Lets see opening shared calendars via various channels
In Outlook Web Access
Left Site Bottom of your Screen . Choose Calendar Icon
Once you open it. Click on Import calendar.
Click on Add Calendar from Directory
Opening Shared Mailbox Calendars via Outlook
Opening Shared Calendars via Outlook App iOS
Choose the Calendar
You can see the listed Calendar
What if customer doesn’t know where the Azure AD Connect server is deployed .
Find the MSOL Account on Users Container in Active Directory.
Copy the Description of the Account – you can find the Azure AD Connect Server Deployed on.
Account created by the Windows Azure Active Directory Sync tool with installation identifier ‘f9be57f6eab24e6b22222e69a’ running on computer ‘AD-CONNECT-SERVER01’ configured to synchronize to tenant ‘
azure365pro.onmicrosoft.com’. This account must have directory replication permissions in the local Active Directory and write permission on certain attributes to enable Hybrid Deployment.
if Server is moved recently and if they use the default Azure AD Service Account
You can login to Microsoft 365 Admin Center
Health – Directory Sync Status – Directory Sync Service Account may help on the server name
Microsoft Certificate Authority becomes a key server if its integrated to Critical Services like Meraki,Skype for Business, RADIUS Servers ,and any cert based applications signed by domain authority.If its a virtual infrastructure. I usually take a clone of these servers to test the same. Just to make sure all going to be ok .As once you export the Certificate with keys you got to remove the Server Role and Reboot. And I feel comfortable if it imports ok on the clones. As there is kind of no go back. you can always promote the server back and Install the certificate authority as a backup plan . please note that during this period . you cannot re issue or renew or revoke the certificate.
Backup Certificate Authority – Database, Log Files, and Private Key
Open Certification Authority
In the Certificate authority console, right-click your CA in the left pane, select All Tasks ,select Backup CA.
In the Certification Authority Backup Wizard, click Next on the welcome screen.
On the Items to Back Up screen, check Private key and CA certificate and Certificate database and certificate database log.
Click Browse to the Back up to this location, select an empty folder to store the backup files, and click Next to continue.
Choose a Password and Confirm Password to protect the private key and CA certificate. Click Next to continue.
Click Finish – Completing the Certification Authority Backup Wizard
Open cmd Run as administrator.
net stop certsvc and press Enter to make sure the CA cannot issue certificates.
Backup / Export the Registry.
Registry key from here: HKLM\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration
if you have any custom templates
Certificate Templates: Open the PowerShell command prompt with run as administrator, run the below mentioned command
certutil.exe –catemplates > “c:\CA2008R2\templates.txt”
If you have a customized CAPolicy.inf then copy it from %systemroot% directory.
In my case , As below.
Uninstall Root CA using Server Manager and Dcpromo to demote the Domain controller
if you want to retain the same name of the server. wait for the active directory to replicate in all sites else force the Active Directory Replication.
Rename the server, change the IP and remove the server from the domain.
Now login to the new server.
Install New Root CA server on the Private Key Wizard. DO NOT CREATE NEW PRIVATE KEY> Import the existing private key.
Type the password for the file when prompted, then confirm it.
Give the same name as old Root CA . if you wish to have a different Server name. it will still work . But when you import the registry the Old CA Name will be retained.
Now Configuration Succeeded without any issues.
Restore the Root CA backup
Open Certification Authority.
In the CA console, right-click your new CA in the left pane, select All Tasks from the menu and then Restore CA.
If you are prompted to stop the Active Directory Certificate Service, click OK continue.
In the Certification Authority Restore Wizard, click Next on the welcome screen.
On the Items to Restore screen, check Private key and CA certificate and Certificate database and certificate database log.
Click Browse to the backup copied location to restore from this location. Give one level up than backup location where the backup files are located, click OK in the Browse for Folder window and then Next to continue in the wizard. Click Finish
You should now be prompted to restart the AD CS service. Click Yes to confirm the operation.
open cmd prompt as administrator
net stop certsvc
-Double click on the copied registry file. When prompted click yes to update the registry.
Typical installation . Will not have templates neither custom .inf file. you can safely skip the below step. if you haven’t done any customization.
Restore Template if you had exported .
On the PowerShell, run the below command This command will add the DirectoryEmailReplication template in AD to the list of CA templates, if it doesn’t already exist. You can get a list of the templates by opening the catemplates.txt file saved as part of the backup procedure.
certutil -setcatemplates +DirectoryEmailReplication.
Restore Policy INF: If we found a customized CAPolicy.inf then copy it to %systemroot% directory
Restart the Certificate Authority Server.
VNET Peering connects networks seamlessly within and across regions. Local and Global Peering pricing differs region to region.
Lets Connect the Virtual Network from UAE North to Central US
UAE North Virtual Machine – 10.1.1.4 255.255.255.0 10.1.1.1
Central US Virtual Machine – 10.0.0.4 255.255.255.0 10.0.0.1
Lets do peering between this two Virtual Machines. Go to Virtual Networks.
Go to Peering _ Add
Add Peering
Click OK.
Now Both Virtual Machines can be communicated with no restriction. (All ports are opened by Default)
VNET Peering Pricing
https://azure.microsoft.com/en-us/pricing/details/virtual-network/
Bypassing load balancer seems to be no error. and iOS devices and Outlook seems to connect without any issues.
digicert never had any such issue.
Error : There’s a missing intermediate certificate in the certificate chain.
Logged into the device to check for root certificate to make sure.
Clicked on Settings
Security and location
Encryption and Credentials
and Trusted Credentials.
Got the intermediate Certificate from the vendor site.
https://globalsign.ssllabs.com/
and placed in KEMP Load balancer in my case.
and now Android devices connected without any issues.
Install Network Policy and Access services otherwise called as RADIUS Server. Install the specific role in the new server.
now login to the existing server. Export the existing configuration configuration.
netsh nps export filename="c:\users\usernname\Desktop\NPS.xml" exportPSK=YES
Now login to the new server and import the NPS.xml
if you see any un supported rules . You have to remove them from the old system. Export again and import back to the new server.If you need those un supported rules you need to manually recreate them.
in my case i got three unsupported legacy rules which was created to use a legacy system and it wasn’t exist anymore. so i just deleted those rules and exported and imported back again.
netsh nps import filename="c:\users\usernname\Desktop\NPS.xml"
Now open NPS , Network Policy Server and Click on Register Server in Active Directory.
Now New Network Policy Server is up and running with the same configuration.
Satheshwaran Manoharan - Microsoft MVP - Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.
Contact : Info@Azure365Pro.com
© Azure365Pro.com
