Tag: management

AZ-104 – Microsoft Azure Administrator : Managing Identities and Governance- Manage Azure Active Directory (Azure AD) objects

by Samuel Mitchell, posted in Azure, Microsoft, windows, Windows server

This article will show the configuration commands required to complete the objectives on the exam guide for the AZ-104. The article information is updated as I complete the respective tasks.

Manage Azure Active Directory (Azure AD) objects

  • Create users and groups

Azure CLI

# Create user

az ad user create –display-name “Full Name” –user-principal-name “Firstname.lastname@domain.com”

# Create user group

az ad group create –display-name “Group Name” –mail-nickname “GroupName”

PowerShell

# Create user

New-AzADuser -DisplayName “Full Name” -UserPrincipalName “Firstname.lastname@domain.com” -MailNickName “FullName”

#Create Group

New-AzADGroup -DisplayName “Group Name” -MailNickName “Groupname”

  • Create administrative units

Azure CLI

# Comment

az noun verb –name variable

PowerShell

# Create a Administrative Unit

New-AzureADMSAdministrativeUnit -DisplayName “NameOfAdminUnit” -Descrption “DescriptionOfAdminUnit”

# Remove a Administrative Unit

Remove-AzureADMSAdministrativeUnit –

  • Manage user and group properties

Azure CLI

# Comment

az noun verb –name variable

PowerShell

# Comment

Verb-Noun -Parameters variable

  • Perform bulk user updates

Azure CLI

# Comment

az noun verb –name variable

PowerShell

# Comment

Verb-Noun -Parameters variable

  • Manage device settings

Azure CLI

# Comment

az noun verb –name variable

PowerShell

# Comment

Verb-Noun -Parameters variable

  • configure Azure AD join

Azure CLI

# Comment

az noun verb –name variable

PowerShell

# Comment

Verb-Noun -Parameters variable

  • Configure self-services password reset

Azure CLI

# Comment

az noun verb –name variable

PowerShell

# Comment

Verb-Noun -Parameters variable

AZ-104 – Microsoft Azure Administrator : Manage Azure Identities and Governance – Manage Role-based access control (RBAC)

by Samuel Mitchell, posted in Azure, Microsoft, windows, Windows server

This article will show the configuration commands required to complete the objectives on the exam guide for the AZ-104. The article information is updated as I complete the respective tasks.

Manage Role-based Access Control (RBAC)

  • Create a custom role

Azure CLI

# Comment

az noun verb –name variable

PowerShell

# Comment

Verb-Noun -Parameters variable

  • Provide access to Azure resources by assigning roles at different scopes

Azure CLI

# Assigning role Owner to subscription scope

az role assignment create \

–assignee “rbacuser@domain.com” \

–role “Owner” \

— scope “scope_name_or_id”

#Assign role Contributor to resource level

az role assignment create \

–assignee “user@domain.com” \

–scope “/subscriptions/[subid]/resourceGroups/[rgid]/provider/Microsoft.Compute/virtualMachines/[myVM1” \

–role “Contributor”

#Delete role assignment

az role assignment delete \

–assignee “deleteuser@domain.com” \

–scope “scope_name_or_id” \

–role “Owner”

#view all role assignment

az role assignment list –all

PowerShell

# Assigned Owner role at scope level

New -AzRoleAssignment -SignInName “rbacuser@domain.com” `

-RoleDefinitionName “Owner” -scope “scope_name_or_id”

#Delete role assignment

Remove-RoleAssignment -SignInName “user@domain.com” `

-Scope “scope_name_or_id” `

-RoleDefinitionName “Reader”

#List all the Role assignment

Get-AzRoleAssignment

  • Interpret access assignments

Azure CLI

# Comment

az noun verb –name variable

PowerShell

# Comment

Verb-Noun -Parameters variable

AZ-104 – Microsoft Azure Administrator : Deploy and manage Azure compute resources – Create and configure Azure App Service

by Samuel Mitchell, posted in Uncategorized

This article will show the configuration commands required to complete the objectives on the exam guide for the AZ-104. The article information is updated as I complete the respective tasks.

Create and configure Azure App Service

Azure CLI

# Replace the following URL with a public GitHub repo URL

gitrepo=https://github.com/Azure-Samples/php-docs-hello-world webappname=mywebapp$RANDOM

# Create a resource group.

az group create –location eastus –name myRG

# Create an App Service plan in `FREE` tier.

az appservice plan create –name $webappname –resource-group myRG –sku FREE

# Create a web app.

az webapp create –name $webappname –resource-group myRG –plan $webappname

# Deploy code from a public GitHub repository.

az webapp deployment source config –name $webappname –resource-group myRG \

–repo-url $gitrepo –branch master –manual-integration

# Copy the result of the following command into a browser to see the web app.

echo http://$webappname.azurewebsites.net

PowerShell

# Replace the following URL with a public GitHub repo URL

$gitrepo=”https://github.com/Azure-Samples/app-service-web-dotnet-get-started.git”

$webappname=”mywebapp$(Get-Random)”

$location=”West Europe”

# Create a resource group.

New-AzResourceGroup -Name myRG -Location $location

# Create an App Service plan in Free tier.

New-AzAppServicePlan -Name $webappname -Location $location -ResourceGroupName myRG `

-Tier Free

# Create a web app.

New-AzWebApp -Name $webappname -Location $location -AppServicePlan $webappname `

-ResourceGroupName myRG

# Configure GitHub deployment from your GitHub repo and deploy once.

$PropertiesObject = @{ repoUrl = “$gitrepo”; branch = “master”; isManualIntegration = “true”; }

Set-AzResource -Properties $PropertiesObject -ResourceGroupName myRG `

-ResourceType Microsoft.Web/sites/sourcecontrols `

-ResourceName $webappname/web -ApiVersion 2015-08-01 -Force

Azure CLI

# Variables

appName=”AppServiceManualScale$random”

location=”WestUS”

# Create a Resource Group

az group create –name myRG –location $location

# Create App Service Plans

az appservice plan create –name AppServiceManualScalePlan –resource-group myRG –location $location –sku B1

# Add a Web App

az webapp create –name $appName –plan AppServiceManualScalePlan –resource-group myRG

# Scale Web App to 2 Workers

az appservice plan update –number-of-workers 2 –name AppServiceManualScalePlan \

–resource-group myRG

PowerShell

# Comment

# Generates a Random Value

$Random=(New-Guid).ToString().Substring(0,8)

# Variables

$RG=”myResourceGroup$random”

$AppName=”AppServiceManualScale$random”

$Location=”WestUS”

# Create a Resource Group

New-AzResourceGroup -Name $RG -Location $Location

# Create an App Service Plan

New-AzAppservicePlan -Name AppServiceManualScalePlan -ResourceGroupName $RG `

-Location $Location -Tier Basic

# Create a Web App in the App Service Plan

New-AzWebApp -Name $AppName -ResourceGroupName $RG -Location $Location `

-AppServicePlan AppServiceManualScalePlan

# Scale Web App to 2 Workers

Set-AzAppServicePlan -NumberofWorkers 2 -Name AppServiceManualScalePlan `

-ResourceGroupName $RG

Azure CLI

# Comment

az noun verb –name variable

PowerShell

# Comment

Verb-Noun -Parameters variable

Azure CLI

# Comment

az noun verb –name variable

PowerShell

# Comment

Verb-Noun -Parameters variable

  • Configure custome domain names

Azure CLI

# Variable

fqdn=<Replace with www.{yourdomain}>

webappname=mywebapp$RANDOM

# Create a resource group.

az group create –location westeurope –name myResourceGroup

# Create an App Service plan in SHARED tier (minimum required by custom domains).

az appservice plan create –name $webappname \

–resource-group myResourceGroup –sku SHARED

# Create a web app.

az webapp create –name $webappname –resource-group myResourceGroup \

–plan $webappname

echo “Configure a CNAME record that maps $fqdn to $webappname.azurewebsites.net” read -p “Press [Enter] key when ready …”

# Before continuing, go to your DNS configuration UI for your custom domain and follow the

# instructions at https://aka.ms/appservicecustomdns to configure a CNAME record for the

# hostname “www” and point it your web app’s default domain name.

# Map your prepared custom domain name to the web app.

az webapp config hostname add –webapp-name $webappname \

–resource-group myResourceGroup \

–hostname $fqdn

echo “You can now browse to http://$fqdn&#8221;

PowerShell

# Variable

$fqdn=”<Replace with your custom domain name>”

