. To do this go to techsoup and get a authorization code. Next head to http://
Navigate to the Azure classic portal (https://
Select the Active Directory node on the left pane.
Select the Azure AD tenant (directory) for which you would like to enable Azure AD Domain Services.
Select Azure AD Directory
Click the Configure tab.
Configure tab of directory
Scroll down to a section titled domain services.
Domain Services configuration section
Toggle the option titled Enable domain services for this directory to YES. You notice a few more configuration options for Azure AD Domain services appear on the page.
Enable Domain Services
Note
When you enable Azure AD Domain Services for your tenant, Azure AD generates and stores the Kerberos and NTLM credential hashes that are required for authenticating users.
Specify the DNS domain name of domain services.
The default domain name of the directory (that is, ending with the .onmicrosoft.com domain suffix) is selected by default.
The list contains all domains that have been configured for your Azure AD directory – including verified as well as unverified domains that you configure in the ‘Domains’ tab.
Additionally, you can also type a custom domain name. In this example, we have typed in a custom domain name 'contoso100.com'.
Warning
Ensure that the domain prefix of the domain name you specify (for example, 'contoso100' in the 'contoso100.com' domain name) is fewer than 15 characters. You cannot create an Azure AD Domain Services domain with a domain prefix longer than 15 characters.
Ensure that the DNS domain name you have chosen for the managed domain does not already exist in the virtual network. Specifically, check if:
you already have a domain with the same DNS domain name on the virtual network.
the virtual network you've selected has a VPN connection with your on-premises network and you have a domain with the same DNS domain name on your on-premises network.
you have an existing cloud service with that name on the virtual network.
The next step is to select a virtual network in which you'd like Azure AD Domain Services to be available. Select the virtual network and dedicated subnet you created in the drop-down titled Connect domain services to this virtual network.
Ensure that the virtual network you have specified belongs to an Azure region supported by Azure AD Domain Services. Refer to the Azure services by region page to know the Azure regions in which Azure AD Domain Services is available.
Virtual networks belonging to a region where Azure AD Domain Services is not supported do not show up in the drop-down list.
Use a dedicated subnet within the virtual network for Azure AD Domain Services. Ensure you do not select the gateway subnet. See networking considerations.
Similarly, virtual networks that were created using Azure Resource Manager do not appear in the drop-down list. Resource Manager-based virtual networks are not currently supported by Azure AD Domain Services.
To enable Azure AD Domain Services, click Save from the task pane at the bottom of the page.
The page displays a ‘Pending …’ state, while Azure AD Domain Services is being enabled for your directory.
Enable Domain Services - pending state
Note
Azure AD Domain Services provides high availability for your managed domain. After you enable Azure AD Domain Services, notice the IP addresses at which Domain Services are available on the virtual network show up one by one. The second IP address is displayed shortly, as soon the service enables high availability for your domain. When high availability is configured and active for your domain, you should see two IP addresses in the domain services section of the Configure tab.
After about 20-30 minutes, you see the first IP address at which Domain Services is available on your virtual network in the IP address field on the Configure page.
Domain Services enabled - first IP provisioned
When high availability is operational for your domain, you see two IP addresses displayed on the page. Your managed domain is available on your selected virtual network at these two IP addresses. Note down the IP addresses so you can update the DNS settings for your virtual network. This step enables virtual machines on the virtual network to connect to the domain for operations such as domain join.
Domain Services enabled - both IPs provisioned
Note
Depending on the size of your Azure AD tenant (number of users, groups etc.), synchronization
Task 4 - Update DNS settings for the Azure virtual network
The next configuration task is to update the DNS settings for the Azure virtual network. Task 4: Update DNS settings for the Azure virtual network
In preceding configuration tasks, you have successfully enabled Azure AD Domain Services for your directory. The next task is to ensure that computers within the virtual network can connect and consume these services. Update the DNS server settings for your virtual network to point to the two IP addresses at which Azure AD Domain Services is available on the virtual network.
Note
Note down the IP addresses for Azure AD Domain Services displayed on the Configure tab of your directory, after you have enabled Azure AD Domain Services for the directory.
Perform the following configuration steps to update the DNS server setting for the virtual network in which you have enabled Azure AD Domain Services.
Navigate to the Azure classic portal (https://
Select the Networks node on the left pane.
Virtual networks node
In the Virtual Networks tab, select the virtual network in which you enabled Azure AD Domain Services to view its properties.
Click the Configure tab.
Virtual networks node
In the DNS servers section, enter the IP addresses of Azure AD Domain Services.
Ensure that you enter both the IP addresses that were displayed in the Domain Services section on the Configure tab of your directory.
To save the DNS server settings for this virtual network, click Save on the task pane at the bottom of the page.
Update the DNS server settings for the virtual network.
Note
After updating the DNS server settings for the virtual network, it may take a while for virtual machines on the network to get the updated DNS configuration. If a virtual machine is unable to connect to the domain, you can flush the DNS cache (eg. 'ipconfig /flushdns') on the virtual machine. This command forces a refresh of the DNS settings on the virtual machine.
Task 5 - Enable password synchronization
The next configuration task is to enable password synchronization
In preceding tasks, you enabled Azure AD Domain Services for your Azure AD tenant. The next task is to enable credential hashes required for NTLM and Kerberos authentication to synchronize to Azure AD Domain Services. Once credential synchronization
The steps involved are different based on whether your organization has a cloud-only Azure AD tenant or is set to synchronize with your on-premises directory using Azure AD Connect.
Task 5: Enable password synchronization
Azure AD Domain Services needs credential hashes in a format suitable for NTLM and Kerberos authentication,
Note
If your organization has a cloud-only Azure AD tenant, users that need to use Azure AD Domain Services must change their passwords.
This password change process causes the credential hashes required by Azure AD Domain Services for Kerberos and NTLM authentication to be generated in Azure AD. You can either expire passwords for all users in the tenant that need to use Azure AD Domain Services or instruct these users to change their passwords.
Enable NTLM and Kerberos credential hash generation for a cloud-only Azure AD tenant
Here are instructions you need to provide end users, so they can change their passwords:
Navigate to the Azure AD Access Panel page for your organization at http://
Select the profile tab on this page.
Click the Change password tile on this page.
Create a virtual network for Azure AD Domain Services.
Note
If you do not see the Change password option on the Access Panel page, ensure that your organization has configured password management in Azure AD.
On the change password page, type your existing (old) password and then type a new password and confirm it. Click submit.
Create a virtual network for Azure AD Domain Services.
After you have changed your password, the new password will be usable in Azure AD Domain Services shortly. After a few minutes (typically, about 20 minutes), you can sign in to computers joined to the managed domain using the newly changed password.
Here is the documentation for getting Windows 7 on Azure domain join https://
HKCU\Software\M
Navigate to the Azure classic portal (https://
Select the Active Directory node on the left pane.
Select the Azure AD tenant (directory) for which you would like to enable Azure AD Domain Services.
Select Azure AD Directory
Click the Configure tab.
Configure tab of directory
Scroll down to a section titled domain services.
Domain Services configuration section
Toggle the option titled Enable domain services for this directory to YES. You notice a few more configuration options for Azure AD Domain services appear on the page.
Enable Domain Services
Note
When you enable Azure AD Domain Services for your tenant, Azure AD generates and stores the Kerberos and NTLM credential hashes that are required for authenticating users.
Specify the DNS domain name of domain services.
The default domain name of the directory (that is, ending with the .onmicrosoft.com domain suffix) is selected by default.
The list contains all domains that have been configured for your Azure AD directory – including verified as well as unverified domains that you configure in the ‘Domains’ tab.
Additionally, you can also type a custom domain name. In this example, we have typed in a custom domain name 'contoso100.com'.
Warning
Ensure that the domain prefix of the domain name you specify (for example, 'contoso100' in the 'contoso100.com' domain name) is fewer than 15 characters. You cannot create an Azure AD Domain Services domain with a domain prefix longer than 15 characters.
Ensure that the DNS domain name you have chosen for the managed domain does not already exist in the virtual network. Specifically, check if:
you already have a domain with the same DNS domain name on the virtual network.
the virtual network you've selected has a VPN connection with your on-premises network and you have a domain with the same DNS domain name on your on-premises network.
you have an existing cloud service with that name on the virtual network.
The next step is to select a virtual network in which you'd like Azure AD Domain Services to be available. Select the virtual network and dedicated subnet you created in the drop-down titled Connect domain services to this virtual network.
Ensure that the virtual network you have specified belongs to an Azure region supported by Azure AD Domain Services. Refer to the Azure services by region page to know the Azure regions in which Azure AD Domain Services is available.
Virtual networks belonging to a region where Azure AD Domain Services is not supported do not show up in the drop-down list.
Use a dedicated subnet within the virtual network for Azure AD Domain Services. Ensure you do not select the gateway subnet. See networking considerations.
Similarly, virtual networks that were created using Azure Resource Manager do not appear in the drop-down list. Resource Manager-based virtual networks are not currently supported by Azure AD Domain Services.
