Change Azure Account from LiveID to Work Account (Azure Enterprise Agreement)

In the Moment it is a small challenge to switch from LiveID Login to Work Accounts in Azure.
Today it is not possible to change the account you have to migrate all Services from the old Subscription with the LiveID to a new Subscription with a Work Account.

So let´s have a look to the Steps.

1. Login to the https://ea.windowsazure.com/ with your Work Account

2. Create a new Subscription under your Accounts

3. Setup the Subscription

4. Set the LiveID Account as Serviceadministrator

5. Open a Service Request in the Azure Portal (LiveID Login)

6. In the next Screen fill in the Source Subscription ID and the Target Subscription ID.

7. Just wait for the MS Support :)

NOTE: YOU CAN NOT TRANSFER ALL SERVICES!!!!

Services which can migrate:

  • Virtual Machines
  • Cloud Services
  • CDN
  • Web sites
  • Media Services
  • Service Bus
  • Storage
  • Multi Factor Authentication
  • Traffic Manager
  • Mobile Services
  • Virtual Network
  • Access Control Service (ACS)
  • Caching
  • Reserved IP Address + reserved IPs under die List
  • SQL DB

Services which can´t migrate:

  • Cache
  • BizTalk Services
  • HD Insight
  • Backup
  • Hyper-V Recovery Manager
  • Azure Store
  • Import / Export
  • Scheduler
  • Management Services (AutoScale, Alerts, Etc..)
  • Azure Automation

Thank´s for reading!

Set Service-Account for DirSync on Azure-AD to never expires

If you need DirSync (OnPremise) to Azure-AD you have to use a Service Account for this Operation. Per Default the Password of every User will expired. For a Serviceuser not the best Option.

First you have to install the Azure Active Directory Module for Windows PowerShell (64-bit version): http://go.microsoft.com/fwlink/p/?linkid=236297

Okay let´s set the User with the Options.

1. Open a Powershell
2. Connect to your Tenant with „connect-msolservice“
3. Set the Password Option „Set-MsolUser -UserPrincipalName xxx@xxxx.onmicrosoft.com -PasswordNeverExpires $true“

Monitor VPN State from Fortinet (FortiGate 60D) with PRTG

At first you can download FortiGate MIB File from the web interface.
You can find the downloads under the config menu – SNMP

For the next step you need the tool “Paessler MIB Importer V3.4.8” to convert the MIB file to an oidlib File.

Notice: You need the core MIB in the same folder to convert the file cleanly!

You can edit the oidlib file with a text editor or use the PRTG tool. With a text editor you should edit the fields between “<list>” and “</list>”. In my case I only need the VPN entries. Then copy the oidlib file to the “snmlibs” folder in the PRTG server.

Now you are ready to use the sensor from PRTG server. But you still need to configure the Fortigate to allow snmp access!

Check the box SNMP Agent:


I use SNMP v2c to get the information from the firewall. I configure a community with the name “public”.

Also you should set the IP from the Probe Host and the interface that you want to access with the requests. If you only want to use queries from SNMP protocol you should also select “Accept queries only”. You can uncheck traps in this case too.

On the interface (Menu Network – Interfaces) you use must the SNMP allowed.

Now you can add a new device in PRTG with the IP of the interface you have selected. Up next you add a sensor to the device. Select as type SNMP.

As sensor you use SNMP-Bibliothek:


Here you find the file you copied to the PRTG-Server:

After a click on next you can check the modules you want to monitor.

Keep in mind that without limit value the sensor will never get red.

Now you can grab a coffee and feel good 

Arno

Use your custom domain with Microsoft Azure websites

Hello,

if you deploy a new website with Azure you get an url like mywebsite.azurewebsites.net, but you can also use your own cusom domain like mydomain.com. You can enable this feature with just a jew configuration steps, you do not need to deploy a Azure VM with a installed IIS and configure http-Bindings like int he old days. :)

Ok, Let’s take a closer look. First of all you need to scale your website to the mode Shared. This is the absolute minimum for the usage of a custom domain.

In the Azure portal when you select your website you see at the bottom the option manage domains.

Here you can add all the custom domains which you want to use for accessing your azure-website. But take a look at the description text. Azure will verifiy that the added domains have a special DNS-Entry (CNAME) like awverify.mydomain.com leads to  awverifiy.mywebsite.azurewebsites.net
So you need to setup these DNS-entry first and than add your domain int he Azure portal.

Also take care that you add both domainnames like www.mydomain.com and mydomain.com
So your webiste is reachable by http://mydomain.com and http://www.mydomain.com
Also you fin here the IP-address you need for setup your A-Record. So just jump over to our provider, where we can setup the correct DNS-entries.

Create an A-Record with the provided IP-address from the azure portal. (See Screenshot above)
Create an CNAME entry for verification
Create another CNAME entry for the website

When you did something wrong or use the wrong IP-address you can get an error screen like this, when you try to reach your website under your custom domain.

But when everything is fine your website is reachable by using your custom domain. Yeah!

So have fun and deploy websites faster than ever with Microsoft Azure!

Azure Powershell Connect to your Subscription

For managing lots of settings in Azure you need to connect yourself to the Azure subscription via the Azure PowerShell.

Before you can connect to your subscription you must check out that your system fulfils all requirements of the Azure PowerShell installation.

At the following link you can download the Azure PowerShell:

http://azure.microsoft.com/de-de/downloads/

For the Azure PowerShell you must have installed the Microsoft .NET Framework Version 4.5.

After you have installed the Azure PowerShell Modules you can use the normal PowerShell to connect to your subscription or you can use the Azure PowerShell.

Start your Azure PowerShell – now you can connect to your Azure Subscription. You must add your Azure Account data.

Type in the PowerShell the following command:  “Add-AzureAccount”

After entering the command a pop-up menu opens:

 

Type in your e-mail address for the Azure login. After this choose your account type (business- or personal-account). Now you can login with your username (e-mail) and password:

 

If you use a multi factor authentication type after this step your MFA Code.

Now you are connected with Microsoft Azure. If you’re connect successfully your PowerShell must show following:

 

You are now connected to your Azure account and are able to connect to your subscriptions. To see which subscriptions are mapped to your account use the cmdlet “Get-AzureSubscriton”, here you have a view from your Subscriptions:

 

Now we connect our PowerShell to a subscription, for this type “Select-AzureSubscription SubscriptionName (see at the picture). To check if your connection is correct you can list your virtual machines with the following cmdlet “Get-AzureVM”.

Now you can do your settings with the Azure PowerShell, e.g.  set a fixed IP-address for domain controllers or anything else.

 

Have a nice day

 

Sebastian

Reset password from Azure VM

If you forget a Password and you can’t access your VM, you can reset the login data over Azure PowerShell. Use “Set-AzureVMAccessExtension” to set an account for accessing the VM.

Notice: In my test environment I delete/override my old account.

At first connect to your Azure subscription. Then you can reset the access with the command:

Get-Azurevm –Servicename $Servicename –name $VMName | Set-AzureVMAccessExtension –Username $NewUserName –Password $NewPassword | Update-AzureVM

After this you must restart your VM:

Get-Azurevm –Servicename $Servicename –name $VMName | Restart-AzureVM
Now you can login with your new login credentials
Arno