$webappname=”mywebapp$(Get-Random)”

$location=”West Europe”

# Create a resource group.

New-AzResourceGroup -Name $webappname -Location $location

# Create an App Service plan in Free tier.

New-AzAppServicePlan -Name $webappname -Location $location `

-ResourceGroupName $webappname -Tier Free

# Create a web app.

New-AzWebApp -Name $webappname -Location $location -AppServicePlan $webappname `

-ResourceGroupName $webappname

Write-Host “Configure a CNAME record that maps $fqdn to $webappname.azurewebsites.net” Read-Host “Press [Enter] key when ready …”

# Before continuing, go to your DNS configuration UI for your custom domain and follow the

# instructions at https://aka.ms/appservicecustomdns to configure a CNAME record for the

# hostname “www” and point it your web app’s default domain name.

# Upgrade App Service plan to Shared tier (minimum required by custom domains)

Set-AzAppServicePlan -Name $webappname -ResourceGroupName $webappname `

-Tier Shared

# Add a custom domain name to the web app.

Set-AzWebApp -Name $webappname -ResourceGroupName $webappname `

-HostNames @($fqdn,”$webappname.azurewebsites.net”)

The offline backup is a full backup each time and not an incremental copy.

Azure CLI

#

groupname=”myResourceGroup”

planname=”myAppServicePlan”

webappname=mywebapp$RANDOM

storagename=mywebappstorage$RANDOM

location=”WestEurope”

container=”appbackup”

backupname=”backup1″

expirydate=$(date -I -d “$(date) + 1 month”)

# Create a Resource Group

az group create –name $groupname –location $location

# Create a Storage Account

az storage account create –name $storagename \

–resource-group $groupname –location $location \

–sku Standard_LRS

# Create a storage container

az storage container create –account-name $storagename –name $container

# Generates an SAS token for the storage container, valid for one month.

# NOTE: You can use the same SAS token to make backups in App Service until –expiry sastoken=$(az storage container generate-sas –account-name $storagename –name $container \ –expiry $expirydate –permissions rwdl –output tsv)

# Construct the SAS URL for the container sasurl=https://$storagename.blob.core.windows.net/$container?$sastoken

# Create an App Service plan in Standard tier. Standard tier allows one backup per day.

az appservice plan create –name $planname –resource-group $groupname –location $location \

–sku S1

# Create a web app

az webapp create –name $webappname –plan $planname –resource-group $groupname

# Create a one-time backup

az webapp config backup create –resource-group $groupname –webapp-name $webappname \

–backup-name $backupname –container-url $sasurl

# List statuses of all backups that are complete or currently executing.

az webapp config backup list –resource-group $groupname –webapp-name $webappname

PowerShell

# Variables

$webappname=”mywebapp$(Get-Random -Minimum 100000 -Maximum 999999)” $storagename=”$($webappname)storage”

$container=”appbackup”

$location=”West Europe”

$backupname=”backup1″

# Create a resource group.

New-AzResourceGroup -Name myResourceGroup -Location $location

# Create a storage account.

$storage = New-AzStorageAccount -ResourceGroupName myResourceGroup `

-Name $storagename -SkuName Standard_LRS -Location $location

# Create a storage container.

New-AzStorageContainer -Name $container -Context $storage.Context

# Generates an SAS token for the storage container, valid for one month.

# NOTE: You can use the same SAS token to make backups in Web Apps until -ExpiryTime

$sasUrl = New-AzStorageContainerSASToken -Name $container -Permission rwdl `

-Context $storage.Context -ExpiryTime (Get-Date).AddMonths(1) -FullUri

# Create an App Service plan in Standard tier. Standard tier allows one backup per day.

New-AzAppServicePlan -ResourceGroupName myResourceGroup -Name $webappname `

-Location $location -Tier Standard

# Create a web app.

New-AzWebApp -ResourceGroupName myResourceGroup -Name $webappname ` -Location $location -AppServicePlan $webappname

# Create a one-time backup

New-AzWebAppBackup -ResourceGroupName myResourceGroup -Name $webappname `

-StorageAccountUrl $sasUrl -BackupName $backupname

# List statuses of all backups that are complete or currently executing.

Get-AzWebAppBackupList -ResourceGroupName myResourceGroup -Name $webappname

  • Configure networking settings

Azure CLI

# Comment

az noun verb –name variable

PowerShell

# Comment

Verb-Noun -Parameters variable

  • Configure deployment settings

Azure CLI

# Comment

az noun verb –name variable

PowerShell

# Comment

Verb-Noun -Parameters variable

AZ-104 – Microsoft Azure Administrator : Deploy and manage Azure Compute resources – Configure VMs

by Samuel Mitchell, posted in Uncategorized

This article will show the configuration commands required to complete the objectives on the exam guide for the AZ-104. The article information is updated as I complete the respective tasks.

Configure VMs

  • Configure Azure Disk Encryption

Azure CLI

# Create a Key Vault

az keyvault create –name myKV –resource-group myRG –location eastus –enabled-for-disk-encryption

# Update Key Vault to allow the storing of disk encryption key

az keyvault update -n myKV -g myRG –enabled-for-disk-encryption

#Encrypt an existing VM disk

az vm encryption enable -n myVM -g myRG –disk-encryption-keyvault myKV –volume-type all

# View the status of Disk encryption

az vm encryption show -n myVM -g myRG

#Decrypt the VM disk

az vm encryption disable -n myVM -g myRG

PowerShell

# Create Azure KeyVault

New-AzKeyVault -VaultName myKV `

-ResourceGroupName myRG `

-Location EastUS `

-EnabledForDiskEncryption

# Change the KeyVault Policy Access

Set-AzKeyVaultAccessPolicy -VaultName myKV -ResourceGroupName myRG `

-EnabledForDiskEncryption

# Encrypt the VM disk

Set-AzVMDiskEncrytpionExtension -VMname myVM -ResourceGroupName myRG `

-VolumeType [All|OS|Data] -DiskEncryptionKeyVaultID myKV.id `

-DiskEncryptionKeyVaultUri myKV.uri -SkipVMBackup

#View the Disk Encryption Status

Get-AzVMDiskEncryptionStatus -VMname myVM -ResourceGroupName myRG

#Decrypt VM disk

Disable-AzVMDiskEncryption -VMname myVM -ResourceGroupName myRG

  • Manage VM sizes

Azure CLI

# Check the VM current size

az vm show –name myVM –resource-group myRG –query hardwareProfile.vmSize

#List the available size to the VM

az vm list-vm-resize-options –resource-group myRG –name myVM

#Resize the VM to the size of choice from the list generate from command

az vm resize –name myVM –resource-group myRG –size Standard_B1s

#Deallocate VM if the size desired is not listed to be made available

az vm deallocate –name myVM –resource-group myRG

az vm stop –name myVM –resource-group myRG

PowerShell

Get-AzVmSize -VMName myVM -ResourceGroupName myRG

$vm = Get-AzVM -VMName myVM -ResourceGroupName myRG

$vm.HardwareProfile.VmSize = “Standard_B1ls”

Update-AzVM -VM $vm -ResourceGroupName myRG

#Deallocate VM

Stop-AzVM -Name myVM -ResourceGroupName myRG

#Only Stop VM but does not deallocate it

Stop-AzVM -Name myVM -ResourceGroupName myRG -StayProvisioned

  • Add Data Disks

Azure CLI

# Create the disk and attached it to the VM in one command

az vm disk attached -g myRG -vm-name myVM –name myDisk –new –size-gb 32 \

–sku Standard_LRS

PowerShell

# Set the data disk configuration

$diskConfig = new-AzDiskConfig -SkuName “Standard_LRS” -Location “EastUS” `

-CreateOption Empty -DiskSizeGB 32

# Create the data disk

$dataDisk1 = new-AzDisk -DiskName myDisk -Disk $diskConfig -ResourceGroupName myRG

# Get the Virtual Machine information

$vm = Get-AzVM -Name myVM -ResourceGroup myRG

# Add the Disk information to VM

$vm = Add-AzVMDataDisk -VM $vm -Name myDisk -CreateOption Attach `

-ManagedDiskId #dataDisk1.Id -Lun 1

#Update the VM with the data disk

Update-AzVM -VM $vm -ResourceGroupName myRG

# The second phase is to intialize the disk within the VM.

  • Redeploy VMs

Azure CLI

# Redeploy a virtual machine

az vm redeploy –name myVM –resource-group myRG

PowerShell

# Redeploy a virtual machine

Set-AzVM -Redeploy -ResourceGroupName “myRG” -Name “myVM”

