How to Takeover an Unmanaged Directory in Azure

When trying to create an Azure subscription I received the following error:

This tenant is viral. If you are an IT admin, you can take over the directory.
This tenant is viral. If you are an IT admin, you can take over the directory.

After some reading a viral tenant is another meaning for an unmanaged directory. An unmanaged directory is a directory that was automatically created when a user with @virtuallyboring.com created an Azure account. Its a directory that has no global administrator. Microsoft created a Azure Active Directory (AAD) tenant in the background and is sitting there unmanaged. This is so users can create an account and use resources without it being a blocker that the domain isn’t claimed in AAD.

There are two ways to take over an unmanaged directory:

  • Internal admin takeover:
    • Your account gets elevated to global administrator
    • No users, domains, or service plans are migrated
  • External Admin Takeover:
    • Add the unmanaged domain name to a tenant where you are a Global Administrator
    • A mapping of users to resources is created in your managed Azure Active Directory
      • Users can continue to access services without interruption

Source: Admin takeover of an unmanaged directory – Azure AD | Microsoft Docs

For my example I will be using a internal admin takeover.

Read more…

Migrate GoDaddy Domain and DNS to AWS Route 53

I started this blog back in June of 2014 to play around with platforms like Joomla and WordPress. I wouldn’t be truthful if I didn’t say the GoDaddy Superbowl commercials didn’t sell me to start with GoDaddy to register my domain name and provide hosting. Over the years I haven’t had any major issues that caused long term outages, only a few hours sprinkled in every month with their Linux Hosting Essential with CPanel plan. With 2020 being my first year working in AWS I felt strongly to move my domain over to AWS Route 53 so I can start playing around with the AWS suite of services! That is the goal of this post is to walk through the transfer my domain and DNS from GoDaddy to AWS Route 53!

These instructions are specifically for GoDaddy but would work for any domain registrar provider you are using today. The screenshots would be different but the task would be the same. You have to switch back and forth between GoDaddy console and AWS Console quite a bit. I try to start the task stating if a console swap is need and where you should be. Working with DNS can be tricky as it can be a waiting game especially when dealing with external DNS replicated across the world (Time To Live – TTL). If doing this in a production environment make sure you do this during a low peak time and give yourself extra window of time to troubleshoot (and wait for DNS replication). It’s pretty easy and straight forward, but it’s DNS.

What exactly is Route 53? Route 53 is Amazon Web Services (AWS) highly available and scalable Domain Name System (DNS) service launched back in 2010. It has powerful traffic routing policies and health checks that you use depending on your use case. Route 53 has a default limit of 50 domain names however this limit can be increased by contacting AWS support.

Table of Contents:

Part 1: Migrate from GoDaddy DNS to AWS Route 53

Part 2: Migrate domain registered with GoDaddy to AWS Route 53

Part 1 – Migrate from GoDaddy DNS to AWS Route 53:

Step 1: Create AWS Route 53 Hosted Zone

What is a AWS Hosted Zone? Here is a snippet from the Route 53 FAQ:

A hosted zone is an Amazon Route 53 concept. A hosted zone is analogous to a traditional DNS zone file; it represents a collection of records that can be managed together, belonging to a single parent domain name. All resource record sets within a hosted zone must have the hosted zone’s domain name as a suffix. For example, the amazon.com hosted zone may contain records named www.amazon.com, and www.aws.amazon.com, but not a record named www.amazon.ca. You can use the Route 53 Management Console or API to create, inspect, modify, and delete hosted zones. You can also use the Management Console or API to register new domain names and transfer existing domain names into Route 53’s management.

First we must create the Hosted Zone in Route 53. This is so we can get our Amazon Name Servers for use in a later step. Go to Route 53 in the AWS console, then click Hosted Zones on the left column, then Create Hosted Zone:

Read more…

Deploying Microsoft SQL 2014 Standalone Server

In this blog I will be installing Microsoft SQL 2014 in a Standalone configuration. I needed to setup a SQL server for my home lab so thought i’d document the installation process.

Before You Start:

Microsoft SQL 2014 1 - .Net 3.5 Installation

Read more…

How to setup Microsoft Active Directory Certificate Services [AD CS]

Microsoft Active Directory Certificate Services [AD CS] provides a platform for issuing and managing public key infrastructure [PKI] certificates. On top of securing application and HTTP traffic the certificates that AD CS provides can be used for authentication of computer, user, or device accounts on a network.

In this post I will be setting up a single AD CS server on my domain and configuring group policy to auto enroll my servers. For an enterprise environment you will deploy subordinate CA’s and shut down your root CA for security. For more information about this setup click here: PKI Design Options

Installing the AD CS Server Role:

Open Server Manager and click Manage -> Add Roles and Features:

PKI 1 - Add Roles and Features

Click Next:

PKI 2 - Before you Begin

Read more…

How to setup Microsoft Web Application Proxy

Microsoft Web Application Proxy [WAP] is a new service added in Windows Server 2012 R2 that allows you to access web applications from outside your network. WAP functions as a reverse proxy and an Active Directory Federation Services [AD FS] proxy to pre-authenticate user access.

Web Application Proxy Overview

vBoring Blog Series:

  1. How to setup Microsoft Active Directory Federation Services [AD FS]
  2. How to setup Microsoft Web Application Proxy

Requirements:

  • The only hard requirement of WAP is having an AD FS server. Refer to step 1 for setting that up.
  • WAP cannot be installed on a server that AD FS is installed on. They must be separate servers.

Installing the Web Application Proxy Server Role:

Open Server Manager and click Manage -> Add Roles and Features:

Microsoft Web Application Proxy 1 - Add Roles and Features

Read more…

How to setup Microsoft Active Directory Federation Services [AD FS]

In this post I will be installing and configuring the Active Directory Federation Services [AD FS] server role. AD FS is able to provide Single-Sign-On [SSO] capabilities to multiple web application using a single Active Directory account.

vBoring Blog Series:

  1. How to setup Microsoft Active Directory Federation Services [AD FS]
  2. How to setup Microsoft Web Application Proxy

Install the AD FS Server Role:

Open Server Manager and click Manage -> Add Roles and Features:

AD FS 1 - Add Roles and Features

Click Next:

AD FS 2 - Before you Begin

Read more…

Deploy and Configure WSUS on Server 2012 R2

Windows Server Update Service [WSUS] is a server role that serves as a repository for Microsoft product updates on your network. Instead of every computer on your network downloading updates directly from Microsoft you can deploy a WSUS server so the updates are downloaded once and distributed to your environment from the WSUS server.

In this post I will be deploying WSUS Server 2012 R2 in a domain environment, using the Windows Internal Database (WID), and using Group Policy to have my computers connect to WSUS instead of Microsoft Updates.

Single WSUS Server

Read more…

%d bloggers like this: