Tag: cloud

Study Guide 70-346

What is the exam 70-346?

70-346 is one of the two exams (+70-347) that you have to pass to achieve MCSA: Office 365.

This exam checks your skills in administration, licensing (o365 plans and scenarios), planning and deploying hybrid solutions (on-premises <> cloud).

office365exam346_1

How many questions in the exam?

56

What types of questions exam has?

There are a lot of drag-and-drop . multiple-choice questions.

How to prepare for an exam?

Get the free trial of O365 E3 Plan

Fill out the required form. Make sure you provided the active phone number.

You will receive a verification code that is required to finalize creating new O365 account.

office365exam346_2office365exam346_3

Click on “You’re ready to go …” and you will be redirected to the main page of portal.

To get status of trial subscription or to view all available plans click on “Purchase” at the top-right corner of the screen

Note “days left” and parameters (expiration date, quantity of purchased users) of trial subscription

office365exam346_4office365exam346_5

Go to pricing and plans and try to remember the main differences between business and enterprise plans!

For example,

Business/Enterprise : 300 users maximum and unlimited respectively

Free trial option: Only for Business, Business Premium, E3

If you are not familiar with what O365 offers or want to get deep knowledge about plans and services go to these documents:

Office 365 service description

Office 365 service comparison

Just for your information :

MS has E4 plan (to enhance unified messaging experience) and going to add new plan called E5 before the end of this year

Education and Government plans are not widely presented in the exam so you can be free to omit them.

Prepare your workstation

To be able manage O365 with PowerShell you have to install some required software on your machine.

In my environment I use only the following modules (RMS+Azure AD) :

office365exam346_6

Then go to the exam’s official page and explore 6 categories of skills :

office365exam346_7

Open your Office 365 portal and run Azure AD PowerShell machine.

You have to be ready to repeat all described steps below in web GUI and PowerShell as well.

2015-10-19_16-20-51

Provision Office 365

Where is? Portal –> Domains , Portal –> Setup

Provision Tenants

  • Add and configure custom domains
  • Plan a pilot

GUI: https://www.microsoftpressstore.com/articles/article.aspx?p=2419713

PS: https://msdn.microsoft.com/en-us/library/azure/dn919677.aspx

office365exam346_8

Plan and implement networking and security

Where is ? Service Settings –> Rights Management , Portal –> Users

PowerShell: https://msdn.microsoft.com/en-us/library/dn629398.aspx

Example:How to activate RMS using PowerShell

#Import Rights Management module 
Import-Module aadrm

#Get credentials (global administrator)
$cred=Get-Credential -Credential rlevchenko@<tenantname>.onmicrosoft.com

#Connect to RM Service and activate it. 

Connect-AadrmService -Credential $cred -Verbose

VERBOSE: https://admin.eu.aadrm.com/adminV2/admin.svc
A connection to the Windows Azure AD Rights Management (AADRM) service was opened for rlevchenko@<tenantname>.onmicrosoft.com.

Enable-Aadrm -Verbose

The Rights Management service has been successfully enabled although additional
 configuration of other services might be required. For more information, see h
ttp://go.microsoft.com/fwlink/?LinkId=251909.

#Add user to RMS administrators group

Add-AadrmRoleBasedAdministrator -EmailAddress "user1@<tenantname>.onmicrosoft.com"
user1@<tenantname>..onmicrosoft.com was added to the list of administrators for the
Rights Management service.

#Disconnect from RM Service

Disconnect-AadrmService -Verbose
Connection to the AADRM service closed.

PowerShell: https://msdn.microsoft.com/en-us/library/azure/dn919663.aspx

Example: How to create a new user and assign to one of administrators group

#Connect to MS Online. 
Connect-MSOnline -Credential $cred

#Create new user DisplayName and UserPrincipalName are REQUIRED! 
#Note: Password is automatically generated

New-MsolUser -DisplayName "User2" -UserPrincipalName user2@<tenantname>.onmicrosoft.com

Password            UserPrincipalName   DisplayName         isLicensed
--------            -----------------   -----------         ----------
Jura4110            user2@<tenantname>... User2               False

