Tuesday, April 29, 2014

A Peek at the Microsoft Azure AD Sync Database

As a metadirectory historian, me and my fellow metadirectory historians (Ahmad and James) took a look at the preview for Microsoft Azure AD Sync, and so went to take a look at the database.

Upon installing the preview we opened up SQL Management Studio but to our chagrin were unable to find the Sync Database.  Ahmad was delighted to find (or not find) that the product was locked down such that the database was invisible.  A quick look at the running services (Get-Service *sql*) revealed two running SQL instances (default, and SharePoint).  A quick look at Task Manager revealed three running SQL instances, and one without an associated service (our suspect).  A quick Bing search revealed that SQL Express acts this way, and the connection string should be in the format of (localdb)\<instance name>.  The Sync registry settings showed us the instance name, so the connection string should be: (localdb)\WindowsAzureActiveDirectorySyncDatabase

In the end we were able to use SQL Management Studio to connect to (localdb)\WindowsAzureActiveDirectorySyncDatabase, and begin poking around the new database.

Hopefully this post helps you find the database quicker than we did!

Wednesday, April 23, 2014

File Copy Performance on Generation 2 Virtual Machines

Just an observation not backed up by good research, but I ventured down the Generation 2 virtual machine path in hopes of drastic performance improvements for file copies.

My scenario is that I have a FIM VM that I need to restore databases into, and I do the restore from SQL backup files (which are nice and compressed for copying pleasure).  Ideally I would be able to just copy the files to the VM using UNC paths, but the speeds hover around 1MB/s.

Copying the same file to the Hyper-V host, I get speeds closer to 50MB/s.

The workaround I’ve come up with to appease my impatience is to mount a VHDX on the host, and copy the files into the VHDX, then add that VHDX to the VM.  The problem with this is that it requires access to the VM host, which I only have because I bought the admin a six pack.

I was hoping that the file copy performance of the Generation 2 VM would solve my problem, but it appears I have to work a little harder to figure it out.  More later, and until the the admin will enjoy more beer.

Tuesday, April 22, 2014

Installing FIM on SharePoint 2013 SP1

Couldn’t help but try installing FIM now with this setup:

  • Windows Server 2012 R2
  • SQL Server 2012 R2
  • SharePoint 2013 Foundation SP1
  • FIM 2010 R2 SP1

Prior to SharePoint 2013 SP1 I was not able to get SharePoint installed on Windows Server 2012 R2 due to issues with the prerequisites installer.  Yes, I could have sorted it out by following the wisdom of the smart folks that figured out the workaround but I just don’t enjoy SharePoint enough to spend that much time on said workaround. 

Anyhow, I installed the above today and voila!  It worked!  The bonus was that it mostly worked with my existing automation script on a Hyper-V Generation 2 virtual machine.

Next step is to try it in my Azure VMs, which I expect to be no different except for the source of the installation media since I still use ISO files in Hyper-V, where in Azure we have to use VHD files.

SharePoint 2013 SP1 Released Again

Anybody installing Forefront Identity Manager on Windows Server 2012 R2 will be interested to know that the download for SharePoint 2013 SP1 is available again.

More detail here:

http://mcpmag.com/articles/2014/04/22/sharepoint-2013-sp1-gets-rerelease.aspx

MemberOf What?

Still waiting, got bored of playing with Whoami so chased the data upstream a bit.

Here’s how to check if AD has the group membership I’ve been waiting for, to do my job…

 

Get-ADUser craigm -Properties memberof |

Select-Object -ExpandProperty memberof |

Where-Object {$_ -like '*vstf*'}

 

The above command looks at the memberOf property of my user object, then looks for the name of the group I’m waiting to become a member of.  If the output contain that group, then I’m a member.  Otherwise it either hasn’t replicated to the DC I’m talking to, or FIM hasn’t exported the change through the ADMA yet.

Whoami? Waiting for AD Replication?

Added myself to a group using FIM, now I have to wait for the sync to complete, then the replication to complete.  Being the impatient person I am, thought I’d share the one-liner I used to pass the time.

 

& whoami /groups | Where-Object {$_ -like '*group name*'}

 

The above takes advantage of a cmd.exe utility that has some very handy switches.

The output is below, slightly abbreviated.  Each line of the output gets fed into the PowerShell pipeline, so I just do a string comparison using the –like operator.  If the group shows up in the output then I am logged in as a member of that group.

 

REDMIND\Hockey Players                                      Group           

REDMIND\Mountain Bikers                                 Group           

REDMIND\Slackers                                   Group           

 

 

Thursday, April 17, 2014

Microsoft Azure Active Directory Sync Services (AADSync)

Fun news!  The next release of the synchronization engine is available for download from the Microsoft Connect site.   You can find a link to it at this neat little site:

http://www.aadsync.com/

The first release of the sync engine is simply a replacement for the DirSync appliance, so it is quite limited in functionality (the point of an appliance) but we can still get a glimpse into what is coming.

Of course the first thing I went looking for was the PowerShell coverage, and quickly found 58 commands in the new synchronization module.  Needless to say I’m super excited about this, and can’t wait to try wrapping it with some Desired State Configuration goodness.

I’ll post here as I explore the new PowerShell commands, as well as the sync engine itself.

Using Azure for a FIM Dev Environment

Been using PowerShell and Hyper-V to automate the creation of FIM machines for quite a while but hadn’t paid enough attention to automating the same using Azure instead of Hyper-V.  My assumption was that it would be an easy transition, figuring Azure VMs to be just like Hyper-V.  It is actually way better than I thought, at least in my initial impressions.

Azure VM Images

The key reason why I like Azure VMs is the VM gallery.  Sure it is cool that there are loads of gallery images, even including non-Microsoft images but they are so quick to deploy.  Also, by using those images you outsource the creation of them, allowing you to focus on the thing you’re trying to deploy.  In my case, I make use of two types of images:

1. Windows Server 2012 R2 (I use this for my AD Domain Controller)

2. SQL Server 2014 (I use this for my FIM server)

So with those images deployed to new VMs there is actually less work for me to do to get FIM deployed, a time savings I wasn’t expecting.

If you haven’t been using Azure VMs for FIM development and test environments, then it is certainly time to take a look!

Tuesday, April 08, 2014

Using Select-Object with Expressions

This is such a cool feature of PowerShell, being able to look at data that might not be available directly on the objects.

There’s a couple different ways to solve this that I’ve found:

1. Create a new PSObject and add the new properties to it

2. Use Select-Object with expressions

I tend to use Select-Object when I just want to create a property before displaying it, typically for ad-hoc scripts that I plan on throwing away.  I tend to use PSObjects when I want to use the property elsewhere in a script.

Here is a simple example showing how to use Select-Object with AD Groups:

 

### Get some Groups

Get-ADGroup--LDAPFilter "(mailnickname=a*)" -Properties member |

 

### Select a property and create a new one using an expression

Select-Object -Property name,@{Name="Member Count"; Expression = {$_.member.count}}

 

 

Here is what the output looks like:

 

 

name                       Member Count

----                       ------------

Adaptive-All DG                      36

AAB DG                                0

AdsRUS Monthly DG                     4

Applicious DG                        10

Advanced-Development DG              33