Stretch Database “stretchs” on premise data to the cloud. This simple pattern and approach allows for ready access to cold data, no changes to queries while keeping data secure on premise, in the cloud and even during migration.

There have been many excellent blogs already about Stretch Database, some of them here and here. In the newer versions of SQL Management Studio (SSMS), there are many options on how to administer the Stretch functionality. The purpose of this blog post is to provide additional detail around how to enable/disable Stretch in a programmatic manner that is better suited towards the operational side of the house in enterprise scenarios.

Figure 1 shows the various operations options that are available to a “stretched” table.

Figure 1 : Options in Management Studio for stretch operations

If for any operational purpose, a user may want to disable stretch and leave the data in Azure while certain operations are happening on site (remember from the links in the above blogs that Stretch when enabled will auto synchronize any changes via metadata) and they do not want to use the Management Studio interface, they can use the following T-SQL Command (from MSDN):

USE <Stretch-enabled database name>;
GO
ALTER TABLE <Stretch-enabled table name>
   SET ( REMOTE_DATA_ARCHIVE = OFF_WITHOUT_DATA_RECOVERY ( MIGRATION_STATE = PAUSED ) ) ;
GO

 

Note that, the remote Azure SQL table will not be deleted. The remote table must be dropped via Azure Management Portal or other supported means such as Power Shell.

On our server, it will look like the following:

Figure 2: Disable Stretch while leaving data in Azure

Checking the GUI, we can see that the Stretch is indeed disabled:

Figure 3- Stretch disabled in SQL Server Management Studio

To re-enable Stretch at anytime, simply issue the following command:

USE <Stretch-enabled database name>;
GO
ALTER TABLE <Stretch-enabled table name>  
   SET ( REMOTE_DATA_ARCHIVE ( MIGRATION_STATE = OUTBOUND ) ) ;
GO

Entering this command yields:

Figure 4- Resuming Stretch

We can see that it is indeed resumed:

Figure 5: Verifying in SSMS

Note that the above example performed two actions: Disable + Leave data in Azure. If I wished to simply “pause” the stretch process I could have used this command:

USE <Stretch-enabled database name>;
GO
ALTER TABLE <Stretch-enabled table name>
   SET ( REMOTE_DATA_ARCHIVE ( MIGRATION_STATE = PAUSED ) ) ;
GO

As shown above, Stretch capabilities are not merely controlled via the SQL Server Management Studio but via Transact-SQL to better fit into the world of operations and automation. This allows for this great new feature to live and support enterprise development/operations as required by the industry.

Sedmo izdanje najveće poslovno-tehnološke konferencije u Bosni i Hercegovini, Microsoft NetWork, održava se od 19. do 21.4.2017. godine (srijeda-petak) u Grand Hotelu Neum.

Fokus ovogodišnje konferencije je na predstavljanju servisa i tehnologija vezanih za digitalnu transformaciju poslovanja, povećanje sigurnosti IT okruženja te scenarije iskorištenja Azure platforme, odnosno hibridne scenarije koji podrazumijevaju upotrebu cloud servisa sa on-premise rješenjima.

Predavanja će se održavati kroz više različitih smjerova u 5 sala paralelno.

Smjerovi:

– Digitalna transformacija poslovanja (DTP)
– Razvojne platforme i alati (DEV)
– Smještaj i analiza podataka (DBA)
– Server/cloud infrastruktura i servisi (ARH)
– Sigurnost i upravljanje identitetima (SEC)
– Studije slučaja (CS)

Ukoliko želite da nominirate predavanje za ovogodišnju konferenciju, to možete učiniti u periodu od 8.2. do 24.2.2017. godine (23:59), otvaranjem korisničkog naloga na msnetwork.ba stranici, uz popunjavanje formulara koji sadrži smjer, naziv i opis predavanja, odnosno biografiju i profilnu fotografiju predavača.

Savjetujemo vam da što bolje opišete svoje predavanje te time povećate šanse da isto bude prihvaćeno. Prilikom nominacije predavanja neophodno je odrediti i tehnički nivo predavanja, kako bi isto, ukoliko bude prihvaćeno, na konferenciji pronašlo odgovarajuću publiku.

Primjeri aktuelnih konferencijskih tema:

Potencijalni predavači nas često pitaju za savjet po pitanju tema koje se očekuju na konferenciji pa smo se odlučili da navedemo par primjera aktuelnih tema iz različitih oblasti koje možete pronaći ispod. Navedene teme služe samo kao primjer, a vi kroz svoje nominacije imate potpunu slobodu da nominirate i teme vezane za druge oblasti, za koje smatrate da su aktuelne i u duhu konferencijskih okvira.

– Najbolje prakse za Windows 10 Deployment i servisiranje
– Deployment Office 365 ProPlus klijenta kroz SCCM
– Pregled Windows 10 sigurnosnih opcija i mogućnosti (Windows Defender ATP)
– Teme vezane za System Center 2016, Operations Management Suite
– Teme vezane za Windows Server 2016 i sigurnost
– Microsoft Advanced Threat Analytics
– Enterprise Mobility Suite
– Upravljanje identitetima u hibridnim okruženjima
– Sigurnost hibridnih okruženja
– Azure AD

– Teme vezane za razvoj na .NET Core 1.0
– Razvoj UWP aplikacija, konverzija Win32 aplikacija na UWP
– Razvoj multiplatformskih aplikacija kroz Xamarin
– Razvoj poslovnih rješenja i aplikacija korištenjem SharePoint Online platforme
– Pregled Azure Application Platform za programere
– Conversation-as-a-Platform, Microsoft Bot Framework, Cognitive Services
– OSS i razvoj na Azure platformi

– Upotreba SQL BI / PowerBI rješenja kao alata za poboljšanje procesa donošenja poslovnih odluka
– Korištenje SQL Servera, R jezika i Cortana Intelligence Suite za naprednu analitiku
– SQL Server vNext, SQL on Linux, Azure on SQL
– Document DB

– Project Management / Project Server / Project Online kao servis za upravljanje projektima
– Dynamics 365 i poslovna transformacija
– Dynamics NAV

– Povećanje produktivnosti kroz Office 365
– Migracija sa Exchange Server na Exchange Online
– Pregled noviteta u Office 365 administraciji
– Napredna sigurnosna rješenja za Office 365 (E5)
– Microsoft Groups, Teams, Yammer

– Migracija poslovnih aplikacija na Azure
– Azure Networking
– Pregled Azure IaaS scenarija
– Korištenje SharePoint 2016 kroz Azure IaaS
– Iskorištenje Azure Machine Learning platforme
– Azure Container Service
– Azure Storage / Backup / ASR
– Azure & OSS

Nivoi predavanja:

– Nivo 100 (uvodna odnosno informativna predavanja koja pokazuju osnovne funkcionalnosti proizvoda ili platforme te su prilagođena najširoj publici)
– Nivo 200 (opširniji pregled mogućnosti uz demonstracije, navođenje primjera iz prakse i diskusiju o izazovima sa određenim rješenjem)
– Nivo 300 (predavanje koje obrađuje napredne primjere uz razmatranje studija slučaja, migracije, deploymenta, arhitekture i razvoja)
– Nivo 400 (predavanja najvišeg nivoa koja se bave arhitekturom, razvojem aplikativnog rješenja, dizajnom ili prevazilaženju različitih tehničkih izazova namijenjena usko specijaliziranim stručnjacima)

Ostale informacije:

Predavanja će trajati 45 minuta. Kriterij za odabir predavanja zasniva se na procjeni kvalitete same nominacije, vašeg prethodnog iskustva kao predavača na srodnim konferencijama ili referencama i titulama koji vas potvrđuju kao stručnjaka i predavača. Predavanja se mogu držati na bosanskom, hrvatskom, srpskom ili engleskom jeziku.

Predavačima će biti obezbjeđena konferencijska kotizacija, smještaj tokom trajanja konferencije te refundirani troškovi prevoza (goriva). O statusu svih nominiranih predavanja ćemo vas obavijestiti putem e-maila, a ukoliko vaše predavanje bude prihvaćeno, do 31.3.2017. godine je potrebno poslati finalnu verziju prezentacije.

Vidimo se na MS NetWork 7 konferenciji!

Enis Šahinović
Direktor sadržaja konferencije

In some scenarios there’s a demand for an increased security on Windows 10. Recently we worked on a scenario where only Microsoft code, Citrix code and Store Applications could run. Combined with no-local administrator privileges this creates a highly secure platform. Malware typically isn’t signed (and especially not by Microsoft or Citrix, if so we have bigger problems) and therefore unable to run on PC’s configured in this scenario.

Configure Microsoft Intune policies

  <RuleCollection Type="Exe" EnforcementMode="Enabled">
 <FilePathRule Id="921cc481-6e17-4653-8f75-050b80acca20" Name="(Default Rule) All files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow">
 <Conditions>
 <FilePathCondition Path="%PROGRAMFILES%*" />
 </Conditions>
 </FilePathRule>
 <FilePathRule Id="a61c8b2c-a319-4cd0-9690-d2177cad7b51" Name="(Default Rule) All files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow">
 <Conditions>
 <FilePathCondition Path="%WINDIR%*" />
 </Conditions>
 </FilePathRule>
 <FilePathRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="(Default Rule) All files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow">
 <Conditions>
 <FilePathCondition Path="*" />
 </Conditions>
 </FilePathRule>
 <FilePublisherRule Id="274fd9f6-d906-43ad-ad2f-e0152a209add" Name="Program Files (x86): MICROSOFT® WINDOWS® OPERATING SYSTEM signed by O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
 <Conditions>
 <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="*">
 <BinaryVersionRange LowSection="10.0.0.0" HighSection="*" />
 </FilePublisherCondition>
 </Conditions>
 </FilePublisherRule>
 <FilePublisherRule Id="56735fab-e02e-4e2e-af47-c2d02ec61ebc" Name="Program Files (x86): INTERNET EXPLORER signed by O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
 <Conditions>
 <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="INTERNET EXPLORER" BinaryName="*">
 <BinaryVersionRange LowSection="11.0.0.0" HighSection="*" />
 </FilePublisherCondition>
 </Conditions>
 </FilePublisherRule>
 <FilePathRule Id="f747fe36-a2be-4236-9be1-3c1a556ca121" Name="Program Files (x86): %PROGRAMFILES%COMMON FILESMICROSOFT SHAREDMSINFO*" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
 <Conditions>
 <FilePathCondition Path="%PROGRAMFILES%COMMON FILESMICROSOFT SHAREDMSINFO*" />
 </Conditions>
 </FilePathRule>
 <FilePublisherRule Id="a7f07120-c355-4d80-a537-1be387f85d87" Name="Program Files (x86): CITRIX ICA CLIENT signed by O=CITRIX SYSTEMS, INC., L=SANTA CLARA, S=CALIFORNIA, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
 <Conditions>
 <FilePublisherCondition PublisherName="O=CITRIX SYSTEMS, INC., L=SANTA CLARA, S=CALIFORNIA, C=US" ProductName="CITRIX ICA CLIENT" BinaryName="*">
 <BinaryVersionRange LowSection="14.5.0.0" HighSection="*" />
 </FilePublisherCondition>
 </Conditions>
 </FilePublisherRule>
 <FilePublisherRule Id="d5b5f9bb-7d06-4df0-82f8-7596bce8a664" Name="Program Files (x86): CITRIX RECEIVER signed by O=CITRIX SYSTEMS, INC., L=SANTA CLARA, S=CALIFORNIA, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
 <Conditions>
 <FilePublisherCondition PublisherName="O=CITRIX SYSTEMS, INC., L=SANTA CLARA, S=CALIFORNIA, C=US" ProductName="CITRIX RECEIVER" BinaryName="*">
 <BinaryVersionRange LowSection="4.5.0.0" HighSection="*" />
 </FilePublisherCondition>
 </Conditions>
 </FilePublisherRule>
 <FilePublisherRule Id="07afdd14-6bea-4166-befb-9cb0c2c9280d" Name="Program Files (x86): CITRIX WEB HELPER signed by O=CITRIX SYSTEMS, INC., L=SANTA CLARA, S=CALIFORNIA, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
 <Conditions>
 <FilePublisherCondition PublisherName="O=CITRIX SYSTEMS, INC., L=SANTA CLARA, S=CALIFORNIA, C=US" ProductName="CITRIX WEB HELPER" BinaryName="*">
 <BinaryVersionRange LowSection="4.5.0.0" HighSection="*" />
 </FilePublisherCondition>
 </Conditions>
 </FilePublisherRule>
 <FilePublisherRule Id="ae34303b-e724-4883-ae4e-bdbabae4fb15" Name="Program Files (x86): CITRIX XENAPP signed by O=CITRIX SYSTEMS, INC., L=SANTA CLARA, S=CALIFORNIA, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
 <Conditions>
 <FilePublisherCondition PublisherName="O=CITRIX SYSTEMS, INC., L=SANTA CLARA, S=CALIFORNIA, C=US" ProductName="CITRIX XENAPP" BinaryName="*">
 <BinaryVersionRange LowSection="14.5.0.0" HighSection="*" />
 </FilePublisherCondition>
 </Conditions>
 </FilePublisherRule>
 <FilePublisherRule Id="10a713e2-8f45-46d1-a9f7-dbbbcef14949" Name="Program Files (x86): RECEIVER signed by O=CITRIX SYSTEMS, INC., L=SANTA CLARA, S=CALIFORNIA, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
 <Conditions>
 <FilePublisherCondition PublisherName="O=CITRIX SYSTEMS, INC., L=SANTA CLARA, S=CALIFORNIA, C=US" ProductName="RECEIVER" BinaryName="*">
 <BinaryVersionRange LowSection="4.5.0.0" HighSection="*" />
 </FilePublisherCondition>
 </Conditions>
 </FilePublisherRule>
 <FilePublisherRule Id="979ca13f-cebb-4d20-9b07-1342e8c4aa86" Name="Program Files (x86): CEIP signed by O=CITRIX SYSTEMS, INC., L=SANTA CLARA, S=CALIFORNIA, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
 <Conditions>
 <FilePublisherCondition PublisherName="O=CITRIX SYSTEMS, INC., L=SANTA CLARA, S=CALIFORNIA, C=US" ProductName="CEIP" BinaryName="*">
 <BinaryVersionRange LowSection="4.5.0.0" HighSection="*" />
 </FilePublisherCondition>
 </Conditions>
 </FilePublisherRule>
 </RuleCollection>