#List of available administrator roles

Get-MsolRole|ft Name

Name
----
Compliance Administrator
Exchange Service Administrator
Device Managers
Partner Tier1 Support
Company Administrator
Helpdesk Administrator
Lync Service Administrator
Directory Readers
Directory Writers
Device Join
Device Administrators
Billing Administrator
Workplace Device Join
Directory Synchronization Accounts
Device Users
Partner Tier2 Support
Service Support Administrator
SharePoint Service Administrator
User Account Administrator

#Add user to Helpdesk Administrator

Add-MsolRoleMember -RoleName "Helpdesk Administrator" -RoleMemberEmailAddress "user2@<tenantname>.onmicrosoft.com" -Verbose

#Check

$role=Get-MsolRole -RoleName "HelpDesk Administrator"
Get-MsolRoleMember -RoleObjectId $role.ObjectId

RoleMemberType      EmailAddress        DisplayName         isLicensed
--------------      ------------        -----------         ----------
User                user2@<tenantname>...       User2                    False

office365exam346_9

Manage cloud identities

Where is ? Portal –> Users, <Billing>, <Service Settings –> Passwords>

PowerShell example:

#I have already connected to MS online so it's not necessary to execute Connect-MSolService.  

#Reset user's password to random password. User will be required to set new password on the next sign in.

Set-MsolUserPassword -UserPrincipalName user2@<tenantname>.onmicrosoft.com
Toha1184

#....Not to random password
Set-MsolUserPassword -UserPrincipalName user2@<tenantname>.onmicrosoft.com -NewPassword Pass123!
Pass123!

#Set expiration of password
Set-MsolUser -UserPrincipalName user2@<tenantname>.onmicrosoft.com -PasswordNeverExpires $true

#Set password expiration policy

Set-MsolPasswordPolicy -DomainName <tenantname>.onmicrosoft.com -ValidityPeriod 90 -NotificationDays 14

#Get password expiration policy
Get-MsolPasswordPolicy -DomainName <tenantname>.onmicrosoft.com

ExtensionData                        NotificationDays            ValidityPeriod
-------------                        ----------------            --------------
System.Runtime.Serializ...                         14                        90

Examples:

#Soft delete, no confirm 

Remove-MsolUser -UserPrincipalName user3@<tenantname>.onmicrosoft.com -Force

#List of deleted users

Get-MsolUser -ReturnDeletedUsers

UserPrincipalName          DisplayName                isLicensed
-----------------          -----------                ----------
user3@<tenantname>.onmicros... User3                      False

#Restore user after soft delete

Restore-MsolUser -UserPrincipalName user3@<tenantname>.onmicrosoft.com

UserPrincipalName          DisplayName                isLicensed
-----------------          -----------                ----------
user3@<tenantname>.onmicros... User3                      False

How to do “hard delete” users:

#First step it is to delete user with "soft" option

Remove-MsolUser -UserPrincipalName user3@<tenantname>.onmicrosoft.com -Force

#Delete user from recycle bin = hard delete

Remove-MsolUser -UserPrincipalName user3@<tenantname>.onmicrosoft.com -RemoveFromRecycleBin -Force

License management:

#Get list of unlicensed users

Get-MsolUser -UnlicensedUsersOnly

UserPrincipalName          DisplayName                isLicensed
-----------------          -----------                ----------
user2@<tenantname>.onmicros... User2                      False

#Get list of SKUs (as shown, 25 licenses are provided by trial)

Get-MsolAccountSku

AccountSkuId                    ActiveUnits     WarningUnits    ConsumedUnits
------------                    -----------     ------------    -------------
<tenantname>:ENTERPRISEPACK         25              0               2


#User must have UsageLocation
Set-MsolUser -UserPrincipalName user2@@<tenantname>.onmicrosoft.com -UsageLocation RU

#Add license to user
Set-MsolUserLicense -UserPrincipalName user2@<tenantname>.onmicrosoft.com -AddLicenses <tenantname>:ENTERPRISEPACK

#To remove license
Set-MsolUserLicense -UserPrincipalName user2@<tenantname>.onmicrosoft.com -RemoveLicenses <tenantname>:ENTERPRISEPACK

Some very important facts:

  1. soft delete – user will be in Recycle Bin for 30 days
  2. hard delete – user will be permanently removed from Recycle Bin
  3. Days before password expire: min 14 , max 730 days
  4. Days before a user is notified that their password will expire: min 1, max 30 days

image

Go to Active Users –> Active Directory synchronization setup and review all required steps

office365exam346_10

Fact: you cannot install AD FS proxy role with ADFS server on the same computer!

