Convert Federated Domain to Standard with PowerShell

This is a rather unique scenario that I found myself in recently.  I must admit, tearing down domain federation is infinitely easier than getting it set up!  Anywho, the following details the steps involved in converting a federated Office 365 domain to a managed domain and removing DirSync from Office 365.

1.) Open a PowerShell window as Administrator on a box with the msol cmdlets and connect to your Office 365 tenant

2.) Run the following command to convert the domain to a standard domain

3.) Run the following command to remove DirSync from Office 365


Upgrading Veeam Availability Suite

This is probably this simplest thing ever, but I figured I’d throw it up here in case someone thinks it is harder than it is.

1.) Download the update ISO from the Veeam Website and get that mounted on the box that has Veeam installed.

2.) Run the Setup executable and select Update on Backup & Replication

3.) Select Next, check whether to update remote components or not, select Next again, and finally select Finish.

That’s it!  It really is just that simple.  Follow the same process for Veeam One.

Modifying How Many Machines Non-Administrators Can Add to a Domain

When setting up imaging solutions, it is not uncommon to have a service account for adding machines to the domain.  Naturally, you don’t want this account to have access to anything.  Well non-administrators are only allowed to add 10 machines to the domain, so that puts you in a pickle.  To resolve this we use the ADSI Edit tool as seen below.

1.) Open ADSI Edit from the Administrative Tools or searching for it from Start.

2.) Right click the ADSI Edit option on the left and select “Connect to…”

3.) Leave the default options and select “OK”

4.) Right click your Domain Distinguished Name folder and select “Properties”

5.) On the Attribute Editor tab find the “ms-DS-MachineAccountQuota” attribute.  Set this to whatever you wish, the default being ten, or clear it to make it unlimited.  Select “OK” and you’re done.

Upgrading ConnectWise Control (ScreenConnect) on Ubuntu Server 16.04.3 LTS

ConnectWise released the 6.4 upgrade yesterday and I realized I have not yet done a post on the upgrade process.  It’s rather straight forward, but why not.

1.) Navigate to the ConnectWise Download Page and copy the link address for the latest stable release.

2.) From your shell, run the following command to download the file.  I typically download it to the tmp directory for easy clean up.

3.) Then extract the contents.

4.) Move into the extracted directory and run the script found there.

5.) It will then ask you a few quick questions as seen below.  Answer them and you are done.  Simple!


Automated Imaging using MDT and WDS

Mostly because I’m lazy, I’m not going to do a detailed step-by-step on the installation of Microsoft Deployment Toolkit (MDT) and Windows Deployment Services (WDS).  The installation is pretty simple, just select the options that work for your environment.  Do note that you will need to install the Windows Assessment and Deployment Kit (ADK) on the box that you host MDT and WDS on.  You do not need MDT and WDS on the same box (though it makes life easier), but you do need Windows ADK on the same box as MDT.  I do suggest installing Windows ADK and MDT on a separate partition than your Windows installation to avoid Windows Update issues (because that never happens right?).  Finally, at the time of writing this, I have set this up with Windows ADK 1703 and MDT 8443.

Okay, now on to the good stuff.  I have automated the imaging process down to just requiring the Help Desk technician to select a task sequence (more on those later) and input a computer name.  If you name your machines by serial number (I wish we did) you can skip the latter step and make it a two click operation for them after PXE boot.  Also note that I am not doing any captures, just boot images.  If I were needing to image machines on scale daily, I would definitely take this a step farther and set up a custom install.wim via capture.

Phew, alright now we’ll actually get to the good stuff.  Once you have your MDT Deployment Share set up, you will see a load of options.  Start by right clicking your Deployment Share and selecting Properties.

Select the Rules tab at the top, and then the Edit Bootstrap.ini on the bottom right.  Make the file look similar to what is below, adjusting for your environment.

The DeployRoot option, as one might imagine, just informs where all the resources for the deployment are.  The UserDomain,UserID, and UserPassword options will prevent the technician from needing to enter credentials to access the deployment share at the time of imaging.  Note: This account needs full access to the deployment share.  Make sure you give this account full access at both the share level and NTFS.  The SkipBDDWelcome option skips the welcome screen where it prompts for credentials, not necessary as we put them in the bootstrap.  Once you’re done save and close the file.

Next we’re back no our Rules tab, and you should see some configuration options that you can edit in the window (FYI file is custom.ini).  This is where we really automate things down so the technician doesn’t need to do anything.  I’ll preface by saying that there are a TON of options that you can do here.  This link and this link are good places to start, but you can find all sorts of options.  Below is how I set it up for my organization, but this config will surely vary from environment to environment.

Alright, that’s a lot of stuff.  I’m only going to go through a few of the options, most are self explanatory.  All of the “Skip” options are set so that it skips the on screen prompt during the imaging process.  I am able to do this because I either define them above the “Skip” section if you will, or I define them in the Task Sequence (don’t worry that part is coming up I promise).

For example, I define the time zone at the top of the config so it will pre-populate in the selection menu during imaging therefore I can skip the menu altogether.

Another example is how I skip the domain membership.  This is specific to my environment, as I use this same deployment share for multiple domains.  You can configure a service account here in the custom.ini to join the machine to a specified domain, but you are then limited to that single domain.  Instead, in the task sequence (seriously it’s coming), I have it run a PowerShell script to accomplish the same thing and then have a task sequence for each domain I need.

Cool, now we’re pretty automated.  One thing I like to do, mostly because I like to make things pretty, is customize the background image that is shown during the deployment itself.  To do this, select the Windows PE tab (Windows Pre-installation Environment) and input the path to your image under the Custom background bitmap file.  Apply everything and click OK.

Next we need to import the Operating System that we wish to deploy.  Expand out your deployment share and select operating systems.  I create folders, but you do not have to.  Right click on Operating Systems and select Import Operating System.  Go through the wizard to add the OS files, it’s pretty simple.  This is also where you would import a custom image if you captured one.

At this point,  if you wish to add applications (ex. Office, Adobe Reader, etc.) during your imaging process now is the time to do it.  Right click Applications and select New Application.  I am not going to go into detail on this in this post, but there are plenty of online resources.  See this post about prepping Adobe Acrobat Reader DC for customized deployment.

We have finally reached the point where we talk about Task Sequences!  Let’s just dig in.  Right click Task Sequences and select New Task Sequence.  Set a Task sequence ID and name (comments if you like) and select Next.  Note that these need to be unique to across the deployment share,  no repeats.  Leave the default Standard Client Task Sequence selected and select Next.  Select the OS you imported earlier and select Next.  Enter your product key to activate Windows and select Next.  You can also choose not to specify here and specify in the custom.ini file.  Fill in user information and select Next.  Specify your Admin password or skip and select Next.  Hit Next a few more times and you’ll have a brand new shiny Task Sequence.  Whoot!

Open up the Properties of your new Task Sequence and select the Task Sequence tab.  You can lose yourself in the task sequence options (trust me), but you can also do pretty much anything you can think of.  This is where the true customization in you can come out.  I like things simple, so I just install .Net3 and what not but you can do so so so much more.  The design is pretty intuitive, so just play with it a bit and you’ll have it figured out in no time.  Below is an example of one of mine (remember, I like simple).

Now we need to update our deployment share with all those new goodies that we just configured.  Right click your deployment share and select Update Deployment Share.  I always select the Completely regenerate the boot images option just for the warm and fuzzy feeling.  Select Next a couple times and it will begin.  This will take a while, but once it is done you will have a wonderful new LiteTouchPE_x64.wim file that we can PXE boot to.  Almost there!

Once you have that all done, you’re pretty much done!  If you haven’t already, install the WDS server role.  Basically we’re just using this for the PXE server, so set your DHCP options to point to your WDS box.  Configure the WDS server options as prompted with what works for your environment and then make your way over to the Boot Images folder.  Right click the boot images folder and select the Add Boot Image… option.  Browse to \\YourDeploymentShare\Boot and select the LiteTouchPE_x64.wim file we created a bit ago.  Select Next a few times and give it a name if you want.  I then like to restart the WDS services, again for that warm and fuzzy feeling.

Assuming you configured everything right you’re now good to go!  PXE boot a box and see how it goes.  Happy Imaging!

Customize Adobe Acrobat Reader DC for Automated Deployment

I’ve been doing a lot of optimization work on our imaging process here lately and I came across what I would consider the “proper” way to mass install Acrobat Reader DC with the help of the Acrobat Customization Wizard DC.

1.) Follow this link to download and install the Customization Wizard DC, and then grab the most recent free download of Acrobat Reader DC.

2.) Open Command Prompt as Administrator and browse to where you downloaded the Acrobat Reader DC executable.  Run the following command, subbing in whatever the file name of the download you have is for readerdc_en_xa_cra_install.exe:

3.) This will begin extracting the files that we are going to need. Navigate to %ProgramData%\Adobe\Setup and confirm there is a directory there containing AcroRead.msi.

4.) At this point I prefer to copy the entire directory to a separate location to work with, but it’s dealer’s choice.  Then open your recently installed Acrobat Customization Wizard DC.

5.) Select File -> Open Package… and navigate to your AcroRead.msi file and open it up.

6.) At this point you’re free to make all the changes you wish.  Go through all the options and choose what works best for your environment.

7.) Once you are done, select the Transform option at the top and then the Generate Transform… option.  Name the file what you wish (I usually stick with AcroReadTransform.mst) and select save.

8.) You now have everything that you need to deploy.  Stick the directory with all your files wherever appropriate for your environment and use the following command for silent install with your customization: