Azure AD Connect 1.1 Released with Several New Features

By | February 23, 2016

azure-active-directoryAzure AD Connect 1.1 (formerly DirSync) is now generally available for download. If you’ve been using Azure AD Connect, you’ll want to pay attention to the new features that come in 1.1.

Automatic Upgrade

This is the last time you need to manually upgrade Azure AD Connect. There is a new auto-update feature that will periodically perform upgrades.

More Frequent Synchronizations

In the past, the default sync interval was 3 hours. Now, you can schedule a sync to run as often as every 30 minutes, if desired.

Support for MFA

This is a big one. Previously, accounts that used multi-factor authentication could not be used with Azure AD Connect. This was a huge security risk because the account used by Azure AD Connect had to be a global administrator on your tenant. In the new release, MFA is now supported to better secure your service accounts.

More Flexibility

You can now configure with OUs to synchronize with your tenant during the installation process. Previously, you had to install Azure AD Connect and then later filter the OUs in the Synchronization Service Manager.

You can also modify the user sign-in method after installation now. Previously, you had to choose this during the install of Azure AD Connect and didn’t have the option to modify it later without reinstalling.

New Hotfix: Fix for Slow SCCM Patching and Windows 10 Upgrades on Win7/2008 Clients

By | November 4, 2015

systemcenter_logo_smallKB3102810 has been published by Microsoft to address two issues that are affecting Windows 7 and Windows Server 2008 clients.

  • First issue: Windows Updates run slower than usual when using SCCM for patch management.
  • Second issue: When trying to deploy an in-place Windows 10 upgrade from Windows 7, svchost.exe takes 100% CPU utilization and the upgrade might fail.

This hotfix addresses an SCCM issue but is actually applied to the OS and not the SCCM client. To install the hotfix silently, use the following command:

wusa.exe Windows6.1-KB3102810-x64.msu /quiet /norestart

 

Two Commands to Repair Your Windows Installation

By | October 26, 2015

win10-logoHere are two simple troubleshooting steps to try if your Windows installation has been corrupted or is not functioning properly. These commands work in Windows 8 and Windows 10.

%windir%\system32\sfc.exe /scannow

This command used with SFC.exe is a tool that will scan your system files for corruption and replace them with a cached version if necessary.

%windir%\system32\DISM.exe /Online /Cleanup-image /Restorehealth

This command using DISM.exe will scan your file system for inconsistencies and repair them if possible using Windows Update as a source for binaries. This is a modern version of the System Update Readiness Tool that was available as an update in Windows 7.

Automate Windows 10 In-Place Upgrades From the Command Line

By | September 18, 2015

I recently had a scenario with a client that had no Configuration Manager infrastructure, used Intune to manage workstations, had trouble configuring MDT to support Windows 10 upgrades (there are still several known issues with MDT & Windows 10), but still needed to automate deployment of Windows 10 to end users.

Since the Windows 10 in-place upgrade preserves all files, settings, and drivers, it’s actually pretty easy to script several settings into one line with the available setup switches. Here’s a list of all available command line switches using the Windows 10 setup.

The first step is to copy all of the files from your Windows 10 media to a local or network location. Easy enough.

1

Next, create a batch file that is one folder up from this location. Mine is organized like this:

2

Now, edit the batch file and add a line of code to customize your Windows 10 upgrade. I used the following switches:

start /wait .\Win10\setup.exe /auto upgrade /migratedrivers all /dynamicupdate enable /showoobe none /pkey XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

Once launched, the wizard can be completely automated if you use the proper switches.

3

If you want to deploy this to users, you have a few options. You don’t need to copy all of the setup files to their systems if you have a network drive that they can access. Users have the option to run this command directly from the network location, and then all of the required files for the in-place upgrade will be staged on their local system. You could also deploy a shortcut to a CMD file with the setup parameters to your users’ desktops using group policy.

How to Import Additional Reports in SCCM

By | August 21, 2015

I’d say that the reports that come bundled with Configuration Manager are adequate. Useful, sure, but not as fancy as some other tools that are out there. They provide a great starting point on a robust platform (SQL Server Reporting Services) that is completely customizable, but they can leave a bit to be desired if you’re looking for fancier reports straight out of the box. Unfortunately, I am not an SSRS guru, but here are some great guides out there on how to create custom reports in SCCM if you’re interested in going down that road. Fortunately, people much smarter than me have written their own SCCM 2012 reports and have been generous enough to share their work with the public.

It has been a very common request from clients to implement better reports on my SCCM projects, and I haven’t had a great answer for a while. Everyone needs fancy reports for their VPs to receive in their inboxes, right?

This post is a quick guide on how to import custom reports in SCCM. Specifically, I will be importing the Software Updates Compliance Dashboard created by Gary Simmons for a more graphical report on patching. If you want to find more reports on the Internet, search for files ending in the RDL extension – this is the format SSRS uses.

If you haven’t already, install the Reporting Services Point in SCCM. Follow this guide on Windows-Noob if you need any help with this step.

Find the URL for your Reporting Services server. By default, it’s http://sqlserver/Reports, but you can grab it from Reporting Services Configuration on the SQL server, or you can find it in the SCCM console. Open the URL and ensure that you have access to the reports. You should be able to see the default SCCM reports if it has been set up correctly.

1

Download the reports that you’ll be importing through the web browser interface. In this case, we’re importing the five RDL files for the Software Updates Compliance dashboard mentioned earlier.

2

These specific reports link to each other (and existing out-of-the-box reports) and require a specific directory named “Software Updates Compliance” to be created inside your SCCM reports folder. Do this from the web UI.

3

Once the folder is created, open it, and upload the RDL files.

4

When complete, it will look like this.

5

Some reports will work immediately at this point. For these in particular, a few properties need to be modified inside. Select each report and edit them in Report Editor.

6

Update the Text Box properties in each report to match your own SCCM environment. Right-click the link inside the report and choose the Text Box Properties.

7

Under Action, rename the report path to match your three character site code. This should match the directory inside your SSRS directory. Check each link inside every report that has been imported to ensure that they are working properly.

8

We also need to check to make sure that the report is configured to use your SCCM database as the data source. Delete the current data source under Report Data.

9

Add a new data source.

10

On the general tab, browse for a new source.

11

Choose the data source that is listed in your root SCCM directory in SSRS. This is generated by default.

12

Name the new source “CM” and be sure that it’s highlighted before hitting OK. Save the report when finished.

13

Once this has been completed for all of the imported reports, you’re finished. You should be able to view the reports directly through the report server URL or from the SCCM console. From this point, you can create a subscription to configure how these reports are sent out. Here are some screenshots of the dashboards created by these particular reports:

Servers.png-550x0

SU Information