  • Move Resource to another Resource group

Azure CLI

# Comment

az resource move –destinationresourcegroupname myRG2 –ids myVMid myStorageid

PowerShell

# Move resource to another resource group

$webapp = Get-AzResource -ResourceGroupName myRG -ResourceName mySite

$vm = Get-AzResource -ResourceGroupName myRG -ResourceName myVM

Move-AzResource -DestinationResourceGroupName myRG2 -ResourceId $webapp.ResourceId, $vm.ResourceId

  • Configure Networking

Azure CLI

# Comment

az noun verb –name variable

PowerShell

# Comment

Verb-Noun -Parameters variable

  • Configure High Availability

Azure CLI

# Comment

az noun verb –name variable

PowerShell

# Comment

Verb-Noun -Parameters variable

  • Deploy and configure scale sets

Azure CLI

# Comment

az noun verb –name variable

PowerShell

# Comment

Verb-Noun -Parameters variable

VMware VCP 6.7-DCV – Objective 1.5 – Manage vCenter inventory efficiently

by Samuel Mitchell, posted in VMware

The following notes will assist you to prepare for this objective:

  • What is efficient?
    • Think about vCenter inventory hierarchy and its organization
    • Parents/children/siblings
  • What constructs do you have available to you to organize objects?
    • Datacenter object
    • Cluster object
    • Folder object
    • Resource pool
    • vApp
  • Be aware of dependency
    • Can you create a cluster before a datacenter?
    • Can you put a datacenter in a folder?
    • Try these simple operations in your test lab
  • Are there any constraints on inventory object creation?
    • Resource pools and vApps have scope
  • Can you scale beyond a vCenter?

Reference:

vCenter Server and Host Management Guide pdf – chapter 8 – Organizing the inventory

Securing the Web management for the HP 2530 switch

by Samuel Mitchell, posted in HP, Routing & Switching, Security

Whenever you get a HP/Aruba 2530 switch out of the box, it comes default with web management enabled using http. You can easily go to the IP address of the switch to view the switch details. To secure the web portal of the switch, do the following:

  1. Log into the switch
  2. Go into configuration mode
  3. Create a self-signed certificate for secure http access

    1. crypto pki enroll-self-signed certificate-name [SWITCHNAME] subject

    2. Enter each information requested
  4. To enable secure http, use command

    1. web-management ssl

  5. To disable http for web management, use command
    1. no web-management plaintext
  6. To added a login for the web portal, use the command:

    1. password manager user-name [loginname] plaintext [loginpassword]

I hope this was useful.

Useful Windows commands

by Samuel Mitchell, posted in windows, Windows server

This article was written to share the commands which can be executed on a Windows system to access different tools of the computer. This list will be updated as time goes by.

Open Local Users and Groups

lusrmgr.msc

Local Security Policy

secpol.msc

Local Group Policy Editor

gpedit.msc

Computer Management Tools

compmgmt.msc

Registry Editor

regedit

Disk Management tool

diskmgmt.msc

Execute a Group Policy Result Report

gpresult /H GPReport.html

GPReport.html

Flush the local DNS cache

ipconfig /flushdns

To change the default OU for Domain computer, use the redirect command

redircmp “OU=MyComputer,DC=domain,DC=com”

View the ARP list of MAC address linked to IP address

arp -a

 

Useful Windows PowerShell (PS) command

by Samuel Mitchell, posted in Microsoft, Windows server

This blog is an opportunity to record all the PS commands I used in my day-to-day management of my environment.

Get-Help [*command*]

The get-help is a useful command used to get details of the command executed.

Get-Command [*command*]

List the A record of the server

Get-DnsServerRecord -Name [Hostname]-RRType [A]

Add an server name with the IP address to the DNS server. This command should be ran from the DNS server remotely or locally.

Add-DnsServerRecordA -Name [HostName] -IPAddress [IP] -ZoneName [domain-name] -AllowUpdate

Shutdown the server

Stop-Computer -ComputerName [Servername] -Force

Restart the server

Restart-Computer -ComputerName [Servername] -Force

Start a remote PowerShell session on server

Enter-PSSession [Servername]

Exit the existing PowerShell remote session

Exit-PSSession

A Similiar command to ping and trace route in Powershell

Test-NetConnection [-traceroute] [destination-name or address]

A command to execute PS commands on a remote host

Invoke-Command -ComputerName -ScriptBlock { [Powershell command goes here] }

List all the services on a computer

Get-Service

List all the Windows share (SMB) session on a computer

Get-SmbSession

Get the AD User information filtered by Name or login

Get-ADUser -Identity [CID] -Filter ‘Name -like “Firstname*”‘

Set the AD User information

Set-ADUser -Identity [CID] -ParameterField “Value”

Unlock User Account

Unlock-ADAccount -Identity [CID]

Disable User Account

Disable-ADAccount Identity [CID]

Enable User Account

Enable-ADAccount Identity [CID]

Reset User Account Password

Set-ADAccountPassword -Identity [CID] -Reset -NewPassword (ConvertTo-SecureString -ASPlainText “MyPassword” -Force)

Set the user account password settings

Set-ADUser -ChangePasswordAtLogon $true -CannotChangePassword $true -AccountExpirationDate “mm/dd/yyyy” -PasswordNeverExpires $true

Search AD for User Account that has expired password

Search-ADAccount -UsersOnly -PasswordExpired | FT SamAccountName, Name, LastLogonDate

Search AD for Locked Out Accounts

Search-ADAccount -UsersOnly -LockedOut | FT SamAccountName, Name, LastLogonDate

Search AD for Expiring Accounts within 60 days

Search-ADAccount -usersonly -AccountExpiring -TimeSpan 60.00:00 | FT SamAccountName,Name,AccountExpirationDate

Search AD for Inactive Accounts

Search-ADAccount -UsersOnly -AccountInactive | FT SamAccountName, Name, LastLogonDate

Search AD for Disabled Accounts

Search-ADAccount -UsersOnly -AccountDisabled | FT SamAccountName, Name

Search AD for Expired Accounts

Search-ADAccount -UsersOnly -AccountExpired | FT SamAccountName, Name, AccountExpirationDate

Search AD for Accounts password set to never expire

Search-ADAccount -UsersOnly -PasswordNeverExpires | FT SamAccountName, Name, AccountExpirationDate,LastLogonDate

Retrieve AD Group Information based on Filter

Get-ADGroup -Filter ‘Name -like “[string]*”‘ -Properties canonicalName | FT canonicalname

Retrieve members for a specific AD Group

Get-ADGroupMember -Identity ‘[groupname]’ | FT SamAccountName, Name

Retrieve the properties of an object

Verb-Object -properties *

Add Members to an AD Group

Add-ADGroupMember -Identity ‘GroupName’ -Members [UserName]

Create an New OU

New-ADOrganizationUnit -Name [OU-Name] -Path “[DC=Domain,DC=com]”

Create a user in the New OU

New-ADUser -Name “Firstname Lastname” -SamAccountName [CID] -Path “OU=,DC=,D=com”

Create a New AD Group

New-ADGroup -Name “GroupName” -SamAccountName [GroupName] -GroupCategory [Security/Distribution] -GroupScope [DomainLocal/Global/Universal] -Path “OU=,DC=domain,DC=com”

Create a managed service account

New-ADServiceAccount -Name [AccountName] -RestrictToSingleComputer

Add-ADComputerServiceAccount -Identity [COMPNAME] -ServiceAccount [AccName]

Test-ADServiceAccount -Identity [AccName]

Get Windows Security event of lockout accounts from PDC

Get-ADDomainController -Filter “OperationMasterRoles -like ‘*PDCEmulator*'” | FT Hostname, OperationMasterRoles, Site, OperatingSystem

Get-WinEvent -ComputerName [PDCEmulaor] -FilterHashtable @{LogName=’Security’;Id=4740} -ErrorAction Stop

Show the Default Domain Password Policy

Get-ADDefaultDomainPasswordPolicy

Change the Default Domain Password Policy

Get-ADDefaultDomainPasswordPolicy | Set-ADDefaultDomainPasswordPolicy -LockoutDuration -LockoutThreshold -MaxPasswordAge -MinPasswordAge -MinPasswordLength -ComplexityEnabled [$true/$false] -PasswordHistoryCount -LockoutObservationWindow