|
Dirt Road Junglist posted:Now, imagine having to tell that to your boss Ugh. What's funny now is Apple has almost the same market cap as Microsoft, and even RedHat does almost 3B a year in revenue. Hell the Canonical/Ubuntu folks do a 125M a year in revenue. Everyone wants to get paid. Hell, I'm going through a nasty software audit right now from a company that repackages FOSS and then slaps a commercial license on it somehow.
|
#
?
Mar 19, 2019 05:19
|
|
|
|
| # ? Apr 24, 2024 18:46 |
|
|
SfB is going away, probably sooner than a lot of companies realize, there's somewhere within your tenant (might be PS only?) to find the date that you are being force converted to Teams.
|
|
#
?
Mar 19, 2019 05:57
|
|
|
skipdogg posted:Ugh. I always thought it was more a slam on their blatant monopoly status, and their extreme hostility to FOSS at the time. Not so much their desire to make money at all. I feel like there were plenty of stories about other for profit companies on Slashdot at the time. But this is probably a dangerous derail to be having 
|
|
#
?
Mar 19, 2019 12:53
|
|
|
Having a strange sync issue. We have on-prem AD synced to 365 and some users' attribute fields aren't updating. For example there's a group of 12 who need to have their department name updated, but only half were successful. code:code:
|
|
#
?
Mar 19, 2019 13:17
|
|
|
Hmm that's curious. I don't suppose forcing a new sync of those users solves the weird write lock? Sounds like either they are still in the middle of syncing data or something didn't pull up properly.
|
|
#
?
Mar 19, 2019 15:27
|
|
|
bitterandtwisted posted:Having a strange sync issue. Yes. I have seen this many times. The outcomes are as follows. 1: It fixes itself 2: You reach out to support that gets you to someone who can actually fix it on their backend. (good luck) 3: You totally unsync the objects and resync them, making it a pain in the rear end.
|
|
#
?
Mar 19, 2019 15:45
|
|
|
I assume that splitting apart a company with AD sync on their Office 365 is still a case of:
Is there still the secret option of giving a sack of money to Microsoft?
|
|
#
?
Mar 26, 2019 19:11
|
|
|
Give a sack of money to someone like Catapult? That's what we did.
|
|
#
?
Mar 26, 2019 19:18
|
|
|
Ants how many users are we moving?
|
|
#
?
Mar 26, 2019 19:32
|
|
|
About 250 out into five separate companies. I’m pretty sure that’s not enough to make the MS consultancy costs anywhere near worth it. Fairly sure the method is accurate, but it’s a lot of dicking around. And yes the plan is a bit crazy but I have no control over that.
|
|
#
?
Mar 26, 2019 19:41
|
|
|
Thanks Ants posted:About 250 out into five separate companies. I’m pretty sure that’s not enough to make the MS consultancy costs anywhere near worth it. Your plan seems pretty sound from my own experience. But yeah lol sharepoint, onedrive, archive mailboxes. Reclaiming a domain is usually pretty quick, but there have been instances where I've had to wait hours. Never a fun time when that's the case.
|
|
#
?
Mar 26, 2019 19:45
|
|
|
Maybe try Veeam O365 Backup to backup sharepoint/onedrive/archive mail then restore it to the new tenant?
|
|
#
?
Mar 26, 2019 19:47
|
|
|
The actual data migration part I'm pretty comfortable with - MigrationWiz generally does a good job with Exchange -> Exchange and SharePoint -> SharePoint migrations, and the documentation is extensive. It was more about not wanting to come unstuck with the domain names and UPNs etc, and wanting to know if there's a less labour-intensive (I'm aware that sounds a bit daft as IT workers) way to go about it.
|
|
#
?
Mar 26, 2019 20:35
|
|
|
You could maybe do some trickery with Azure B2B?
|
|
#
?
Mar 26, 2019 20:37
|
|
|
I think that's just what Office 365 tenants with guest users from other Office 365 orgs. uses at some level in the backend, but actually moving data between the tenants still requires it to go via a migration service. I think the reason behind this change is to split the companies up into legally separate entities for compliance purposes anyway so any closer links aren't desirable anyway. In other Microsoft news, it's now really easy to build yourself an on-prem file server that can back off into Azure Files, and it's cheap as well https://docs.microsoft.com/en-us/azure/databox-online/data-box-gateway-overview
|
|
#
?
Mar 26, 2019 20:49
|
|
|
Thanks Ants posted:I think that's just what Office 365 tenants with guest users from other Office 365 orgs. uses at some level in the backend, but actually moving data between the tenants still requires it to go via a migration service. I think the reason behind this change is to split the companies up into legally separate entities for compliance purposes anyway so any closer links aren't desirable anyway. Not saying this isn't cool, but this sentence gets me: quote:virtual device based on a virtual machine provisioned in your virtualized environment e: maybe I'm missing something, but in what situations would I use this over storage sync? The Fool fucked around with this message at 20:52 on Mar 26, 2019 |
|
#
?