To enable Azure AD Domain Services, click Save from the task pane at the bottom of the page.
The page displays a ‘Pending …’ state, while Azure AD Domain Services is being enabled for your directory.
Enable Domain Services - pending state
Note
Azure AD Domain Services provides high availability for your managed domain. After you enable Azure AD Domain Services, notice the IP addresses at which Domain Services are available on the virtual network show up one by one. The second IP address is displayed shortly, as soon the service enables high availability for your domain. When high availability is configured and active for your domain, you should see two IP addresses in the domain services section of the Configure tab.
After about 20-30 minutes, you see the first IP address at which Domain Services is available on your virtual network in the IP address field on the Configure page.
Domain Services enabled - first IP provisioned
When high availability is operational for your domain, you see two IP addresses displayed on the page. Your managed domain is available on your selected virtual network at these two IP addresses. Note down the IP addresses so you can update the DNS settings for your virtual network. This step enables virtual machines on the virtual network to connect to the domain for operations such as domain join.
Domain Services enabled - both IPs provisioned
Note
Depending on the size of your Azure AD tenant (number of users, groups etc.), synchronization
Task 4 - Update DNS settings for the Azure virtual network
The next configuration task is to update the DNS settings for the Azure virtual network. Task 4: Update DNS settings for the Azure virtual network
In preceding configuration tasks, you have successfully enabled Azure AD Domain Services for your directory. The next task is to ensure that computers within the virtual network can connect and consume these services. Update the DNS server settings for your virtual network to point to the two IP addresses at which Azure AD Domain Services is available on the virtual network.
Note
Note down the IP addresses for Azure AD Domain Services displayed on the Configure tab of your directory, after you have enabled Azure AD Domain Services for the directory.
Perform the following configuration steps to update the DNS server setting for the virtual network in which you have enabled Azure AD Domain Services.
Navigate to the Azure classic portal (https://
Select the Networks node on the left pane.
Virtual networks node
In the Virtual Networks tab, select the virtual network in which you enabled Azure AD Domain Services to view its properties.
Click the Configure tab.
Virtual networks node
In the DNS servers section, enter the IP addresses of Azure AD Domain Services.
Ensure that you enter both the IP addresses that were displayed in the Domain Services section on the Configure tab of your directory.
To save the DNS server settings for this virtual network, click Save on the task pane at the bottom of the page.
Update the DNS server settings for the virtual network.
Note
After updating the DNS server settings for the virtual network, it may take a while for virtual machines on the network to get the updated DNS configuration. If a virtual machine is unable to connect to the domain, you can flush the DNS cache (eg. 'ipconfig /flushdns') on the virtual machine. This command forces a refresh of the DNS settings on the virtual machine.
Task 5 - Enable password synchronization
The next configuration task is to enable password synchronization
In preceding tasks, you enabled Azure AD Domain Services for your Azure AD tenant. The next task is to enable credential hashes required for NTLM and Kerberos authentication to synchronize to Azure AD Domain Services. Once credential synchronization
The steps involved are different based on whether your organization has a cloud-only Azure AD tenant or is set to synchronize with your on-premises directory using Azure AD Connect.
Task 5: Enable password synchronization
Azure AD Domain Services needs credential hashes in a format suitable for NTLM and Kerberos authentication,
Note
If your organization has a cloud-only Azure AD tenant, users that need to use Azure AD Domain Services must change their passwords.
This password change process causes the credential hashes required by Azure AD Domain Services for Kerberos and NTLM authentication to be generated in Azure AD. You can either expire passwords for all users in the tenant that need to use Azure AD Domain Services or instruct these users to change their passwords.
Enable NTLM and Kerberos credential hash generation for a cloud-only Azure AD tenant
Here are instructions you need to provide end users, so they can change their passwords:
Navigate to the Azure AD Access Panel page for your organization at http://
Select the profile tab on this page.
Click the Change password tile on this page.
Create a virtual network for Azure AD Domain Services.
Note
If you do not see the Change password option on the Access Panel page, ensure that your organization has configured password management in Azure AD.
On the change password page, type your existing (old) password and then type a new password and confirm it. Click submit.
Create a virtual network for Azure AD Domain Services.
After you have changed your password, the new password will be usable in Azure AD Domain Services shortly. After a few minutes (typically, about 20 minutes), you can sign in to computers joined to the managed domain using the newly changed password.
Here is the documentation for getting Windows 7 on Azure domain join https://
HKCU\Software\M
No comments:
Post a Comment