ExchangeGeek

Office 365 Servie Descriptions & Package This

These days I work almost exclusively with Office 365 and an essential tool in my bag are the service descriptions. These keep me honest, so as not to get confused or blur the line, and are essential reading for anyone undertaking an Office 365 deployment.

With "the new Office 365" Microsoft has shifted away from Word documents to publishing them directly on TechNet. This is great because never again will I have out of date information, but not so great for taking it with me (offline) or including a copy with a business document.

Office 365 Service Desciptions on TechNet

Office 365 Service Descriptions on TechNet: http://technet.microsoft.com/en-us/library/jj819284.aspx

The problem comes when I want to read these offline (in bed, on the train) or bundle them in to a report or proposal. Searching on TechNet isn't really that focussed and results can vary.

So, how to resolve this? You could print/save to PDF or OneNote, which is ok but I find Pack This on CodePlex particularly useful.

"Package This is a GUI tool written in C# for creating help files (.chm and .hxs) from the content obtained from the MSDN Library or the TechNet Library via the MSDN Content Service. You select the content you want from the table of contents, build a help file, and use the content offline. You are making personalized ebooks of MSDN or TechNet content. Both help file formats also give full text search and keyword search."

With Package This I can export to CHM or HXS for offline viewing and searching. An XML file can be saved targeting the specific content on TechNet or MSDN for easy updating in the future.

Package This on CodePlex: http://packagethis.codeplex.com/

PST Capture 2.0 Available Now

With PST Capture 2.0 released there are a few useful updates.

Support for Microsoft Exchange Server 2013

Fix profile generation code to use "RPC over HTTP".

The UI is no longer limited to 1000 users when performing an online import.

Fix issue in which online import fails when PST Capture is not installed on Exchange server.

Download the tool:
http://www.microsoft.com/en-us/download/details.aspx?id=36789

KB Article:
http://support.microsoft.com/kb/2815301/en-us?sd=rss&spid=13965

TechNet Guidance/Documentation:
http://technet.microsoft.com/en-us/library/hh781036(EXCHG.141).aspx

Exchange Server 2010 SP3 Released

I was pretty excited to see, among other things, Exchange Server 2010 SP3 has been released in to the wild. At 6am today Laura didn't seem all that interested in hearing about it, so I thought I had better update this blog.

So what does this mean?

Well SP3 is a corner stone of any coexistence transition with Exchange 2013 (CU1) or indeed hybrid with coming release (Wave 15) of Exchange Online on 27 February. It is also going to be important for those Public Folder fans out there wanting to move to the modern/new versions which reside within the DAG.

As well as coexistence/hybrid the SP contains the usual updates, fixes and enables installation on Windows Server 2012. There are Schema updates to review, but should not present a blocker.

Handy links:

SP3 download - http://www.microsoft.com/en-us/download/details.aspx?id=36768

Exchange 2010 SP3 - http://technet.microsoft.com/en-us/library/jj965774(v=exchg.141).aspx

Exchange Team blog - http://blogs.technet.com/b/exchange/archive/2013/02/12/released-exchange-server-2010-sp3.aspx

Happy testing.

Change AD FS 2.0 Primary Server

I was asked today how to decommission the primary AD FS 2.0 server in a farm, minimising any potential interruption. The solution is simple and like all good things uses PowerShell.

The original AD FS 2.0 server was deployed using the WID and Farm options for Office 365.

WID is suitable for the majority of deployments (if it is not you will know about it)
Choosing WID sets the first server deployed to be the primary
Only the primary server can write configuration changes to the database
Opting for a Farm provides scope for HA and scale

The AD FS farm had been extended with new highly available nodes load balanced in geographically dispersed data centres. DNS had been updated and the primary server was in effect redundant.

Log on to the new primary server (NEUADFS02) and run PowerShell.

Add-PsSnapin Microsoft.Adfs.PowerShell

Set-AdfsSyncProperties -Role PrimaryComputer

On all other AD FS servers in the farm run the following.

Add-PsSnapin Microsoft.Adfs.Powershell

Set-AdfsSyncProperties -Role SecondaryComputer -PrimaryComputerName NEUADFS02.EXCHANGEGEEK.COM

On a related note, I also identified that TCP/80 should be open between farm members, despite all resources and configuration identifying only TCP/443 as required. This came up when extending the farm across data center boundaries.

Do it “ONCE”–Cloud based SSO from IMGROUP

Microsoft Office 365 provides a couple of great options for managing user accounts, with the most complete solution leveraging an existing on-premise Active Directory to authenticate in to Office 365 services. IMGROUP have built a multi-data centre hosted Single Sign-On (SSO) solution for Office 365 and Windows Azure, lowering the barrier to entry for this type of deployment and accelerating the deployment.

IMGROUP “ONCE” - http://www.imgrouponline.com/services/once

If we choose the route of using on-premise Active Directory to authenticate the organisation first needs to deploy new roles on to servers. Office 365 offers guaranteed high levels of availability, however this is of no comfort should the single AD FS deployed server fail. With this is mind AD FS and AD FS Proxy should be deployed using N+1, with load balancing configured between the servers for each role.

2x AD FS 2.0 Server (x64)
2x AD FS 2.0 Proxy Server (x64)
1x Directory Synchronisation (DirSync) Server (x64)

These are the server roles required in a single site only, to provide site resilience the server count is doubled and additional network hardware is required to provide Live-Live load balancing between locations.

The specs for an AD FS, AD FS Proxy and DirSync server vary depending on size of deployment. The Microsoft recommended minimum hardware requirements for the roles are below, add to this licencing and maintenance (support, backup, monitoring) costs for all servers.

Hardware	Specifications
CPU	Dual Quad Core 2.27GHz CPU (8 cores)*
Memory	4 GB
Disk	70 GB (DirSync)

*DirSync minimum CPU starts at 1.6 GHz

What we have done at IMGROUP is provide these roles as a geographically load balanced Cloud service requiring just a secure Virtual Private Network (VPN) connection to a client site containing an existing Active Directory server(s).

Authentication traffic is routed to the closest data centre to the client device, access is brokered in the usual way for Office 365 SSO and access is granted to the service. In the (much simplified) diagram below AD FS is geographically load balanced between DC1 and DC2, if DC1 should fail all traffic is routed to DC2 until service is restored.

Using the economies of scale Cloud provide we can get this up and running in a short time frame, with a low impact to the existing IT staff workload.

We initially built the solution to support our own dispersed work force in the UK, India and New York. We had SSO in the UK, but if it was unavailable our workers in other time zones cloud not access services until someone in the UK had resolved the issue. From the start we identified this would fit the needs of other organisations and have built the robust solution to cater for large and small deployments.

You can request more information via our web site, http://www.imgrouponline.com/services/once.

We have submitted the solution to Microsoft Pinpoint, http://pinpoint.microsoft.com/en-GB/PartnerDetails.aspx?PartnerId=4295517315.

Feel free to add comments, ask a question or contact me directly about this.