Servers and Services

Azure Active Directory Free

Azure AD allows you to control access to subscriptions, resource groups, and individual resources. It also

provides user and group management, on-premises directory synchronization, basic reports, and single

sign-on across Azure, Office 365, and many popular SaaS apps.

Page 1 of 55
Creating Directory in Azure AD
 Sign in to the Azure portal for your directory, using an account with the Owner role for the

subscription, and then select Azure Active Directory.

Page 2 of 55
Adding Costi.org as custom domain name to Azure AD

After you create your directory, you can add your custom domain name.

1. Select Custom domain names, and then select Add custom domain.
2. Type the organization's new domain name into the Custom domain name box (for
example, Costi.org), and then select Add domain.

Page 3 of 55
 3. Copy the DNS info from the Costi.org page. For example, MS=ms64983159.

Adding the DNS information to the domain registrar

After you add your custom domain name to Azure AD, you must return to your domain registrar
and add the Azure AD DNS information from your copied TXT file. Creating this TXT record
for your domain "verifies" ownership of your domain name.

 Go back to your domain registrar, create a new TXT record for your domain based on your
copied DNS information, set the TTL (time to live) to 60 minutes, and then save the
information.

Page 4 of 55
Verify the custom domain name

1. Sign in to the Azure portal using a Global administrator account for the directory.
2. Select Azure Active Directory, and then select Custom domain names.
3. On the Fabrikam - Custom domain names page, select the custom domain name, Costi.

4. On the Costi.org page, select Verify to make sure your custom domain is properly
registered and is valid for Azure AD.

Local Active Directory (On-Site)

Minimum Specification Requirement

Processor
• 1.4 GHz 64-bit processor
• Compatible with x64 instruction set
• Supports NX and DEP
• Supports CMPXCHG16b, LAHF/SAHF, and Prefetch
• Supports Second Level Address Translation (EPT or NPT)
* Core info is a tool you can use to confirm which of these capabilities you CPU has.

Page 5 of 55
 RAM
• 512 MB (2 GB for Server with Desktop Experience installation option)
• ECC (Error Correcting Code) type or similar technology
Storage controller and disk space requirements
Computers that run Windows Server 2016 must include a storage adapter that is compliant
with the PCI Express architecture specification. Persistent storage devices on servers classified as hard
disk drives must not be PATA. Windows Server 2016 does not allow ATA/PATA/IDE/EIDE for boot,
page, or data drives.
The following are the estimated minimum disk space requirements for the system
partition.
Minimum: 32 GB
Network adapter requirements
Minimum:
 An Ethernet adapter capable of at least gigabit throughput
 Compliant with the PCI Express architecture specification.
 Supports Pre-boot Execution Environment (PXE).

1) Once Active directory setup on the server, it also going to act as DNS server. There for change
the DNS settings in network interface and set the server IP address (or local host IP 127.0.0.1) as
the primary DNS server.

Page 6 of 55
2) Then open the server manager. Go to PowerShell (as administrator) and
type ServerManager.exe and press enter.

3) Then on server manager click on add roles and features

Page 7 of 55
4) Then it opens the add roles and features wizard. Click on next to proceed.

5) Then in next window keep the default and click next

6) Since its going to be local server, in next window keep the default selection.

Page 8 of 55
7) In next window from the roles put tick box for active directory domain services. Then it will
prompt to show you what are the associated features for the role. Click on add features to add
those. Then click next to continue.

Page 9 of 55
8) The features page keep it default and click on next to proceed.

Page 10 of 55
Page 11 of 55
9) In next windows it gives brief description about AD DS service. Click next to proceed.

10) Then it will give the confirmation about install, click on install to start the role installation
process.

Page 12 of 55
11) Once done, it will start the installation process

12) Once installation completes, click on option promote this server to a domain controller.

Page 13 of 55
13) Then it will open the active directory configuration wizard. In my demo I am going to setup new
forest. But if you are adding this to existing domain you can choose relevant option. (I am going
to write separate article to cover how you can upgrade from older version of Active Directory).
Select the option to add new forest and type FQDN for the domain. Then click next.

Page 14 of 55
14) In next page you can select the domain and forest functional levels. I am going to set it up with
latest. Then type a password for DSRM. Then click next

Page 15 of 55
15) For the DNS options, this going to be the first DNS server in new forest. So no need any
modifications. Click next to proceed.

Page 16 of 55
16) For the NETBIOS name keep the default and click next

Page 17 of 55
17) Next page is to define the NTDS, SYSVOL and LOG file folders. You can keep default or
define different path for these. In demo I will be keeping default. Once changes are done,
click next to continue

Page 18 of 55
18) Next page will give option to review the configuration changes. If everything okay, you can
click next to proceed or otherwise can go back and change the settings.

Page 19 of 55
19) In next windows it will do prerequisite check. If it’s all good, it will enable option to install. Click
on install to begin installation process.

Page 20 of 55
20) Then it will start the installation process.

Page 21 of 55
21) After the installation system will restart automatically. Once it comes back log in to the server as
domain admin.

22) Once log in open the PowerShell (as administrator) and type dsac.exe and press enter. It
will open up the active directory administrative center. There you can start managing the
resources.

Page 22 of 55
Express installation of Azure AD Connect
You can see these steps in action in the videos section.

1. Sign in as a local administrator to the server you wish to install Azure AD Connect on. You should
do this on the server you wish to be the sync server.
2. Navigate to and double-click AzureADConnect.msi.
3. On the Welcome screen, select the box agreeing to the licensing terms and click Continue.
4. On the Express settings screen, click Use express settings.

Page 23 of 55
5. On the Connect to Azure AD screen, enter the username and password of a global administrator for
your Azure AD. Click Next.

If you receive an error and have problems with connectivity, then see Troubleshoot connectivity
problems.

Page 24 of 55
6. On the Connect to AD DS screen, enter the username and password for an enterprise admin
account. You can enter the domain part in either NetBios or FQDN format, that is,
FABRIKAM\administrator or fabrikam.com\administrator. Click Next.

Page 25 of 55
7. The Azure AD sign-in configuration page only shows if you did not complete verify your
domains in the prerequisites.

If you see this page, then review every domain marked Not Added and Not Verified. Make sure
those domains you use have been verified in Azure AD. Click the Refresh symbol when you have
verified your domains.

Page 26 of 55
8. On the Ready to configure screen, click Install.
 Optionally on the Ready to configure page, you can unselect the Start the synchronization
process as soon as configuration completes checkbox. You should unselect this checkbox
if you want to do additional configuration, such as filtering. If you unselect this option, the
wizard configures sync but leaves the scheduler disabled. It does not run until you enable it
manually by rerunning the installation wizard.
 Leaving the Start the synchronization process as soon as configuration
completes checkbox enabled will immediately trigger a full synchronization to Azure AD of
all users, groups, and contacts.
 If you have Exchange in your on-premises Active Directory, then you also have an option to
enable Exchange Hybrid deployment. Enable this option if you plan to have Exchange
mailboxes both in the cloud and on-premises at the same
time.

9. When the installation completes, click Exit.

10. After the installation has completed, sign off and sign in again before you use Synchronization
Service Manager or Synchronization Rule Editor.

Page 27 of 55
Printer Server
PaperCut MF is a cross-platform print monitoring application that runs on all major

operating systems. The system has been designed to support all platforms for both the client and the

server components and to scale from small businesses with 5 users all the way to the largest education

sites with 500,000 users or more.

Capabilities

Scalability
 Suitable for networks from 5 to 500,000+ users.
 Browser based admin interface - simple for small sites yet powerful for large sites.
Architecture
 Suitable for single server environments to multi-server, multi-site and clustered environments.
 Capable of monitoring locally attached or workgroup printers.
 Powerful yet optional user client software (not required for print monitoring).
 International: Available in 20+ languages and currency formats world wide.
Licensing
 True enterprise-wide licensing: unlimited printers, servers and workstations.
 Licenses are based on monitored user numbers.
Open Systems
 Open and documented API, scripting interface, and database schema.
 XML Web Services API with helpful source code examples.
 Report data in CSV/Excel, PDF and HTML.

Printers
 Almost all major laser, inkjet, label and wide-format printers/MFDs/plotters.
 Supported print languages: PCL, PCL6, HPGL, PostScript, PCL-GUI, XPS, Ricoh
RPCS, Epson ESC, QPDL, various GDI printers and many languages that don't even
have names!