office365exam346_11

Monitor and troubleshoot Office 365 availability and usage

Where? Portal –> Service Health , Portal –> Support, Portal –> Tools, Portal –> Reports

Some “all-in-one” courses, labs and tips:

  1. Office 365 Guides at IgniteLabs (Labs)
  2. TechNet virtual labs (Labs, just type “365” in search box)
  3. Office 365 courses at MVA (Video/Slides)
  4. Managing Office 365 Identities and Services (Video/Slides)
  5. Free Microsoft 70-346 Exam Study Guide (PDF)
  6. Free Second Shot (available up to 12 January, 2016)

Thanks for reading and good luck on your exam!

Windows Azure Pack: How to add and troubleshoot VM Clouds

Hi, folks!

Finally, this is the third and last part of series of posts related with Windows Azure Pack (WAP) and VMM Clouds. Previously we’ve described installation of Windows Azure Pack and Service Provider Foundation. Now it’s time to implement the first cloud service. No doubt the most popular service is VM Cloud. Let’s describe what is it and how to deploy one with WAP.

Requirements

Component Requirement Description
Service Provider Foundation Install and configure Service Provider Foundation The VM Clouds service in Windows Azure Pack uses Service Provider Foundation to communicate with VMM. So, before provisioning VM Clouds
Guide HOW TO
Windows Azure Pack Install and configure Windows Azure Pack Installation guide: Windows Azure Pack
Cloud In the underlying VMM server that is associated with the Service Provider Foundation endpoint, you must have created a cloud and it’s associated components such as VM Templates, Hardware Profiles, VM Networks, Gallery Items For clouds to work with Windows Azure Pack, you must ensure that the clouds are created with the following considerations:

  • You must create a cloud from host groups.
  • You must have already created logical networks that can be associated with the cloud
  • You must have already created a VM library share.
  • You must assign the right amount of capacity to the cloud. The capacity that you assign to the cloud governs the resources that will be available to the tenants while provisioning virtual machines using VM Clouds.
  • You must not select any of the available capability profiles (ESX Server, Hyper-V, XenServer) while creating the cloud. If you do so, tenants will not be able to deploy virtual machine roles using the VM Clouds service.

HOW-TO is described below
Service Provider Foundation service account The Service Provider Foundation service account must be added to the administrator user role in the VMM server See below
VMM RunAsAccount To successfully complete all steps in this mini-guide Create RunAsAccount in VMM and assign Administrator Role

Register SPF in Windows Azure Pack

  1. Log in to WAP admin portal (in my case, https://wapportal.domain.com:30091)

2.Click on VM Clouds and then “Register System Center Service Provider Foundation

wap_spf_1

  1. Type URL for Service Provider and provide required credentials

wap_spf_2

  1. Verify status of SPF registration. It should be the same as shown on the pic below

wap_spf_3

Add SPF Service Account as VMM administrator

  1. Log in to SPF Server, open IIS and note user identity for SPF Pools

spf_service_accouns_apppools_thumb

  1. Open VMM Console and connect to VMM

  2. Go to Security –> User Roles –> Administrator and add SPF Service account to this role

vmm_spf_admin_svc

or use PowerShell:

$UserRole = Get-SCUserRole -Name "Administrator"
Set-SCUserRole -UserRole $UserRole -AddMember Domain\SPFServiceAccount

Create VMM cloud

In this section we create BASIC VMM cloud only for demo purposes.You have to carefully plan/design your cloud components.

  1. Add hosts to host group (VMs and Services –> right click on host group name –> add hyper-v hosts and clusters“) or PS:
#In my case, host group called as All Hosts and 1 member hv01