Mar 26, 2019 20:50
|
|
|
In your virtualized headspace due to your virtualized reality inside the virtualized universe virtualized by the supreme programmer.
|
|
#
?
Mar 26, 2019 20:52
|
|
|
The Fool posted:Not saying this isn't cool, but this sentence gets me: If you have a Windows Server with the Azure File Sync on it already then I guess you wouldn't change anything. This is a single VM, managed from the Azure portal, kept up-to-date outside of any GPOs that are applied to servers, and doesn't seem to have any CAL requirements that you hit as soon as you deploy a Windows Server on a site. Edit: Big difference would be that (currently) a Windows Server with File Sync on can work with AD permissions on the shares, whereas the Edge stuff uses a basic read-only/read-write level access with accounts added individually to each managed Gateway. If you have something doing archive duty with a service account though then it would work fine. I guess a real rough comparison would be with AWS Storage Gateway. Thanks Ants fucked around with this message at 21:49 on Mar 26, 2019 |
|
#
?
Mar 26, 2019 21:01
|
|
|
hopefully it doesn't have any bullshit gotchas i've encountered with the Amazon storage gateway (oops you filled the boot volume database with too many file references, which wasn't identified in known limitations. Nor can you check how much of the drive is filled because we've added bumper corners to this linux instance.). e: 5 million objects per bucket, if you're asking. incoherent fucked around with this message at 21:20 on Mar 26, 2019 |
|
#
?
Mar 26, 2019 21:17
|
|
|
Trying to setup this Windows VDI thing on Azure and I keep getting failure to register into the domain. We're setup on O365 which provides the Azure AD instance. How do I setup an Azure network that can 'see' this AD?
|
|
#
?
Mar 26, 2019 21:33
|
|
|
FunOne posted:Trying to setup this Windows VDI thing on Azure and I keep getting failure to register into the domain. We're setup on O365 which provides the Azure AD instance. How do I setup an Azure network that can 'see' this AD? It doesn't work with AzureAD, the VM's need to be joined to a standard ad domain, or hybrid joined. https://docs.microsoft.com/en-us/azure/virtual-desktop/overview quote:Your infrastructure needs the following things to support Windows Virtual Desktop: e: emphasis mine
|
|
#
?
Mar 26, 2019 21:44
|
|
|
You need domain controllers accessible from the virtual network you deploy into. Either deploy a couple, or turn on Azure AD Domain Services.https://docs.microsoft.com/en-us/azure/virtual-desktop/overview posted:Your infrastructure needs the following things to support Windows Virtual Desktop: E:f,b
|
|
#
?
Mar 26, 2019 21:47
|
|
|
Don't shoot me for not realizing that "Azure AD" and "Azure AD Services" are two different things. What's the cheapest and easiest way to make that happen?
|
|
#
?
Mar 26, 2019 22:42
|
|
|
If you have an AD already on-prem then a VPN tunnel is the cheapest way to do it.
|
|
#
?
Mar 26, 2019 22:46
|
|
|
Nope! All office 365, nothing on premises. No cloud servers. Just 365, E3 licenses, and some blob storage to feed the CDN. I can access the AD system through Azure, see my users, their logins, etc. I just can't seem to get this provisioned virtual machine to see the AD server. I think it is virtual network related, but I'm not 100%.
|
|
#
?
Mar 26, 2019 23:10
|
|
|
Turning on Azure AD DS is the best option (also make sure you set the DNS details in your virtual network if you're trying to have things bind to it). There's no way to deploy an non-Azure AD and have it populate from Azure AD, as far as I'm aware. So you'd be in the situation of having to create all your users again and letting it sync and match up on SMTP address or UPN. I'm probably doing this over the next month or so, I'll update the thread when that happens.
|
|
#
?
Mar 26, 2019 23:19
|
|
|
Now I don't know WTF because the PR chat about all this how great it'll be for O365 setups to get apps and desktops running on the cloud for all sorts of good reasons. Crazy that I cannot even use the O365 directory.
|
|
#
?
Mar 27, 2019 00:27
|
|
|
Even Microsoft doesn't expect any real company to be 100% Azure AD
|
|
#
?
Mar 27, 2019 00:32
|
|
|
I think the server products are intended to join Azure AD at some point in the future, it's just not there yet. It's why AADDS exists, to give you a 'real' AD that you don't need to manage. That's also not perfect though because it lives in a single region, though I believe they've stopped work on making it available in more regions to focus on having it highly available globally. At least according to one of the product managers that I was talking to on Twitter a while back.
|
|
#
?
Mar 27, 2019 00:33
|
|
|
Azure AD Domain Services is a stop-gap intended for smaller deployments or organizations that aren't ready to have a VPN/ExpressRoute to Azure with DCs and Azure VMs joined to a domain. If your company doesn't have schema extensions and your applications don't write to AD. Azure AD DS is fine but otherwise there too many gotchas at the moment for it to replace traditional AD DS.
|
|
#
?
Mar 27, 2019 00:50
|
|
|
So just spitballing here, out of curiosity, is there a way to expose your GPOs to the world at large without using Azure AD? I know Directaccess was a thing at some point. I just...I really want to kill AD entirely. We have a multi-OS shop and it's just not feeling sustainable.
|
|
#
?
Mar 27, 2019 00:53
|
|
|
Azure AD doesn't even do that. Azure AD is an separate cloud identity service, that happens to support syncing with Active Directory. DirectAccess is an alternative to using a client-vpn to connect to your on-premise network. If you want to kill Active Directory you need two things: An identity service and device management. Microsoft provides Azure AD and Intune as products to fill those roles. Azure AD is actually good, but in my opinion Intune has a bit more to go before it can be a real replacement to GPO for managing Windows machines. You may not care though, since in the world of web-apps the local computer doesn't need to be more than a thin client for a lot of people.
|
|
#
?
Mar 27, 2019 01:09
|
|
|
If all your applications are modern (all web, SaaS and no kerberos/ntlm) then Azure AD w/ Intune works great. Otherwise... AD will be around for a quite a while.
|
|
#
?
Mar 27, 2019 01:11
|
|
|
There’s honestly nothing better than AD - you can try and ditch it but you’ll always bump into something that wants to talk to a directory - whether that’s just a scanner looking up an address book, or a to enable WPA Enterprise on your WiFi network. The requirements of DCs are really low, you don’t have to worry about backing them up, and you can run them entirely in Azure if you have a way to keep some local DNS infrastructure so clients can still get out to the internet in the event your VPN dies if you don’t have ExpressRoute. MS seem really committed to the idea of hybrid cloud so I wouldn’t expect it to go anywhere soon. We are moving to a scenario where people’s laptops are Azure AD joined but desktops that might have multiple users are traditional AD joined, possibly with hybrid join if that’s not being phased out in the short term.
|
|
#
?
Mar 27, 2019 01:12
|
|
|
The Fool posted:Even Microsoft doesn't expect any real company to be 100% Azure AD
|
|
#
?
Mar 27, 2019 01:19
|
|
|
nexxai posted:Which is hilarious because I am the Senior Cloud Analyst for a decent sized airline - we fly 737s (not the MAX8) - with several hundred employees spread out over the country and the continent and we are 100% in the cloud. We have *zero* servers on prem and run everything using Azure AD. As a previous poster said, how does this work with printers and other weird devices that don't support modern auth?
|
|
#
?
Mar 27, 2019 01:20
|
|
|
nexxai posted:Which is hilarious because I am the Senior Cloud Analyst for a decent sized airline - we fly 737s (not the MAX8) - with several hundred employees spread out over the country and the continent and we are 100% in the cloud. We have *zero* servers on prem and run everything using Azure AD. I work for  itself, and I wish this was how we operated.
|
|
#
?
Mar 27, 2019 01:27
|
|
|
Tab8715 posted:As a previous poster said, how does this work with printers and other weird devices that don't support modern auth?
|
|
#
?
Mar 27, 2019 01:42
|
|
|
Dcs running in the cloud is trivial and inexpensive. Spending time and money in attempt to not have them doesn’t seem worth it to me right now.
|
|
#
?
Mar 27, 2019 01:50
|
|
|
|
| # ? Apr 24, 2024 18:46 |
|
|
So, should I be able to use my O365-provided Azure AD to join these Azure VM images created for the Windows Desktop Service (tm) offering? If so, then what the gently caress do I need to do virtual network wise for that to work (since the 'create a network' option in the script just doesn't work) I really don't understand why I can join my laptop to my Domain-controller-in-the-cloud but virtual machines are a different story. Not mad at all of you, thanks for the help. But Microsoft is guilty of the "name everything the same plus XR" scheme so Googling doesn't help, and their online manuals are VERY INTERESTED in getting me into a hybrid cloud setup which I, you know, don't need and am not trying to do. I don't HAVE an on-premise AD server and VPN setup with multiple routes that I need to cloudify, I just want to test this desktop service offering. FunOne fucked around with this message at 02:45 on Mar 27, 2019 |
|
#
?
Mar 27, 2019 02:42
|
|