Page 28 of 55
User Directory Services

 Active Directory (native integration including nested groups and OUs)

 Apple OpenDirectory
 eDirectory
 LDAP
 OpenLDAP
 NIS, PAM, Samba, and others

Security & Encryption

 SSL encryption used for sensitive client-server communications.
 Option to install a signed SSL certificate.

Application / Site Server Requirements

Operating System
 Microsoft Windows (64-bit)
 Apple OS X 10.11 (El Capitan) or higher
 Windows Server 2016 / 2012 / 2012 R2 / 2008 R2 / Windows 10* / Windows 8* /
Windows 7* (core, server, advanced server, enterprise edition, 64-bit edition, workstation, professional versions all
supported)
 Microsoft Clustering Services supported at all application layers
 Most modern Linux (64-bit) distributions including Red Hat 6.0+, Novell SUSE 11.0+,
Debian 6.0+, and others (requires GNU glibc 2.11 or higher)†
Memory
 2GB minimum supported (4GB or higher recommended)

Most modern print servers should have a base of 4GB of memory. Note that PaperCut NG/MF will only use 1/4 of the

available memory by default, so plan to have 4GB of memory minimum to allow PaperCut NG/MF to use up to 1GB, or

by Increasing the memory available to PaperCut.

Hard Disk

 3GB, plus additional storage for logs and print history. When using Print Archiving (off by
default), a minimum of 100GB of free disk space is recommended.

Page 29 of 55
Configuration

Print queue configuration

When using Release Stations or account selection popups, PaperCut pauses jobs on the
Windows print queue to hold jobs prior to printing. It is important, especially in charging environments,
that the queue is secured to prevent users from resuming jobs themselves and bypassing PaperCut. There
are two ways a Windows print queue can be secured:

1. Configure the queue using the PaperCut TCP/IP Port.

2. Restrict the print queue security permissions to prevent users from performing management
functions.
Using the PaperCut TCP/IP port
Queues configured to use the PaperCut TCP/IP Port automatically ensure that manually resumed
jobs will not be printed. You will already be using a PaperCut TCP/IP Port if you are using hardware

Page 30 of 55
page count validation. You can see which port is being used in the Ports tab under Printer Properties. If
you are not currently using PaperCut TCP/IP ports, see Windows printer queue configuration.

Restricting Windows print queue security permissions

This method works for most versions of Windows. However, it might interfere with printing on
Windows 8.1 and Windows 2012R2. On these systems you should secure printing using PaperCut TCP/IP
ports.
To restrict security permissions for a queue:

1. Log onto the server hosting the printers as an Administrator.

2. Open the printer configuration screen: Start > Printers
3. Right-click a printer; then select Printer properties.
4. Select the Security tab.
5. Select the CREATOR OWNER user.
6. In the Permissions area, clear the Manage Documents check box.

Page 31 of 55
7. Click OK.
8. Perform these steps for each of the monitored printers

Page 32 of 55
SCCM
Introduction
The environment used for setting up System Center Configuration Manager is a two server farm with
one server acting as the Domain Controller and the second one will act as the SCCM Server with SQL
Server 2016 installation. We will install SCCM on the same server as SQL Server for the time being. We
can also extend the set up to a stand-alone SCCM server and SQL Server. The installation of SCCM is
primarily divided into two sections:

 Prerequisite installation
 System Center Configuration Manager Installation

Prerequisite Installation
Before installing SCCM on the server we have to set up a few prerequisites on the server else we will
get a few errors during the installation of SCCM. The prerequisites that we would be setting up are:

 Install Windows ADK 10

 Create System Management Container in the Domain Controller System
 Extend Active Directory Scheme
 Configure IIS Role
 Install BITS and Differential Compression
 Install Windows Server Update Service Role

Install Windows ADK 10

If we have not installed Windows ADK 10 we will get the below error while trying to install
SCCM.

Page 33 of 55
Specify the install location and continue.

Check the required features that have to be installed, We already have set up SQL Server 2016 on the
server, so let's uncheck the last option and install.

This will install Windows ADK 10 in the SCCM Server.

Page 34 of 55
Create System Management Container in the Domain Controller System
Once Windows ADK 10 has finished the installation, we will set the System Management
Container in the AD Server. In order to do that, let's head over to the Server Manager and from tools
select ADSI Edit.

Right-click on ADSI Edit option in the below window and select Connect to. This will open up
the Connection Settings window. Click OK.

