|Todd Klindt||12/15/2017 4:51 PM||Podcast||0|| |
|Todd Klindt||12/8/2017 11:21 AM||PowerShell; SharePoint 2013; SharePoint 2010; SharePoint 2016||0|| |
I’ve been known to patch a SharePoint server here and there. Once in a while, when I’m on a customer server its Internet Explorer security settings will prevent me from being able to download a patch. I’ll go to my favorite patch list, toddklindt.com/sp2016builds or toddklindt.com/sp2013builds, and pick the patch I want. But when it comes down to getting the patch the IE security settings will prevent me from actually downloading said patch. Sadness ensues. I’ve had to do various dances to get the patches and recently I’ve started leveraging PowerShell more and more to do so. After a conversation with Jason Himmelstein I agreed to publish the PowerShell I use. Jason promised me you wouldn’t laugh. So you can’t laugh.
I also made a video of how to use it.
I packaged this as a function, Get-TKMSKBDownload, and while it’s in a module, you can easily paste it into any existing module file you might already be using.
To use this function download TKDownloadFile.psm1.txt. Remove the “.txt” at the end to rename it to TKDownloadFile.psm1, Rename-Item .\TKDownloadfile.psm1.txt .\TKDownloadFile.psm1. Then Import it into your PowerShell session with Import-Module TKDownloadFile to let it know it’s there.
I have lovingly provided some Help and Examples to help you use it. In trying to address all of the situations where I’ve done this, I made sure the function worked with either details.aspx and confirmation.aspx URLs for the download link.
To use it, go to my patches page and click the Download link for the patch you want. Then copy that URL out of your browser and paste it after the function, like in the example:
Get-TKMSKBDownload -url https://www.microsoft.com/en-us/download/confirmation.aspx?id=56230
It will download the patch into your current directory. It should look like this when it runs:
After the file is downloaded you can run it and patch your SharePoint server.
I won’t paste all the code in this blog post, (download it here) but I do want to highlight a couple of pieces of it. First, this is the line I use to get the direct link to the patch download, where $url is the link from the patches page:
$downloadurl = ((Invoke-WebRequest -UseBasicParsing -Uri $url).links | Where-Object -Property data-bi-cN -Like -Value "click here to download manually" | select -First 1).href
Before I wrote this PowerShell I had a couple of instances where I needed the direct link to the patch. I had had to use the Developer Tools in Chrome to find the URL in the Microsoft Download web page. I was able to use that information to craft the line above. If you’re curious, you can start with the part inside of the parenthesis (Invoke-WebRequest -UseBasicParsing -Uri $url) and see how the page is loaded as an object by PowerShell. There is some interesting stuff in there.
The other part I needed was the name of the file to save. That’s part of the $downloadurl object, so I used this PowerShell to put off the file name, which is everything after the final / character, plus 1 so we don’t get the / itself:
$file = $downloadurl.Substring($downloadurl.LastIndexOf("/") + 1)
With those two pieces of information I’m able to pull the patch down and save it.
Invoke-WebRequest -UseBasicParsing -Uri $downloadurl -OutFile $file
As always, I had a couple of people look this code. Thanks to Shane Young and Jeff Hicks for all of that. Jeff had some great ideas for a v2 of this, like being able to specify a download directory, or backgrounding the download job. All good ideas, but I didn’t want to delay the publication of this blog post to implement them. If I keep using this module I may add them later. If I do, I’ll update this blog post.
Once again, if you’d like to see all of this magic in action, you can watch my HowTo video on YouTube.
|Todd Klindt||12/7/2017 9:49 AM||Podcast||0|| |
|Todd Klindt||12/4/2017 9:40 AM||Podcast||0|| |
|Todd Klindt||11/28/2017 9:31 AM||Podcast||0|| |
|Todd Klindt||11/20/2017 10:42 AM||Podcast||0|| |
|Todd Klindt||11/20/2017 9:20 AM||Podcast||0|| |
|Todd Klindt||11/20/2017 8:56 AM||Podcast||0|| |
|Todd Klindt||10/30/2017 9:09 AM||Podcast||0|| |
|Todd Klindt||10/23/2017 9:20 AM||Podcast||0|| |
|Todd Klindt||10/12/2017 9:57 AM||Podcast||0|| |
|Todd Klindt||10/5/2017 2:08 PM||Podcast||0|| |
|Todd Klindt||10/5/2017 9:14 AM||Podcast||0|| |
|Todd Klindt||9/21/2017 1:23 PM||Podcast||0|| |
Feature Pack 2 is upon us, and in this podcast Todd and Shane tell you what's to love, and what's not to love about it. They also revisit the Equifax breach discussion from last week, and add some additional context to what happened. As if that weren't bad enough, they also discuss the popular cleanup app, CCleaner, and how it has been quietly compromising customer machines for months. They finish up with good news when they talk about Microsoft's On-Prem data gateway, and how it's so easy to use, even Shane can do it.
Subscribe in iTunes
Running Time: 29:06
05:08 Feature Pack 2 for SharePoint Server 2016
14:22 Ccleaner used to spread malware
17:19 Pirate Bay hijacking your browser to mine Bitcoin
20:22 On-Prem Data gateway for Power BI, PowerApps, Microsoft Flow, and Azure Logic Apps
26:01 Microsoft Ignite
26:45 Thrive Conference
27:08 Shane speaking at SoCal User Group
|Todd Klindt||9/14/2017 11:05 AM||Podcast||0|| |
|Todd Klindt||9/12/2017 5:17 PM||Podcast||0|| |
|Todd Klindt||9/11/2017 11:55 AM||Podcast||0|| |
|Todd Klindt||8/24/2017 2:45 PM||Podcast||0|| |
|Todd Klindt||8/23/2017 10:20 AM||Podcast||0|| |
|Todd Klindt||8/10/2017 9:16 AM||Podcast||0|| |
|Todd Klindt||8/7/2017 10:46 AM||Podcast||0|| |
|Todd Klindt||7/27/2017 10:35 AM||Podcast||0|| |
|Todd Klindt||7/25/2017 4:36 PM||SharePoint 2016; Speaking||0|| |
|Todd Klindt||7/21/2017 9:31 AM||Office 365; Hybrid||0|| |
With Shane’s prodding I’ve decided to put some instructional videos out onto YouTube for some of the common tasks people ask us about. I’m trying to break the videos up into small digestible chunks, and because of that some are more exciting than others. This one falls on the “less exciting” side. But it sets the stage for some very cool stuff.
In this video I start slow by just showing how to add your domain, like contoso.com, to your Office 365 tenant. It’s nothing fancy or earth-shattering, but it is the first part of doing much cooler things. Things that I will also immortalize on YouTube for future generations to enjoy.
Add a Domain to Office 365
If you don’t want to miss out on the exciting sequels to this video, subscribe to my YouTube channel. Then you’ll get pestered every time I add something new. Everyone wins!
|Todd Klindt||7/20/2017 3:11 PM||Podcast||0|| |
|Todd Klindt||7/17/2017 12:34 PM||Hybrid; PowerShell||1|| |
I’ve been working with Azure AD Connect (AADC) for a couple of years now. For those of you that haven’t had the pleasure yet, Azure AD Connect is a tremendous piece of software that you install on-prem and it syncs your on-prem Windows Active Directory to your Azure Active Directory or Office 365 tenant. It has come a long way since the old DirSync days. If you’re an IT Pro that has mainly worked with on-prem software like SharePoint and you’re curious where your career is going, this is it. You’re going to have to become an identity expert, or maybe start practicing those grocery bagging skills. Running AADC through its paces is a good way to start your journey into Azure, Hybrid, and Identity.
Azure AD Connect has greatly benefitted from Microsoft’s recent(-ish) move to agile software updates. For well over a year now Microsoft has been slipping out updates to AADC and made significant improvements to it, all the while not breaking anything. An amazing feat! You can see from their Version History page they keep very busy.
At the very beginning of the AADC installation Wizard you encounter a fork in the road; you can do an Express Install, or an Advanced Install. I tell most people, especially people that are new to AADC that Express is a great option. It’s very close to Next –> Next –> Finish and it does a good job getting everything wired up. Later, you can go back and rerun the installation in Advanced mode to tweak anything you need to. It’s very well done. One of the things that the Express installation does is set AADC to automatically upgrade itself when Microsoft publishes its next tasty upgrade. Like I mentioned above, the upgrades have added some great functionality with none of those nasty regressions that we’ve come to fear from upgrades. Unfortunately, until recently, if you chose to do an Advanced install right out of the chute, AADC was not set to automatically upgrade itself. And to make matters worse, that wasn’t necessarily brought to your attention during the install. If you weren’t paying attention, or didn’t know to look, you’d be stuck with that version of AADC forever. How sad!
To address that scenario, and just to give you some control over the upgrade process, I’m blogging the setting. This way you can see what your auto upgrade status is as well as change it if you’d like. Plus it gives you another opportunity to play in PowerShell. Who doesn’t love that?
First log into the machine where AADC is installed and open a PowerShell prompt. It does not need to Run as Administrator. There are two cmdlets that deal with AADC’s autoupgrade status; Get-ADSyncAutoUpgrade and Set-ADSyncAutoUpgrade. Here’s a screenshot to break up the monotonous wall of text:
As expected, we can run Get-ADSyncAutoUpgrade to set what our current status is:
We can see here that AADC is set to automatically upgrade itself with the newest juicy bits that come out. What if we didn’t want that? Maybe we have a migration freeze coming up and updates can be applied. It’s a sad state of affairs, but it happens. To do that we use:
Set-ADSyncAutoUpgrade -AutoUpgradeState Disabled
As a guy that’s used a lot of PowerShell, I find myself wishing this followed the $TRUE / $FALSE structure, but I can work with this. Since there are only three acceptable values (Enabled, Disabled, and Suspended), you can tab complete the cmdlet name, the parameter name, and the value “disabled.” That helps.
Now AADC will not upgrade itself. But does this impact the sync cycles? Not at all. If we run Get-ADSyncScheduler we see that syncs are still happy and scheduled to run as expected.
Once our maintenance freeze is over we can reenable the autoupgrades with
Set-ADSyncAutoUpgrade -AutoUpgradeState Enabled
That’s a much more satisfying feeling than disabling.
In most cases I am afraid of autoupgrading software, but so far AADC hasn’t burned me, so I’ll give it the benefit of the doubt.
|Todd Klindt||7/17/2017 9:26 AM||Podcast||1|| |
|Todd Klindt||7/5/2017 4:02 PM||Office 365||1|| |
Over the last couple of years, my talks have migrated from fewer on-prem SharePoint Server talks, to more Office 365 centric talks. One of the questions I get asked more and more frequently, by admins that are trying to find their place in this new, cloudy, world is, “How can I keep up with all of the changes to Office 365?”
It’s a good question, and one a lot of people are struggling with, especially if they’re used to on-prem administration. As a SharePoint Server admin, updates came out no more frequently than once a month, and even then we were in complete control to when that update was applied to our farms. As our workloads are moving to Office 365 that is thrown completely on its ear. Now updates happen to Office 365 any day of the week. Sometimes they’re turned on for end users, sometimes they aren’t. You just never know. If you don’t know they’re coming, you can’t properly prepare yourself or your user base. Nobody likes that.
So here are a couple of ways to have a fighting chance against unexpected Office 365 updates.
1) Sign up for messages in the Message Center
You have to be a Tenant Admin for this one, but I assume most people reading my blog that aren’t my mom, are tenant admins. The Message center is a place in the Office 365 Portal where you can tell Office 365 which products you care about, and how it can tell you about changes and outages.
You can find this little gem under Health > Message center. The messages deal with outages, updated features, new features, the whole enchilada. In the upper right you can set which products you see messages for. If you’re not using Skype for Business, shut off those messages. The bottom left is where the real gold is. You can have Office 365 email you once a week with that week’s new messages. This is a great way to see what is new if you’ve forgotten to check the Message center. The link at the top middle, “Read about staying on top of Office 365 changes”, takes us to our second tip.
2) Office 365 Roadmap
For a few years the Office 365 Roadmap has been a great way to see what’s on the horizon for your favorite Office 365 property. It not only shows was coming, but what has been delivered and what has been cancelled as well.
3) Microsoft Tech Community
The more things change, the more they stay the same. When I was cutting my teeth as a SharePoint admin back at the turn the century, the place to go for answer was Usenet. Ask your grandparents about it. Today, that same need is met by online forums. The Microsoft Tech Community is the place to go with your cloudy questions. While it’s not specifically a resource for what’s new with Office 365, that does get covered there.
4) First Release
First Release isn’t really a place, First Release is more like a state of mind. First Release lets your tenant, or some of the users in your tenant, see new functionality in Office 365 before it’s released to the entire Office 365 loving world. It’s not a good idea to have your entire Production tenant in First Release, so either only include a few users, or enable it for a test tenant. It’s also important to point out that some things are only rolled out to First Release Users, or First Release Tenants, but not both. They aren’t always in step. Read more about that in Marc Anderson’s blog post.
Of course you can also follow a ton of Twitter accounts to keep up. I’d try to list them all here, but I’d just embarrass myself.
I hope this helps. Let me know if there are any other means you use to keep up with Office 365.
|Todd Klindt||7/5/2017 9:16 AM||0|| |
June and July are always nervous times for me, and I’m not talking about fireworks going off around me. It’s because for the last 11 years July 1st has been when I found out if I was renewed as a Microsoft MVP. This year was no different, though maybe a little worse. Microsoft has been tweaking the MVP program and I never take for granted whether I’ll meet the mark or not.
I’m happy to report that I did in 2016. I was awarded my 12th MVP award July 1st! Being a SharePoint and Office 365 kinda guy my award is in the Office Servers and Services category.
I have met so many great people in the MVP program and I’m honored to be a part of it. Thanks to Microsoft for including me, and thanks to all the people that have helped me out along the way. It means a lot.
|Todd Klindt||6/29/2017 10:12 AM||Podcast||0|| |
|Todd Klindt||6/27/2017 5:38 PM||Podcast||0|| |
|Todd Klindt||6/27/2017 11:35 AM||Podcast||0|| |
|Todd Klindt||6/8/2017 3:42 PM||Podcast||0|| |
|Todd Klindt||5/26/2017 9:22 AM||Podcast||0|| |
|Todd Klindt||5/25/2017 9:13 AM||Speaking||0|| |
As IT Pros our jobs have always been changing, but the rate at which they’re changing now is almost unprecedented. I’m glad I’m wearing my seatbelt. As we make the transition to Office 365 one of our new responsibilities, or a larger responsibility is Security and Compliance. You may have been able to avoid it in the past, but you may not be so lucky in the future.
So where can an on-prem SharePoint admin get a start with it? I’m glad you asked. On Wednesday May 31st, the nice folks at Petri.com are putting on a webinar where Shane Young and I will be talking about the processes and technologies you’ll need to get familiar with. We’ll cover the basics and show you some tools to get you started. And maybe we’ll find some time to make fun of each other too.
How can you get all of this fun and information? Point your favorite web browser at this registration page and you’ll be all set.
I look forward to seeing you.
|Todd Klindt||5/18/2017 10:47 PM||Podcast||0|| |
|Todd Klindt||5/12/2017 5:00 PM||Office 365; OneDrive||0|| |
I’ve been dancing with this girl we call SharePoint for well over a decade, and I swear she gets prettier every day. It has been fun watching Microsoft squash bugs and add functionality to the product along the way. One area that has been particularly satisfying is watching Microsoft address areas where the SharePoint Haters always take jabs at SharePoint. Things like, “SharePoint can’t handle more than 5000 items in a list,” or “You can’t have site collections larger than 100 GB in SharePoint,” or my favorite, “SharePoint Designer is free and users are going to destroy SharePoint with it!” Oh, wait.
OneDrive, Now with More Character
Recently Microsoft has fixed two of the limitations that plagued, character support, and URL length. Last month Microsoft chipped away at the former when they released this blog post, New support for # and % in SharePoint Online and OneDrive for Business. In that blog post they announce that there’s a new API that will allow the use of the characters # and % in file and folder names in SharePoint Online (SPO) and OneDrive for Business (ODFB). In the past these characters were forbidden because they were used for other purposes in HTTP. The # character was used to reference anchors in HTML documents. The % was also busy being how you escaped ASCII characters in URLs. Any SharePoint admin worth their salt is well accustomed to space characters showing up as %20 in URLs like ‘Shared%20Documents.’ Since so much of SPO and ODFB is accessed through URLs, this made using those two characters particularly tricky. But you know Microsoft, they have some smart folks there, they figured it out.
Microsoft has always been stellar with backwards compatibility (sometimes to their detriment) and this is no exception. When this feature rolls out in June 2017 they will do it with a new API, so the old APIs will continue to work as expected. If the tenant was created before June 2017 a Tenant Admin will have to use PowerShell to toggle the SpecialCharactersStateInFileFolderNames parameter to Allowed. After that, file and folder names can include # and %. Site and web names cannot. You’ll also have to have the OneDrive Next Gen Sync Client to sync files and folders with # and % in their names.
This only pertains to OneDrive for Business with SPO and Office 365. It is not for SharePoint Server 2016 on-prem.
ODFB Office 365
URL Size Matters… Less…
Another place that SharePoint got its nose bloodied was URL length. For most cases it was enough, but every once in a while it would bite people, like during upgrades. Last week Microsoft, hot off their victory against those rascals # and %, announced they are bumping the maximum path limit in SharePoint Online and ODFB from 256 characters to 400! That’s an increase of over 50%! And this 400 character limit does not apply to the query parameters at the end. Since SharePoint Online doesn’t have any the ability to add managed paths, I’ve seen people get creative with site collection names. Now they can use those extra 144 characters to get extra creative.
This is also only for SharePoint Online.
ODFB Office 365
There are more great OneDrive improvements to blog. I’ll get to them next week.
|Todd Klindt||5/11/2017 11:39 AM||Podcast||0|| |
|Todd Klindt||5/8/2017 3:16 PM||Podcast||0|| |
|Todd Klindt||4/18/2017 11:15 AM||Podcast||0|| |
|Todd Klindt||4/17/2017 9:29 AM||Podcast||0|| |
|Todd Klindt||4/14/2017 5:03 PM||OneDrive||0|| |
As anyone that listens to my podcast knows, I’m a fan of both the Consumer and For Business versions of OneDrive. I use it for a lot of my personal file syncing as well as with several Office 365 tenants, both production and test. Some of that is Production, some of it is with demo tenants. In the last couple of months I’ve stumbled across an unbelievable gap in the product, you can’t delete a OneDrive for Business (ODFB) account that you can’t log in to from the Windows Next Gen Sync Client. (NGSC).
You can delete OneDrive (consumer) accounts. And you can delete a ODFB account if you’re logged into it. Both of those show up on the Accounts tab of the Sync Client Settings page. But if you can’t log into the Office 365 account you’re syncing to, you can’t delete it. It’s stuck in this weird purgatory where the folders still show up in Explorer, but the blue icon for the account doesn’t show up in the system tray. It’s very confusing.
I’ve been trying to figure out how to delete some stale accounts for a while and it was inconceivable to me that that wasn’t possible. Today, I finally swallowed my pride and reached out for help. I tweeted the official (pronounced “Oh-FISHeeal”) OneDrive Twitter account. If they can’t help me, no one can. They have a blue check mark! This was their response:
I can’t find it because it’s not there! But, they do offer a solution, we can vote for this feature (really, deleting an account is a “feature”) on User Voice. It doesn’t cost anything but your time, and each vote you cast will bring me closer to my nirvana of being able to purge all the unused ODFB folders from my PC.
Vote early, vote often.
Thanks for your support.
|Todd Klindt||4/14/2017 10:18 AM||Speaking||0|| |
Over the years I’ve had the fortune to hang out with some of the best and brightest people in my industry. I’m happy to report that trend is continuing. I will be speaking at Office 365 in Haarlem, Netherlands June 19-22 2017. This conference is such a big deal they even made me these fancy banners to put on my web site:
Isn’t that fancy! If you’d like to go to Office 365 you can use SPRTK483 as a discount code to get 10% off the price of admission.
While I’m a SharePoint and Office 365 kinda guy, there are a bunch of great technologies being covered here. There are experts in Azure, Exchange, SharePoint, Office 365, both in Infrastructure and Development. If you work on Microsoft technologies, there is someone here you can learn from.
I’ll be doing two sessions, Mastering PowerShell with Office 365 and Beginning Azure AD Identity for SharePoint and Office 365 Administrators. Both classes will be chock full of useful content you can put to work right away. Both sessions also have deeper follow-up sessions by other speakers so you can dig in deeper if you’d like.
So, consider coming to Office 365 Engage, and if you do, please come find me and introduce yourself. I love meeting new people.
|Todd Klindt||4/12/2017 4:42 PM||Podcast||0|| |
|Todd Klindt||4/11/2017 10:49 PM||PowerShell||0|| |
Are you a SharePoint or Office 365 admin that wants to take their PowerShell mojo up another step? Are you a Windows admin that knows they need to master PowerShell but don’t know where to start? Are you someone with a lot of time on their hands and want to spend some of their employer’s training budget? Have I got good news for you! Shane and I are putting on two 90 minute PowerShell classes on Thursday April 20th. Shane will take the first session where he’ll cover how to get PowerShell set up exactly the way you’d like as well as a foundation of the core cmdlets you should know and love. He’ll also help you understand PowerShell scripts that you
steal learn from on the web.
Then I take the wheel for part 2. I’ll cover looping techniques to help you make the most of those delicious objects that PowerShell serves up for us. Next I’ll move on to how to deal with a variety of files, both writing to and reading from. I show you how to write your first scripts and how to securely deal with passwords. For my big finale I’ll show how to do some basic Active Directory tasks.
I know, I know, this seems like a lot to take in in two 90 minute sessions. To help out with that we’re going to record both sessions and make them available for 30 days. We’re also going to provide each student a file with all the examples we run during the class. And of course you’ll be able to ask questions like during the class and you’ll get to enjoy all the Shane and Todd banter you can stand. Shane will also autograph any undergarments that are requested.
Each of these sessions are only $99 each. You can sign up today at BoldZebras.com.
|Todd Klindt||3/31/2017 3:11 PM||Podcast||0|| |
|Todd Klindt||3/24/2017 8:13 AM||Podcast||0|| |
|Todd Klindt||3/10/2017 9:22 AM||Podcast||0|| |
|Todd Klindt||3/2/2017 8:50 AM||Podcast||0|| |
|Todd Klindt||2/23/2017 9:00 AM||Podcast||0|| |
|Todd Klindt||2/20/2017 1:23 PM||Podcast||0|| |
|Todd Klindt||2/17/2017 10:56 AM||SharePoint 2016; SharePoint 2013; Office 365||0|| |
A rolling stone gathers no moss (see what I did there?) and I’m not letting myself get fat and lazy during my unemployed stretch. After drowning my sorrows in a pint of Ben & Jerry’s Chunky Monkey, I put on my good sweatpants and went right back to work. Shane and I, after watching funny cat videos for a couple of hours, decided what the world needed was a SharePoint 2013/2016 & Office 365 admin class taught with that Todd and Shane panache that has been loved from sea to shining sea.
We will be teaching this class, our SharePoint Server 2013 and 2016 Administrators class + Cloud overview March 20th through the 24th 11:00 to 2:30 EST, with a lunch break in the middle. The class will be taught live, so you’ll be able to stump Shane as much as you’d like. It will also include Hands On Labs for your puttering around pleasure. All of this training is online, so you can learn and stay in your Iron Man jammies. I know that’s what I’ll be wearing.
All of this can be yours for a mere $1200 USD. You can sign up here.
If you have questions, hit me up on Twitter or email me at email@example.com.
See you then,
|Todd Klindt||2/13/2017 7:37 AM||0|| |
As of last week, I am no longer at Rackspace. It was a great 5 year run, and I look back on them fondly. I made a ton of great friends, and learned so much. But, it’s time to move on…
I’ve gotten a ton of support from everyone, and that has really helped. Thanks a lot.I’m not sure what’s next for me. I’m still weighing my options. You can always reach out to me on Twitter, LinkedIn, or email me at firstname.lastname@example.org, (replace firstname with my first name) if you have suggestions on what I should do next. Getting out of the IT field at working at Wendy’s is a valid suggestion, and one I’ve received multiple times during my career.
I do have good news. The Podcast will continue. You’re not getting rid of Shane and I that easily. I will also be sullying the stage at SPTechCon in Austin in April. If you’re there, stop in and say, “howdy.” Also feel free to offer to buy my lunch, or give me some gas money.
|Todd Klindt||2/12/2017 9:58 AM||Podcast||0|| |
|Todd Klindt||2/3/2017 2:23 PM||Podcast||0|| |
|Todd Klindt||1/26/2017 1:51 PM||Podcast||0|| |
|Todd Klindt||1/23/2017 2:47 PM||Podcast||0|| |
|Todd Klindt||1/17/2017 4:06 PM||Office 365; PowerShell||0|| |
I love blog posts like this. PowerShell and Office 365, two of my favorite tastes, all rolled up into one. This particular blog post is not groundbreaking, but it’s fun. I’ve recently set up a few Office 365 tenants, and part of that is adding one or more custom domains. Of course you can use the Office 365 Admin Portal to do that, and there’s no shame in that. (Well, maybe a little) But if you want to take your Office 365 Admin game up another level, you can do all of that with PowerShell. I’ll show you how in this blog post.
Getting the Module and the Domain
You need to make sure you have the correct Azure PowerShell module installed before you can take advantage of any of the goodness in this blog post. When I wrote this blog post, I was using version 188.8.131.52 of the MSOnline module. If you don’t have it installed, you can watch Shane’s crappy video walkthrough on installing it. Time marches on, and it marches double-time in the cloud. So while I assume these steps will work later versions of the module, I can’t guarantee that.
To add a domain to your Office 365 tenant, you’ll obviously need a domain. It doesn’t matter where you register the domain, as long as you have the ability to add DNS records. Microsoft does have a deal in place with GoDaddy, so getting your domain there does have some advantages.
Adding the Domain
Once you have the module installed, and the domain purchased it’s time to open up PowerShell and make some magic. Open up “Microsoft Azure Active Directory Module” to get the party started. I christen every PowerShell session with a heaping helping of Start-Transcript, so do that first. Then use Connect-MsolService to connect to your tenant. If you haven’t already added a custom domain to your Office 365 or Azure tenant, then you’re likely logging in with a username that looks like email@example.com, where sometenant is your tenant name, and someone is a tenant admin for that tenant. To get the landscape of the domains in your tenant, use Get-MsolDomain. It looks like this:
Once you’ve confirmed the domain you want to add isn’t already there you can use New-MsolDomain to add it. The command I ran was
New-MsolDomain -Name "toddsblog.com"
It might seem like that should be enough. The domain is added, Ta-Da! If that was the case, this would be a very short blog post. We still have a couple of steps left. I have to prove to Microsoft that I own toddsblog.com. Maybe toddsblog.com is Todd Rundgren’s blog, or maybe Todd Bridges. Who knows? To verify that I am truly the Todd behind toddsblog.com, I have to make a specific DNS entry that Microsoft tells me to add.
Before I can add the correct DNS entry, I need to know what it is. The Get-MsolDomainVerificationDns gives me that value. We have two options, we can create a TXT record, or an MX record. Since I’m not moving the mail for toddsblog.com over to Office 365 right now, I went with the TXT record. If I was moving mail in the short term, I would have went for the MX record instead, and saved myself the step of adding it later. To get the TXT record I need, I ran this command:
Get-MsolDomainVerificationDns -DomainName toddsblog.com -Mode DnsTxtRecord
Here is the output I received:
I used GoDaddy’s domain management tool to add this record. While the label in the screenshot says “toddsblog.com” I really needed to add a record for @, which tells DNS clients “this domain.” It looked like this:
DNS takes its time to move around the Internet, and it gets cached a lot of places along the way. To improve the chances that Microsoft gets the new record, I used nslookup to query a major DNS provider, Google, and make sure it was there:
nslookup -type=TXT toddsblog.com 184.108.40.206
I got the output I expected:
The final step is telling Microsoft to check that we made the entry, and made it correctly. Let’s see what happens:
Confirm-MsolDomain -DomainName toddsblog.com
The output looks like I did it right.
Let’s check our list of domains again with Get-MsolDomain
More good news. And finally, in the UI:
The domain shows up as “Setup in progress” because I haven’t added all the DNS records Office 365 needs to send email and stuff like that. The domain is still good though. I can assign that domain to users. It’s fully functional.
To recap, here was the whole process:
New-MsolDomain -Name "toddsblog.com"
Get-MsolDomainVerificationDns -DomainName toddsblog.com -Mode DnsTxtRecord
Confirm-MsolDomain -DomainName toddsblog.com
The other stuff was just fun fluff.
I hope this helps, and encourages you to get your PowerShell on when working with Office 365 and Azure.
|Todd Klindt||1/16/2017 2:28 PM||Podcast||0|| |
|Todd Klindt||1/9/2017 9:57 AM||0|| |
|Todd Klindt||12/29/2016 3:17 PM||Podcast||0|| |
For the last podcast of 2016 Todd and Shane go off script talk and do something original, they talk about what's happened in 2016 and give their take on it. They talk about football (American football that is), what constitutes a Christmas movie, and mall riots. They spend a little time talking about the tech stories of 2016, like the iPhone, some more about the iPhone, the Galaxy Note 7, hacking, and cars that will drive Shane to Chick-Fil-A any time he'd like.
Another blatant shoutout for Todd's Birthday Charity drive at http://pointgowin.com/tkcharity
Subscribe in iTunes
Running Time: 59:09
Brought to you by Rackspace
|Todd Klindt||12/21/2016 5:11 PM||Podcast||0|| |
|Todd Klindt||12/19/2016 8:57 AM||Podcast||0|| |
|Todd Klindt||12/8/2016 4:07 PM||Office 365; PowerShell||0|| |
I’ve been working on a blog post about the script I use to license users inside of Office 365. It’s a doozy. You’re going to love it, I promise. As a rule, I have someone proof read all of my blog posts, especially ones that have PowerShell code in it. For those of you that have read any of my blog posts, that might come as a shock, but it’s true. When Shane was testing my code he kept getting errors. In this case, I just chalked it up to his ineptitude, which is the source of many of his troubles, so I blew him off. I had tested the crap out of this PowerShell script so I trust it more than I trust Shane.
But a couple of days ago I was running my trusty script and I got the error. Now stuff was getting serious! Here’s the code I ran:
PS C:\> $lic1 = "MOD873457:ENTERPRISEPREMIUM"
PS C:\> $user = "alonso@MOD873457.onmicrosoft.com"
PS C:\> Set-MsolUserLicense -UserPrincipalName $user -AddLicenses $lic1
Here’s the very unpleasant response that PowerShell gave me:
Set-MsolUserLicense : Unable to assign this license because it is invalid. Use the Get-MsolAccountSku cmdlet to retrieve a list of valid licenses.
At line:1 char:1
+ Set-MsolUserLicense -UserPrincipalName $user -AddLicenses $lic1
+ CategoryInfo : OperationStopped: (:) [Set-MsolUserLicense], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.InvalidUserLicenseException,Microsoft.Online.
I did like it suggested, and sure enough the SKU was legit:
PS C:\> Get-MsolAccountSku
AccountSkuId ActiveUnits WarningUnits ConsumedUnits
------------ ----------- ------------ -------------
MOD873457:ENTERPRISEPREMIUM 25 0 1
MOD873457:PROJECTPREMIUM 25 0 0
Here is my failure in pictures
It turns out that Shane is not an idiot. Well, if he is, this is not an example of it. It’s just a poor error message. While the error says the license is invalid, it’s really not. It threw that error because that user already had that license.
We can verify that with this command:
(Get-MsolUser -UserPrincipalName $user).licenses
The output looks like this:
Unfortunately there’s no good way that I know of to tell why you’re getting that error, or walk through a user’s existing licenses and see if it’s already applied. It can be done, but it’s ugly text parsing. If I figure out something elegant, I’ll let you all know.
After much swearing and figuring this out on my own, I did find one vague reference to it in Microsoft’s
Assign licenses to user accounts with Office 365 PowerShell document.
Not helpful, Microsoft, not helpful.
|Todd Klindt||12/8/2016 1:45 PM||Podcast||0|| |
|Todd Klindt||12/2/2016 1:53 PM||Podcast||0|| |
|Todd Klindt||12/1/2016 10:03 AM||Podcast||0|| |
|Todd Klindt||12/1/2016 9:50 AM||Podcast||0|| |
|Todd Klindt||12/1/2016 9:39 AM||Podcast||0|| |
|Todd Klindt||11/3/2016 5:17 PM||Podcast||0|| |
|Todd Klindt||10/31/2016 2:58 PM||Podcast||0|| |
|Todd Klindt||10/31/2016 9:45 AM||Podcast||0|| |
|Todd Klindt||10/17/2016 2:59 PM||PowerShell; Office 365||0|| |
It’s been a while since I’ve gotten a chance to get my hands dirty with some good old PowerShell and last week I got that opportunity. Here is the whole fabulous tale.
A customer wanted some helping scripting out their migration to Office 365. They already had directory synchronization set up between their Windows AD and Azure AD. They are slowly rolling out Office 365 to their users, 10 or 20 at a time, and they are rolling out the services gradually. They’re starting with SharePoint Online. They’ll eventually migrate to Exchange Online, and of course they’ll never use Yammer. Since they’re doing it in batches, PowerShell is the perfect tool to license up their users, but there was a snag. Adding a license to a user in PowerShell is easy, and it’s easy to apply individual license service plans to a user in the UI, but it’s not easy to do service plans in PowerShell, until today.
Here is what the customer was trying to do:
We’re all familiar with using Set-MsolUserLicense to assign licenses to users. The problem is that it assigns all the service plans to the user. In our case we don’t want the user to be licensed for Exchange or Yammer, among other things. Figuring out how to combine the flexibility of the UI, with the the looping and scriptablity of PowerShell is what we’re after.
Fortunately, PowerShell had the answer for us. With very little work I discovered the New-MsolLicenseOptions cmdlet. This does exactly what I was looking for. However, using it was a little tricky, so I thought I’d write it up.
The first step is to license one user in the UI exactly how you want all of your users to be licensed. We will essentially use this as a template. In our case, the screenshot above is our template. We will use PowerShell to see how that user is configured. I used this command:
(Get-MsolUser -UserPrincipalName EnricoC@MOD873457.onmicrosoft.com).licenses
This gave me all the licenses that user has. We can use Get-MsolAccountSku to see which licenses are which, but we need to drill down one level deeper. We need to discover the service plan names of the Enterprise SKU. From the screenshot above we can see that it’s the first license listed. Because these lists are zero based, the first one is 0 and we get to it like this:
(Get-MsolUser -UserPrincipalName EnricoC@MOD873457.onmicrosoft.com).licenses.servicestatus
And it looks like this:
We can see the Service Plans that show as disabled are the same ones that are off in our first screenshot. More importantly it gives us the Service Plan names that PowerShell will need to use when setting our options. Here is how we set the options:
$opts = New-MsolLicenseOptions -AccountSkuId MOD873457:ENTERPRISEPREMIUM –DisabledPlans “LOCKBOX_ENTERPRISE","EXCHANGE_ANALYTICS","YAMMER_ENTERPRISE","EXCHANGE_S_ENTERPRISE"
Now that we have that, we can license our users in the normal way with one additional step to set the options.
For completeness, here is the whole process. We have to set the user’s region, then apply the license, then apply the options for that license.
Set-MsolUser -UserPrincipalName BrianJ@MOD873457.onmicrosoft.com -UsageLocation US
Set-MsolUserLicense -UserPrincipalName BrianJ@MOD873457.onmicrosoft.com -AddLicenses "MOD873457:ENTERPRISEPREMIUM"
Set-MsolUserLicense -UserPrincipalName BrianJ@MOD873457.onmicrosoft.com -AddLicenses "MOD873457:ENTERPRISEPREMIUM" -LicenseOptions $opts
And in pictures…
and more pictures:
As I was testing this, I had better luck if I applied the license as a whole before I tried to add any options to it. And if Office 365 doesn’t like the values you put in for the license options, it will tell you when you assign the license to the user, not when you create the $opts variable with New-MsolLicenseOptions.
We now have a way to mass license users with specific functionality, and we also know how later on we can go through and toggle an individual service, like Exchange, once the company moves over to it.
Now you can amaze your coworkers once again with your PowerShell prowess.
|Todd Klindt||10/14/2016 2:52 PM||Podcast||0|| |
|Todd Klindt||10/13/2016 9:17 AM||SharePoint 2016||0|| |
A couple of weeks ago at Ignite Jeff Teper announced that in November we SharePoint admins would have even more to be thankful for than a belly full of turkey and mashed potatoes. Feature Pack 1 for SharePoint 2016, originally promised to us in 2017, will actually be out in November of 2016. Hooray!
I’ll have a larger write-up on Feature Pack 1 in general, but one of the biggest parts of the FP1 package is the improvements to MinRole. Those improvements deserve an entire article all to themselves. So, I wrote one. For my friends at Petri.com. You can read all about it here:
Read it. Like it. Share it with your friends.
|Todd Klindt||10/10/2016 1:34 PM||Podcast||0|| |
|Todd Klindt||10/3/2016 2:15 PM||Podcast||0|| |
|Todd Klindt||10/3/2016 2:05 PM||Podcast||0|| |
|Todd Klindt||9/19/2016 3:35 PM||Podcast||0|| |
|Todd Klindt||9/12/2016 10:23 PM||Speaking||0|| |
In a couple of weeks I’ll be hanging out at Microsoft Ignite in Atlanta. If you read this blog and will be at Ignite stop by and say “Hi.” Here’s a schedule of my sessions and events.
Precon session – SharePoint Server 2016 Upgrade and Operations Deep Dive
Sunday, September 25 – 9:00 – 5:00
This is an all day Preconference session with some of the smartest people in SharePoint world, and me. :) Join Neil Hodgkinson, Bill Baer, Spencer Harbar, Troy Starr, Bob Fox, Archana Aditi, and me for a full day of SharePoint admin goodness. This session is not included with a regular Ignite registration. It costs extra.
BRK 3033 - Dive into Microsoft SharePoint Server 2016 Upgrade and Migration
Tuesday, September 27 - 10:45am - 12:00pm
Jason and I walk you through upgrading your SharePoint farm to SharePoint 2016.
BRK 3035 - Deploy and provision best practices with Microsoft SharePoint Server 2016
Thursday, September 29 - 12:30pm - 1:45pm
Do you want to install SharePoint 2016 without screwing it up? Then join Jason and I for this session where we cover performance, topology, and some very poor jokes.
I will be at the Rackspace booth hanging out and chatting with folks. Swing by and say hi. If I’m not there, have one of my fellow Rackers give me a call.
I will also be putting together a breakfast get together. Once I get that nailed down I’ll update this blog post. Stay tuned.
See you in Atlanta.
|Todd Klindt||9/8/2016 10:58 AM||Podcast||0|| |
|Todd Klindt||9/2/2016 11:49 AM||Podcast||0|| |
|Todd Klindt||8/22/2016 3:28 PM||Podcast||0|| |
|Todd Klindt||8/22/2016 2:35 PM||Podcast||0|| |
|Todd Klindt||8/15/2016 2:14 PM||SharePoint 2016; Podcast||0|| |
|Todd Klindt||8/5/2016 8:25 AM||Podcast||0|| |
|Todd Klindt||8/2/2016 10:57 AM||Podcast||0|| |
|Todd Klindt||7/9/2016 10:27 PM||Podcast||0|| |
|Todd Klindt||6/30/2016 10:56 AM||Podcast||0|| |
|Todd Klindt||6/10/2016 2:46 PM||Speaking||0|| |
SPTechCon Boston 2016 is almost upon us. For your sanity, and mine, I thought I’d blog where I’ll be and when, so our paths can cross if you’re in town.
Tuesday, June 28th – 4:00 to 5:15 PM
Upgrading to SharePoint 2016
Wednesday, June 29th – 8:15 to 9:30 AM
PowerShell with SharePoint Online
Wednesday, June 29th – 9:45 to 10:30
Stump the Experts!
Wednesday, June 29th – 4:00 to 5:15 PM
Configuring Active Directory Replication with Azure AD
Wednesday, June 29th – 7:00 to 9:00 PM
Office 365 User Group Panel
I hope to see you there. If you’re at SPTechCon, please look me up and say “Hi.”
|Todd Klindt||6/10/2016 10:22 AM||Podcast||0|| |
Ignore this blog post. It’s me testing an IFTTT recipe to automatically send a tweet when I post a podcast. Ain’t automation grand?!
|Todd Klindt||6/10/2016 10:13 AM||Podcast||0|| |
|Todd Klindt||5/31/2016 9:39 AM||SharePoint 2016; SharePoint 2013||0|| |
My guess it’s not your birthday and there are no major gift giving holidays coming up, but even with those restrictions I have a gift for you, a free webinar on SharePoint 2016 Upgrade with me. I would be remiss if I didn’t give a little of the credit to the find folks at Acceleratio, the makers of the everyone’s favorite SharePoint admin tool, SPDocKit. I made a deal with them, they do all the hard work and I take all the credit. So far it’s working out great.
What will we be talking about? I’m glad you asked. Here’s the abstract I sent them:
SharePoint 2016 is upon us. If you haven’t started already, now is the time to start planning and testing your upgrade. In this webinar Todd will tell you what upgrade options you have going to SharePoint 2016 and how to plan your new SharePoint 2016 farm. Then he’ll walk through the upgrade process and show you what to expect. By the end of this webinar you’ll have a confident understanding of what it will take to upgrade your farm to SharePoint 2016, and you’ll be ready to get out there and start upgrading SharePoint!
Again, this is completely free, and I promise you’ll get your money’s worth. You can register here. I hope to see you there.
|Todd Klindt||5/26/2016 11:29 AM||Podcast||0|| |
|Todd Klindt||5/26/2016 10:38 AM||Podcast||0|| |
|Todd Klindt||5/25/2016 1:31 PM||Podcast||0|| |
|Todd O. Klindt||5/9/2016 2:34 PM||Podcast||0|| |
|Todd O. Klindt||5/9/2016 2:29 PM||Podcast||0|| |
|Todd O. Klindt||5/9/2016 2:24 PM||0|| |
|Todd O. Klindt||5/9/2016 2:17 PM||Podcast||0|| |