$runAsAccount = Get-SCRunAsAccount -Name "Administrator"
$hostgroup =  Get-SCVMHostGroup -Name "All Hosts"
Add-SCVMHost -ComputerName "hv01.domain.com" -VMHostGroup $hostgroup -Credential $runAsAccount
  1. Add Logical Network (Fabric –Logical Networks – Add Logical Network).
#Create new logical network
$LogicalNetwork=New-SCLogicalNetwork -Name VM -LogicalNetworkDefinitionIsolation $false -EnableNetworkVirtualization $true -UseGRE $true -IsPVLAN $false
$HostGroup =@()
#Get Host Group
$HostGroup += Get-SCVMHostGroup -Name "All Hosts"
#Add VLAN Subnet ID and IP with netmask
$SubnetVLAN = @()
$SubnetVLAN += New-SCSubnetVLAN -Subnet "10.10.25.0/24" -VLAN 0
#New Definition for logical network VM
New-SCLogicalNetworkDefinition -Name VM -LogicalNetwork $LogicalNetwork -VMHostGroup $HostGroup -SubnetVLAN $SubnetVLAN

sc_vmm_logical_network_1

sc_vmm_logical_network_2

  1. Add Library server if it has not deployed yet (Library –> Library Servers –> Add Library Server)
#Get Library Servers
Get-SCLibraryServer

image

Copy sysprepped vhds to Library (highlight library and click “Import Physical Resource” button) or through PS:

Import-SCLibraryPhysicalResource -SourcePath "path to VHDs" -SharePath "\\libraryFQDN\foldername"

In my demo, I use clean 2012 R2 Std with the latest updates.

  1. Create new cloud (VMs and Services –> Clouds –> New Cloud). Pictures are clickable (see cloud properties from left to right)

Do not forget:  You must not select any of the available capability profiles (ESX Server, Hyper-V, XenServer) while creating the cloud.

If you do so, tenants will not be able to deploy virtual machine roles using the VM Clouds service.

imageimage image

image image  image

image  image image

That’s it . Our demo cloud is ready. But it’s not enough.

Now we need to create VM templates.

Create VM Templates

1.  Add hardware profiles (Library –> Profiles –> right click –> Create Hardware Profiles). I have one pre-created profile with the following properties:

image

Create a few profiles for different VM configurations, if it is necessary.

  1. Go to Virtual Templates – right click and “Create VM Template” , use your sysprepped vhd as a source for VM template

image

Specify Template Name, Generation ID and choose Hardware Profile (it is not required but let’s do it Улыбка).

OS configuration page (my future VMs will be based on 2012 R2 Standard, so you have to verify that the right Operating System is specified):

image

The next step is VMM registration on WAP portal.

Register VMM in WAP

  1. Log in to admin management portal (https://wapportal.domain.com:30091)

  2. Go to VM Clouds –> Clouds and click on “Use an existing virtual machine cloud…”

wap_spf_cloud_1

  1. Type VMM server name and Register

wap_spf_cloud_2

  1. OMG! Look at this…it is my cloud Улыбка

wap_spf_cloud_3

Create WAP Hosting Plan

  1. Go to Plans and click on “Create a new hosting plan”

wap_spf_cloud_4

  1. Devise friendly name for you plan

wap_spf_cloud_5

  1. We want to provide VM Clouds

wap_spf_cloud_6

  1. Just click next

wap_spf_cloud_7

5.Our demo plan is created. Verify that status is green.

wap_spf_cloud_8

  1. Open newly created plan and go to “virtual machine clouds” service

wap_spf_cloud_9

7.Review and change properties (add virtual network, hardware profiles, vm templates) for service

wap_spf_cloud_10 wap_spf_cloud_11wap_spf_cloud_12wap_spf_cloud_13

Thanks to gallery items we have options to create workloads  (Exchange, Lync,SQL and etc) from gallery (just like in Azure). I will describe it my next posts.

Create new user account for WAP

Finally, we have to create user and map him to our plan with VM clouds service

Go to User Accounts and click on “Create a new user”

wap_spf_cloud_14

Type mail for example, password and choose plan. Click on Create

wap_spf_cloud_15

Our demo user (tenant) is created. Now you can access client management portal using this email address and password.

Create demo VM under tenant account

Open in IE https://wapportalfqdn:30081 and sign-in as tenant, then click on Virtual Machines

Standalone –> Quick Create –> choose template, type Name of VM and admin’s password and click on “Create VM Instance

wap_vm_creation_1

Woohooo!  As you can see out tenant successfully created testVM and VM is running.

wap_vm_creation_final

From VMM side (vm creation progress):

wap_cloud_vm_creation_1

User tenants (VMM side):

wap_vmm_user_tenants

How to troubleshoot WAP,SPF,VMM

WAP Troubleshooting:

A ton of information you can find here:

https://technet.microsoft.com/en-us/library/dn554311.aspx

My favorite steps:

image

Additional links: