Exam AZ-102: Microsoft Azure Administrator Certification Transition

Recently passed the 70-533 exam and earned a MCSE. Now I’m studying for the transition exam AZ-102 (expiring March 31, 2019), which would give me the Azure Administrator Associate badge. In this post I will give a short description on which methods I used to pass AZ-102.

The resources I used were:

The exam is broken into 8 sections:

    1. Manage Azure Subscriptions and Resources (5-10%)
      • May include but not limited to: Configure diagnostic settings on resources; create baseline for resources; create and rest alerts; analyze alerts across subscription; analyze metrics across subscription; create action groups; monitor for unused resources; monitor spend; report on spend; utilize Log Search query functions; view alerts in Log Analytics
    2. Implement and Manage Storage (5-10%)
      • May include but not limited to: Create Azure file share; create Azure File Sync service; create Azure sync group; troubleshoot Azure File Sync
    3. Configure and manage virtual networks (15-20%)
      • May include but not limited to: Create and configure VNET peering; create and configure VNET to VNET; verify virtual network connectivity; create virtual network gateway
      • May include but not limited to: Configure Azure DNS; configure custom DNS settings; configure DNS zones
    4. Manage identities (15-20%)
      • May include but not limited to: Add custom domains; configure Azure AD Identity Protection, Azure AD Join, and Enterprise State Roaming; configure self-service password reset; implement conditional access policies; manage multiple directories; perform an access review
      • May include but not limited to: Install and configure Azure AD Connect; configure federation and single sign-on; manage Azure AD Connect; manage password sync and writeback
    5. Evaluate and perform server migration to Azure (15-20%)
      • May include but not limited to: Discover and assess environment; identify workloads that can and cannot be deployed; identify ports to open; identify changes to network; identify if target environment is supported; setup domain accounts and credentials
      • May include but not limited to: Migrate by using Azure Site Recovery (ASR); migrate using P2V; configure storage; create a backup vault; prepare source and target environments; backup and restore data; deploy Azure Site Recovery (ASR) agent; prepare virtual network
    6. Implement and manage application services (5-10%)
      • May include but not limited to: Create and manage objects; manage a Logic App resource; manage Azure Function app settings; manage Event Grid; manage Service Bus
    7. Implement advanced virtual networking (5-10%)
      • May include but not limited to: Monitor on-premises connectivity; use network resource monitoring and Network Watcher; manage external networking and virtual network connectivity
    8. Secure identities (5-10%)
      • May include but not limited to: Enable MFA for an Azure tenant; configure user accounts for MFA; configure fraud alerts; configure bypass options; configure trusted IPs; configure verification methods; manage role-based access control (RBAC); implement RBAC policies; assign RBAC Roles; create a custom role; configure access to Azure resources by assigning roles; configure management access to Azure

If you can answer (and know the reason behind the answer) the following questions regarding Azure, you should be ready to take the AZ-102 exam. For each question I will provide a link to the answer. There might be more than one correct answer to a question, but the questions link points to which tool or technology you should know about in order to pass.

Read More

PowerShell – Get all SharePoint pages in a site collection

If you need to get all pages (.aspx) within a site collection, I have created a small script. The script enumerates through a site collection (sub-sites included) and retrieves all .aspx pages.
Before executing the script there are some requirements:

  • You need to be administrator on the site collection.
  • Install the PnP PowerShell module for SharePoint (the script was tested with SharePoint Online).

There are 3 variables you need to modify on line 32 (site collection URL), 33 (SharePoint root URL), 34 (username) and 35 (password).
The script will generate a report (when finished) on the desktop of the user running the script containing the URL, author and last modified date of the page.

PowerShell – Set the account profile picture from Azure AD

If you ever need to set the local Windows user account profile pictures from Azure AD, you can use the following script.

The script leverages the Graph API through a service principal (app) in Azure AD. There is some requirements before running the script:

You can run the script “manually” or deploy it with Azure Intune. You can run the script under your own or with the “nt authority\system” account. Just be sure that the account have access to write to the following registry path “HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AccountPicture\Users” and it child objects.

The only thing you need to change in the script is three variables (line 43, 44 and 45) for the Azure AD app information.

Here is a basic walk through of what the script actually does:

  1. Create folder structure in “C:\Scripts\ProfilePicture” to store pictures, script and logs. The folder path can be changed to your liking on line 33, 34 and 39.
  2. Start transcript logs to “C:\Scripts\ProfilePicture\Logs\”.
  3. Get the access token for Graph API.
  4. Get user information (UPN, Username and SID) that have already logged in to the local device.
  5. Download user profile photo for each user in “C:\Scripts\ProfilePicture\Data\”.
  6. Sets registry keys to use the downloaded photo for each user.
  7. Create a task schedule (if it doesn’t exist) so it updates any picture change in Azure AD.
  8. Copy the script to location “C:\Scripts\ProfilePicture”.

You may need to compile the code into an executable, this will disguise the client secret used to retrieve the profile pictures. One way of turning a PowerShell script into an executable is to use this script, but remember to change the schedule task in the code to point to the .exe file instead of the .ps1 before compiling.

 

PowerShell – Get all nested groups for a user in Active Directory

Ever needed to get all nested groups a user belongs in Active Directory?

 

SharePoint – Get all terms/keywords from the taxonomy store

Yesterday I publish an article how to replace/add keywords on documents. But one of the requirements was that you needed the ID of the term you want to find and add/replace. So yet again I created a small function that allows you to return all terms from the store.

You still need the PnP SharePoint cmdlets, which you can download here.

SharePoint – Adding keywords to documents with PowerShell

Ever needed to replace or add keywords to documents in a SharePoint site?
Recently I was in charge of migrating site collections from a on-premise environment to SharePoint online.

After the migration we needed to replace a certain taxonomy keyword on all documents. So I created a small PowerShell function to facilitate the company to do so. The function takes 5 parameters:

  • Url
    • URL to the site collection.
  • Credential
    • Credentials to contact the site collection.
  • TermGuid
    • The guid of the keyword that you want to find.
  • AddTermGuid
    • The guid of the new keyword you want to add/replace.
  • Replace (switch)
    • If this switch is set, it will substitute TermGuid with AddTermGuid

In order for the function to work you need to download the SharePoint PnP cmdlets here.

You are able to get the SharePoint taxonomy keyword GUID through the Get-PnPTerm cmdlet, find more information here.

Exam 70-743 – Upgrading Your Skills to MCSA: Windows Server 2016

I have been studying for the 70-743 exam (upgrading from MCSA: Windows Server 2012) for the past 6 weeks, and was able to pass it with a decent score 817 (min. passing score is 700).
In order for me to pass, I used differrent study materials such as books, videos and websites.

If you are on the same journey, I’m providing a study guide of which resources I used, and which questions you will need to answer right of the bat for you to pass.

Read More

Exchange – Add nested group recipients to parent resources

Do you have nested groups within Exchange resources such as distribution groups, shared mailboxes, rooms or equipment?

If you have, you have come to the right place. I have created a script that extracts all nested group members of a resource, and add it directly to the resource instead.

The script works in both on-premise and Exchange Online.

Before you can run the script, you need to have access to the following:

  • Access to on-premise and/or Office 365 environment as a administrator.
  • Have the AzureAD and Active Directory PowerShell module installed.

Read More

Tutorial – Deploy Always On VPN

Always On VPN provides a single, cohesive solution for remote access and supports domain-joined, non-domain-joined (workgroup), or Azure AD–joined devices, even personally owned devices. With Always On VPN, the connection type does not have to be exclusively user or device but can be a combination of both. For example, you could enable device authentication for remote device management, and then enable user authentication for connectivity to internal company sites and services.

The purpose for this guide is to demonstrate how to deploy the Always On feature easily. In this guide we will deploy the following platforms primarily using PowerShell where possible:

  • Active Directory (AD DS)
  • DNS
  • Certificate Authority (AD CS)
  • DHCP
  • Routing and Remote Access Service (RRAS)
  • Network Policy Server (RADIUS)

It will not be demonstrated how to install Windows Server or Windows 10 operating system.

Do not attempt to deploy Remote Access on a virtual machine (VM) in Microsoft Azure. Using Remote Access in Microsoft Azure is not supported, including both Remote Access VPN and DirectAccess.

Read More

PowerShell – Add an item to a list in SharePoint through REST

Need to add a item to a list in SharePoint with PowerShell?

I have create a small function that allows you to use the REST API in SharePoint to create a list item.