Setting Name: MSI Applocker Policy
Data Type: String
OMA-URI: ./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/000000002/MSI/Policy
Value:

<RuleCollection Type="Msi" EnforcementMode="Enabled">
 <FilePublisherRule Id="31a7ad3a-d7b3-4e3e-9df0-fe7972f77437" Name="Signed by O=CITRIX SYSTEMS, INC., L=SANTA CLARA, S=CALIFORNIA, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
 <Conditions>
 <FilePublisherCondition PublisherName="O=CITRIX SYSTEMS, INC., L=SANTA CLARA, S=CALIFORNIA, C=US" ProductName="*" BinaryName="*">
 <BinaryVersionRange LowSection="*" HighSection="*" />
 </FilePublisherCondition>
 </Conditions>
 </FilePublisherRule>
 </RuleCollection>

<RuleCollection Type="Appx" EnforcementMode="Enabled">
 <FilePublisherRule Id="bae41f27-df1e-4bfd-8f1c-80034807bc74" Name="Signed by *" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
 <Conditions>
 <FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*">
 <BinaryVersionRange LowSection="*" HighSection="*" />
 </FilePublisherCondition>
 </Conditions>
 </FilePublisherRule>
 </RuleCollection>

Please consider leaving a reply in case this post helped.

As an AD admin you are probably familiar with the problem of duplicate Service Principal Name (SPN) attributes. Need a refresher on Kerberos and SPN? Read the famous blogpost over at askds: Kerberos for the busy admin. If you have these duplicates, Kerberos fails for the affected accounts. It always fails so there is no excuse for having duplicates around. The only impact of removing the wrong duplicate is that Kerberos starts working for the other account that kept the SPN. It is usually easy to spot which one is wrong: the unused account, or the computer account instead of the service account, a migrated account, a disabled account, etc.

We have known about this problem since the early days of AD. The command line tool to manage SPNs is called setspn, and in Windows Server 2008 we added switches to check for duplicate SPN in the domain and forest. Try it, run ‘setspn -x -f’ and see what you get. Clean output: no duplicates.

Detection is fine, but prevention is better. In Windows Server 2012 R2 we took that step. For each update to an SPN or UPN we check in the GC if the update would create a duplicate. If not, we allow the update. If yes, we throw the appropriate error. There is a very nice and recent writeup on TechNet: SPN and UPN Uniqueness.

We have tried to catch all of the cases where an SPN or UPN is updated during normal operations, and succeeded pretty well. Examples: creating a new computer account, editing the attribute servicePrincipalName in some way, adding an SPN to a service account, etc. We did it so well that some of our customer had problems with a couple of corner cases where duplicate SPNs would be created (non-obviously) during normal operations, mostly in multi-domain forests:

1. Domain Join: you try to add a new computer to the domain, and the new computer would have an SPN that already exists in another domain in the forest. For instance, contoso.comcomp1 exists, and you would try to add child.contoso.comcomp1. These accounts would both want to have the SPN: HOST/comp1, which would be duplicate.
2. Intra forest migration, where you’d migrate an existing account from one domain to the other, while the old one gets left behind. Again, a duplicate with the SPN HOST/<computername>.
3. You deleted a user. Then you realize your mistake, and create a new one with the same name and UPN. Your smarter colleague realizes that you have the AD recycle bin enabled, and simply restores the user. In this situation, the old and new users have different accounts (objects), but have the same UPN.

These cases are also well known by now, and described in a KB: Duplicate SPN check on Windows Server 2012 R2-based domain controller causes restore, domain join and migration failures. The same KB also describes how to disable the check for duplicates in case you absolutely have to. An expensive migration that is blocked on this comes to mind. But otherwise, please leave it alone. The check for duplication is goodness.

So, once your forest is on Windows Server 2012 R2 or higher, there should be no new duplicate SPN or UPN. Remaining ones are untouched during AD upgrade, but once cleaned up they won’t come back. That is the advertised good news.

The bad news is that this is not the whole truth. The current checks rely on a query to the global catalog to check for duplicates before committing the modified SPN or UPN. If you stop and think about it you can see the weakness of this check, something I already mentioned in my previous post. What if the GC you are talking to does not have the latest data? What if you made a conflicting change on two DCs at the same time? That is the loophole. This can happen in two similar but not identical cases.

1. A computer account is created on two different DCs are roughly the same time. Let’s assume for clarity that these DCs are called DC1 and DC2 and that they live in different sites with a good bit of latency. The computer name is “conflict2“, so they both have an SPN called: HOST/conflict2. The DCs check in their local GC (themselves) and find no duplicates because replication did not happen yet, so the creation is allowed. Replication happens, one of the computer accounts gets renamed (CNF mangling)… and that’s all. No errors because of duplicate SPNs, because there were no local updates. The only thing that happened was that another object came in that just accidentally had an SPN that already existed locally. There is no check for that, so you end up with duplicate SPNs.
2. Two different objects are updated with an SPN called HTTP/random on two different DCs at roughly the same time. Same DC names as above, object names might be “indirect1” and “indirect2“. Same checks, same failure to detect the duplicate. Replication happens, and nothing else. The unrelated objects are now present on both DCs with a duplicate SPN.

In my lab, it looks like this. Checking with setspn:

You see the two cases: the identically named computer accounts where one gets mangled with a CNF name after replication, and the differently named computers that invisibly share the same SPN. For completeness sake, this is the more familiar view from ADUC:

I verified this behavior on a fully patched Windows Server 2012 R2 domain, and another domain on Windows Server 2016. I have also seen it real-life at a customer, which is the reason for this blog post in the first place.

Management summary: that monthly check for duplicate SPN and UPN should remain.

If you’re new to SDN and interested in finding out how using this Windows Server 2016 Datacenter solution might help your business grow, take a look at the new topic Introduction to Software Defined Networking.

In this topic you’ll discover information about increased agility, as well as enhanced network security and efficiency. There’s also a link to a terrific Microsoft Mechanics Video, in which Windows Server SDN engineer Greg Cusanza joins Matt McSpirit to demonstrate the new Software Defined Networking capabilities in Windows Server 2016. Watch as Cusanza explains the SDN technology underpinnings and shows how you can use SDN to do the following:

• Dynamically create, secure, and connect your network to meet the evolving needs of your apps
• Speed up the deployment of your workloads
• Contain security vulnerabilities from spreading across your network

In addition, the topic includes information about SDN Services and the key components of SDN architecture, with plenty of links to online documentation for those of you who want to learn more.

For more information, see Introduction to Software Defined Networking.

I’m in Seattle this week for the Microsoft S4 Conference and am enjoying seeing the truly global perspective of Microsoft as a company. Virtually all of the sessions I’ve attended are covered by the NDA (Non Disclosure Agreement) I’ve signed as an employee so I can’t discuss anything from those unfortunately, but yesterday I did have some great luck.

I was provided a HoloLens unit for the night to have a good play with. If you’re not familiar with what HoloLens is then the official description is:

Microsoft HoloLens is the first self-contained, holographic computer, enabling you to engage with your digital content and interact with holograms in the world around you.

I’ve known about the HoloLens for a while now and, I have to admit, I had been a bit skeptical about videos like the above – surely these were “mocked up” demos of what could be possible, not what was actually already here with the current iterations of HoloLens.

I was dead wrong.

The last time I was truly blown away by a bit of tech I was hands on with was around February last year (2016) when I saw the HP Sprout in Melbourne. The HoloLens is staggeringly immersive – I definitely “lost” three or four hours playing on it last night with most of that on Fragments:

You become the detective in a high-tech crime thriller. Experience compelling new possibilities for storytelling and gameplay.

Some thoughts on Fragments in no particular order (keep in mind I’m not a gamer at all, this did a lot to draw me in!):

• You start by scanning/mapping the room(s) you’re in so that the game understands your environment – you are not restricted to a pre-build world to play in.
• The audio – it’s amazing surround sound from the HoloLens – you just get used to hearing someone talking “over your shoulder” and turning around and seeing the holographic representations of people; it’s entirely believable and lifelike audio.
• The game play – it responds to your environment i.e. characters sit down on your furniture, they walk through your doors. It’s really difficult to describe just how amazing that is and the value it adds to game play until you’ve actually experienced it for yourself.
• You very quickly adapt to the tools at your disposable in this mixed-reality environment:
  • You forget within 5 minutes that you’re wearing a headset (honestly, you no longer notice it).
  • You start to rely on virtual tools e.g. you have your “crime lab” and “maps” pinned to one of your walls and you just get used to returning to that time and again during the investigation.
  • Voice commands – leveraging Cortana you just speak naturally during the game e.g. “examine this evidence” or “launch scan” “close” – you can use the hand gestures to do all of this as well, but you often find it faster using voice. Further to this, you quickly increase your speed of interacting – you pick up, examine, dispose of evidence faster and faster as you get used to it.
• You’re very active
  • You’re literally walking around your room, scanning for evidence and exploring what is being holographically represented on the floors, walls, roof, tables etc
  • As you move around the room the characters move too – they watch you, their eyes follow your movements etc.
  • When the action freezes as part of the game play, you can “walk around” or “circle” the scenes/characters to see the full 3D elements of the game play.
• You’ll lose track of time! I only stopped playing because the battery was going critically flat!

If I sound excited, it’s because I am. I’ve seen Occulus Rift before and they’re amazing too however you are always tethered to a PC generating the content. To be able to wander around within a mixed reality environment with no cables was liberating.

I could go on, but you probably get the idea. Another app I played with was the HoloLens HoloTour:

This was also very immersive and educational. I’ve never been to the Colosseum in Rome before but with this, being able to walk around inside it, it felt like the next best thing. Whilst I am sure it is very expensive to develop this kind of content, you can definitely see how this has a place in education. Speaking of education, the HoloLens Insight Heart app is a good medical training application that shows a proof of concept about how students could potentially be trained. Again, the voice commands were super easy and responsive e.g. “make bigger/smaller” or “rotate” or “pause” – the app responded immediately to these commands:

The guy that loaned me the HoloLens said he now uses it as his primary device for completing “work” at home – from email to Excel spreadsheets to browsing the web, he just sits on his couch with a bluetooth paired keyboard/mouse and gets to work. He will pin a browser to one wall, his email to another and flip between them by moving his head. Because HoloLens will remember the layout of your house/room and always keep your pinned apps in the same place you can do things like pin a weather app to the back of your front door so you always know the weather forecast as you’re exiting the house.

Furthermore, the natural interaction between the real vs holographic world is evident and natural. For example, if you have an open app as you move it around the room to “pin” it somewhere you may decide you want to put in on table. As you move your hands to lower the app onto the table it will meet slight “resistance” as HoloLens recognises the real, physical table and provides resistance as a prompt so you can set the app down on the surface of the table. You can override this of course by pushing a bit harder, but this highlights the fact that HoloLens has a true awareness of the physical reality around you and applies that to everything you’re doing virtually.

I think this is a key point: whilst the truly immersive 3D apps are still largely in development, you can run any Win32 app via HoloLens still because it is a fully functioning Win10 device. This means it is both useful immediately and will only increase in usefulness as more apps are developed.

Here’s an example of a developer building such an app for a proof of concept:

The take home message is this – if you get a chance to play with a HoloLens jump at it! It’s an experience that you’re not likely to replicate easily elsewhere and it is truly hinting at the innovation and future that is coming.

This afternoon, while configuring AAD Connect for a customer, I ran into a new error when I clicked Install at the end of the installation wizard:

An error occurred executing Configure AAD Sync task: Unexpected exception thrown. Action: PingProvisioningServiceEndPoint, Exception: An error occurred. Error Code: 6. Error Description: Your credentials are not authorized to access Windows Azure Active Directory. Please check your administrator credentials and try again.

The error is somewhat misleading.  The first part of the error references that the installer can’t communicate with the provisioning endpoint; the second part of the error says your user ID isn’t authorized.  We know the second part of the error is incorrect, since the wizard validated that the account was a global administrator earlier in the process.

During the “Connect to Azure AD” part of the wizard, the application is using the Internet Explorer proxy settings.  When it reaches the point where it is actually configuring the AAD Connect service, it’s using the .NET proxy settings.

The fix is relatively simple:

1. Open an elevated command prompt.
2. netsh winhttp import proxy source=ie
3. Click Retry in the wizard.

February 2017 Guru, it’s time to share great skills as a TechNet Wiki article and WIN medal(s). Medals? Yes, you can share multiple articles in the same or different categories! Now, navigate to TechNet Guru Competition February 2017 to choose your categories and if it’s not listed add your content in Miscellaneous Category!

All you have to do is add an article to TechNet Wiki from the field of your interest. Something that fits into one of the categories listed on the submissions page. Copy in your own blog post, a forum solution, a white paper, or just something you had to solve for your own day’s work today.

A snippet you share can make you a February 2017 TechNet Wiki Guru in your favorite category and this is official Microsoft TechNet recognition!

HOW TO WIN

1) Please copy over your Microsoft technical solutions and revelations to TechNet Wiki.
2) Add a link to it on THIS WIKI COMPETITION PAGE (so we know you’ve contributed).
3) Every month, we will highlight your contributions, and select a “Guru of the Month” in each technology.

If you win, we will sing your praises in blogs and forums, similar to the weekly contributor awards. Once “on our radar” and making your mark, you will probably be interviewed for your greatness, and maybe eventually even invited into other inner TechNet/MSDN circles!

Winning this award in your favorite technology will help us learn the active members in each community. 

Feel free to ask any questions below.

More about TechNet Guru Awards.

Thanks in advance!

Ninja Kamlesh & Ninja Ronen

こんにちは、Office サポート チームです。

Office 製品の Access では、mdb ファイルや accdb ファイルを作成し利用します。
Access で利用している、これらの mdb/accdb ファイルは、Access のみで利用可能なファイルではなく、
Access ODBC ドライバや OLEDB プロバイダ (Microsoft.ACE.OLEDB.12.0) を介して接続することで、Access 以外のプログラムからデータソースとして利用することが可能です。

本稿では、Access アプリケーションおよび、mdb/accdb ファイルを使用する Access 以外のプログラムで、メモリ使用量が増加する事象について説明します。

現象

Access および Access ODBC/OLEDBを使用したプログラムで、mdb/accdb ファイルに接続し続けたとき、
Access および Access ODBC/OLEDBを使用したプログラムを終了するまでメモリ使用量が増加し続ける場合があります。
 

原因

mdb/accdb ファイル内のレコードを追加/更新/削除を行う Access Database Engine の処理に必要なメモリが確保し続けられているため、発生しています。
Access Database Engine は、無停止のまま終日稼動で運用されるような高い信頼性を要求されるサーバー アプリケーションのように使用されることを考慮して設計されていません。

回避方法

長期間 Access Database Engine を使用するプログラムを起動し、利用されている場合は、定期的に終了していただくか、端末を定期的に再起動してご利用くださいますようお願いいたします。
 

本情報の内容 (添付文書、リンク先などを含む) は作成日時点でのものであり、予告なく変更される場合があります。

*** DISCLAIMER ***
This blog has been put together for the purpose of illustration.  You may have to change certain properties to fit your specific business needs.
*** DISCLAIMER ***

PRODUCT USED FOR TESTING/WRITNG BLOG

• Azure AD Connect (Build: 1.1.281.0)

SCENARIO DESCRIPTION / GOAL

Think about this scenario.  You have synchronized several objects to the cloud via the Azure AD Connect Synchronization Service.  You now have a business requirement and/or business need that requires you to remove (deprovision) users from O365.  In order to achieve this, you will need to add some customization to your Azure AD Connect solution.

The best avenue is to create a new Synchronization Rule within the Azure AD Connect Synchronization Rules Editor.  The goal of this blog is to hopefully illustrate how to Deprovision a user object from the Azure AD Connector Space and Azure (O365) that already has a connection through the provisioning process.

CREATE CUSTOMIZED SYNCHRONIZATION RULE

1. Open the Azure AD Connect Synchronization Rules Editor and ensure that the Direction drop down is set to Inbound.
2. Click the Add new rule button*NOTE: We are using an Inbound Synchronization Rule because we want to keep the object in the On-Premise Active Directory Connector Space (Source Connector Space) and the Metaverse.  We want to Deprovision the Azure AD Connector Space object and the Azure Object.

DESCRIPTION TAB

1. Be sure to provide a good descriptive name for the synchronization rules purpose
2. Connected System will be your On-Premise Active Directory Connector (or if you are using a different On-Premise connector like Generic LDAP, then it will be that connector).
3. Connected System Object Type will be User Object
4. In this scenario, since we are working with User objects, you would select Person for the Metaverse Object Type
5. Link Type = Join
6. Precedence in this case should be a lower number, normally below 100 will allow it to work.

SCOPING FILTER

The Scoping Filter is an inclusive filter.  If you have a specific set of users to work with in accordance with your business need, then the Scoping Filter will assist you in that manner.  For the purpose of my lab scenario, I utilized the department attribute to do my filtering with the keyword “filterme”.

Choose the attribute and keyword that works in accordance with your companies business rules/needs.

   * NOTE: The extensionAttribute(s) are a very commonly used attribute for these types of scenarios.

JOIN RULES

I did not use a Join Rule for my lab scenario because I did not need one.  However, based on your business rules/needs you may need to have a Join Rule.

TRANSFORMATIONS

Our focus is to deprovision the object and in order to do this, we need to tell the Azure AD Connect Synchronization Service to break the connection between the Metaverse Object and the Azure AD Connector Space object.  To do this, we set the Metaverse attribute cloudFiltered to “True”.

TESTING – PREVIEW

You can test the new customized Synchronization Rule by utilizing the Preview Feature.  If you Generate Preview on a test object you can confirm that the deprovisioning process is working.  I would recommend to start with the Import Attribute Flow page.  Here you will be able to see the cloudFiltered attribute being set to true.

Under Connector Updates you will see “Connector Deprovisioning” under the Azure AD Connector Space object.

1. Go back to Start Preview and click the Commit Preview button to actually synchronize the object.
2. Close all windows back to the Synchronization Service Manager Console and then select Connectors
3. On the Connectors Tab, select the Windows Azure Active Directory Connector
4. From the Actions menu, select Search Connector Space and change the Scope to Pending Export and check mark just Delete and click the Search button
5. In my scenario, I can see that my user is marked for Deletion.

Once you have the Pending Export, you can run an Export on the Azure AD Connector to export the delete to O365.  It is important to note that if you do not execute a Delta Import directly after running the export, then you will have problems if you need to add the object back immediately.

ADDITIONAL LINKS

• SUPPORT TIP: How to control which attribute flows to UPN: https://blogs.technet.microsoft.com/iamsupport/2015/08/27/azure-ad-connect-sync-services-howto-control-which-attribute-flows-to-upn/
• SUPPORT TIP: How to create a custom synchronization rule for attribute flow (transformation flow): https://blogs.technet.microsoft.com/iamsupport/2015/08/27/azure-ad-connect-sync-services-howto-control-which-attribute-flows-to-upn/
• Understanding the default configuration: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-understanding-default-configuration
• Azure AD Connect sync: Best practices for changing the default configuration: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-best-practices-changing-default-configuration

クラウド時代に成功するパートナー重要要素にがクラウドサービス管理の自動化、省力化を可能な限り推進することが挙げられます。従来のオンプレミスライセンスでのビジネスと異なり、クラウドサービスはライセンス、サービスの追加、アップグレード、変更等がより容易であり、また、それがクラウドビジネスの大きな優位性でもあるのですが、結果として受発注やお客様のライセンス保有状況の変動がより高い頻度で発生することとなり、従来の仕組みでこれに対応すると結果的に大きなオペレーション負荷の増大となる可能性があります。

この状況を解決し、クラウドが一歩進んで他者との差別化、お客様への積極的なサービス提供を推進するには受注業務を含むサービス管理の自動化が必須となってきます。この自動化により、現場の営業担当者は従来から多くの時間を割いてきた契約、見積もり、受注等の煩雑な業務から解放され、お客様との時間をビジネスに資する会話に充てることが可能になります。また、バックエンドにおいては経理、顧客管理、販売分析等のシステム連携により一気通貫での業務最適化に向けた可能性を提供することになります。

こういったメリットの多いクラウド管理自動化について、この度ダイレクトCSPパートナーでもあるAXLBIT株式会社様が提供する契約自動管理ソリューション「AXLGEAR（アクセルギア）」を活用したCSPプログラムパートナー様向け事業支援「AXLGEAR for CSP」を開始されます。最初の事例として横河レンタ・リース株式会社様への導入が決定されました。

AXLGEAR for CSP

AXLGEAR特設サイト

「AXLGEAR for CSP」の特徴と主な機能

CSPパートナー様向け管理機能

・「Office365」「Microsoft Azure」の注文、契約管理
・「Office365」「Microsoft Azure」の顧客(Tenant)、契約(Subscription)の生成
・「Microsoft Azure」利用実績に基づく従量課金算出
・「Office365」「Microsoft Azure」の顧客への請求金額算出、および請求書の送付

上記CSPパートナー様向け管理機能とは別に
・ 顧客向け管理画面（申込受付、契約情報参照、料金参照…等）の提供

この機会にオペレーションの最適化、ライセンス管理の自動化についてご検討ください。

Feb

9

Script Download:
The script is available for download from https://gallery.technet.microsoft.com/How-to-determine-the-28b42ea7.

The sample code demonstrates how to determine the version of Microsoft Edge browser by PowerShell.

You can find more All-In-One Script Framework script samples at http://aka.ms/onescriptingallery

(この記事は 2017 年 1 月 18 日に Office Blogs に投稿された記事 Forrester’s 2016 Enterprise Collaboration Wave report is out and Microsoft is a Leader! の翻訳です。最新情報については、翻訳元の記事をご参照ください。)

世界で有数の高い影響力を持つ調査/コンサルティング会社の Forrester は先日、エンタープライズ向け共同作業支援ソリューションのプロバイダーを評価する、最新のレポートをリリースしました。このレポートにおいて、マイクロソフトが「リーダー」に選出されたことをご報告いたします。

test-lhzwbnlloazxdensvskvobkkjuonvl