Right-click the Domain Controller name and select New->Object.

Page 35 of 55
Specify the class as “container” and click Next. Don't create the container in the root directory (like
the screenshot shows), but create it in the "CN=System"-Container. (Thanks to the comments which
led to this mistake)

Specify the values as “System Management”.

Page 36 of 55
This will create the object in the AD. Now we must assign object permissions to this container. Right-
click the newly created container object and select properties.

Click Add to add the users.

Page 37 of 55
Add the Admin Account of SCCM Server (here we are using SPFarmAccount) and the SCCM Computer
(VM02-SQL2016) to this container object.

From advanced settings, change the permission entry from “This object” to “This object and all
descendant objects”.

Page 38 of 55
Now both SPFarmAccount and VM-2-SQL2016 has been granted Full Control to the Container Object.

Extend Active Directory Schema

Page 39 of 55
It will contain the Zip file named SC_Configmr_SCEP which should be unzipped to a drive folder.

Go inside the extracted folder to the path C:\SC_Configmgr_SCEP_1606\SMSSETUP\BIN\X64

Page 40 of 55
From there, run the application extadsch

It will run the command line tool to extend the active directory schema. You can find the output file in the
C Drive.

Opening it, we can see the success status of the operation.

Page 41 of 55
Add IIS Server Role
From Server Manager, select Add Roles and Features option.

Select Role-based or feature-based installation option and continue.

Page 42 of 55
Select the Role as WebServer(IIS) and continue.

Check the Role services that has to be installed as part of Web Server IIS and proceed.

Page 43 of 55
This will start the installation of the Roles in the SCCM Server. Once completed, we can close the wizard
and head to the next section.

Install BITS and Remote Differential Compression features

Just like we have installed Web Server (IIS), let's install Background Intelligence transfer Service (BITS)
and Remote Differential Compression in the SCCM Server.

Page 44 of 55
Select BITS from the Features window.

Similarly, select Remote Differential Compression from the same window.

Page 45 of 55
Install the selected features by clicking on Install.

Once the installation has completed, we can close the window.

Install Windows Server Update Service

Now let’s add the last Role to the SCCM Server. It is the Windows Server Update Service Role.

Page 46 of 55
Specify the folder location where the updates will be stored.

Click on Install to start the installation.

Install System Center Configuration Manager

From the downloaded installation files, start the installer present in the x64 folder.

Page 47 of 55
Select “Install a Configuration Manager primary site” option.

If we have the product key, we can enter it, else proceed with the evaluation option.

Page 48 of 55
Accept the agreement and continue.

If you have already downloaded the required installation files, we can specify the location of the
installation media. Else we will have to download them to drive location first.

Here we will download them to a drive folder.

Specify the site code and site name and proceed.

Page 49 of 55
We can choose to install the primary site as a stand-alone site or add it to an existing hierarchy. Even if
we chose the stand alone option, we can add it to the hierarchy at a later point.

Now we must specify the Full Qualified name of the SQL Server where the SCCM databases will be
created. Since we have chosen the SCCM to be installed on the same server as SQL Server, we don’t have
to change the default value.

Page 50 of 55
Specify the location for the SQL Server data file and transaction log to be saved and proceed.

Now we have to mention the location of the SMS provider which will be used to communicate with the
site database. Let’s install it on the same SQL Server.

Page 51 of 55
Check HTTPS communication option and proceed.

Chose to install a management point as well as installation point and proceed.

Page 52 of 55
Finally, we are in the setting summary page. Click on Next to start the installation.

This will start the prerequisite check. Ensure that there are no errors. We can skip the warnings after
checking for the severity. If there are errors, we will have to resolve them before proceeding.

Once we click Begin Install, it would take around 45 minutes to complete the installation of System
Center Configuration Manager.

Page 53 of 55
Test System Center Configuration Manager

Once the installation has run to completion we go ahead and run the Configuration Manager Console.

Page 54 of 55
Reference
Microsoft. “Azure Active Directory Overview.” Microsoft Docs, 12 Nov. 2018, docs.microsoft.com/en-
us/azure/active-directory/fundamentals/active-directory-whatis#terminology.

Eross-msft. (2018, September 17). How to add your custom domain to Azure Active Directory. Retrieved
November 15, 2018, from https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-
custom-domain

Page 55 of 55