microsoft
/
MCW-Hybrid-identity
зеркало из https://github.com/microsoft/MCW-Hybrid-identity.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

grammer fixes for bhol

This commit is contained in:
Ben Stegink 2022-05-31 21:19:39 -04:00
Родитель 3b3b6acd28
Коммит 76a46c6dd9
2 изменённых файлов: 60 добавлений и 70 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

1
.gitignore поставляемый
Просмотреть файл

@ -352,3 +352,4 @@ Whiteboard design session/images/Whiteboarddesignsessiontrainerguide-HybridIdent
Whiteboard design session/images/Whiteboarddesignsessiontrainerguide-HybridIdentityimages/media/.DS_Store
Hands-on lab/images/Hands-onlabstep-bystep-HybridIdentityImages/.DS_Store
Hands-on lab/images/Hands-onlabstep-bystep-HybridIdentityImages/media/.DS_Store
.DS_Store

129
Hands-on lab/Before the hands-on lab - Hybrid identity.md
Просмотреть файл

@ -44,27 +44,25 @@ Microsoft and the trademarks listed at <https://www.microsoft.com/en-us/legal/in
## Requirements
- A Microsoft Azure subscription with at least 16 vCPUs available in the Azure region where the Azure VMs deployed in this lab will reside.
- A Microsoft Azure subscription with at least 16 vCPUs available in the Azure region where the Azure VMs deployed in this lab will reside.
- DC1 and APP1 VMs -- 2 x D8s\_v3: 2 x 8 vCPUs = 16 vCPUs
- DC1 and APP1 VMs -- 2 x D8s\_v3: 2 x 8 vCPUs = 16 vCPUs
- A Microsoft account with the owner or the contributor role in the Azure subscription
- A Microsoft account with the owner or the contributor role in the Azure subscription
> **Note**: The lab computer does not require locally installed software.
> **Note**: The lab computer does not require locally installed software.
## Before the hands-on lab
Timeframe: 150 minutes
### Task 1: Review the relevant Microsoft documentation
1. Review online documentation regarding Azure Active Directory at <https://docs.microsoft.com/en-us/azure/active-directory/> focusing on its integration with Active Directory and its B2B capabilities.
### Task 2: Validate the role in the Azure subscription
1. Login to the Azure portal at <http://portal.azure.com>, select **All services**. Then search for and select **Subscriptions**.
1. Log in to the Azure portal at <http://portal.azure.com>, select **All services**. Then search for and select **Subscriptions**.
![In this screenshot, the Azure portal is depicted with 'sub' typed into the search bar and 'subscriptions' highlighted in the results.](images/Hands-onlabstep-bystep-HybridIdentityImages/media/SelectSubscriptions.png "Search for and select Subscriptions in the Azure portal")
@ -72,15 +70,15 @@ Timeframe: 150 minutes
3. On the subscription blade, select **Access control (IAM)**.
4. Review the list of user accounts, and verify that your user account has the Owner or Contributor role assigned to it.
4. Review the list of user accounts, and verify that your user account has the Owner or Contributor role assigned.
### Task 3: Review the type of subscription
1. Navigate to the subscription you're going to use and select **Overview** in the subscription blade.
2. Review the **Offer** and compare it with the list that can be found at: <https://azure.microsoft.com/en-us/support/legal/offer-details/>. Make sure that the Offer doesn't have a spending limit on it. Subscriptions with spending limits will be unable to complete all the steps of the lab.
2. Review the **Offer** and compare it with the list found at: <https://azure.microsoft.com/en-us/support/legal/offer-details/>. Make sure that the offer doesn't have a spending limit on it. Subscriptions with spending limits will be unable to complete all the steps of the lab.
!["Screen shot showing the subscription overview with the Offer highlighted"](images/Hands-onlabstep-bystep-HybridIdentityImages/media/bhol-sub-offer.png "Subscription Offer Highlighted")
!["Screenshot showing the subscription overview with the Offer highlighted."](images/Hands-onlabstep-bystep-HybridIdentityImages/media/bhol-sub-offer.png "Subscription Offer Highlighted")
### Task 4: Deploy the lab environment Azure VMs
@ -88,66 +86,63 @@ Timeframe: 150 minutes
2. On the **TLG (Test Lab Guide) - 3 VM Base Configuration (v1.0)** page, select **Deploy to Azure**.
> **Note**: The 3 VM Base Configuration provisions a Windows Server 2016 Active Directory domain controller named DC1 using the domain name you specify, and a domain member server named APP1 running Windows Server 2016. It also offers an option to provision a client VM running Windows 10, however we will not be using it in our lab (primarily due to licensing requirements applicable when running Windows 10 VMs in Azure). The domain member server (APP1) has automatically installed .NET 4.5 and IIS.
> **Note**: The 3 VM Base Configuration provisions a Windows Server 2016 Active Directory domain controller named DC1 using the domain name you specify and a domain member server named APP1 running Windows Server 2016. It also offers an option to provision a client VM running Windows 10; however, we will not be using it in our lab (primarily due to licensing requirements applicable when running Windows 10 VMs in Azure). The domain member server (APP1) has automatically installed .NET 4.5 and IIS.
3. On the **Custom deployment** blade, specify the following settings, then select **Review + Create** then **Create**.
3. On the **Custom deployment** blade, specify the following settings, select **Review + Create**, then **Create**.
- Subscription: The name of the target Azure subscription where you want to provision the lab environment Azure VMs.
- Subscription: The name of the target Azure subscription where you want to provision the lab environment Azure VMs.
- Resource group: (Create new) **hybrididentity-RG**
- Resource group: (Create new) **hybrididentity-RG**
- Location: The name of the Azure region that will host the lab environment Azure VMs.
- Location: The name of the Azure region that will host the lab environment Azure VMs.
- Config Name: **TlgBaseConfig-01**
- Config Name: **TlgBaseConfig-01**
- Domain Name: **corp.contoso.com**
- Domain Name: **corp.contoso.com**
- Server OS: **2016-Datacenter**
- Server OS: **2016-Datacenter**
- Admin Username: **demouser**
- Admin Username: **demouser**
- Admin Password: **demo@pass123**
- Admin Password: **demo@pass123**
- Deploy Client VM: **No**
- Deploy Client VM: **No**
- Client VHD URI: **leave blank**
- Client VHD URI: **leave blank**
- VM Size: **Standard_D2ads_v5**
- VM Size: **Standard_D2ads_v5**
**Note**: Use a similar VM size if your subscription does not support the listed size. Documentation is linked here: <https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes>.
- DNS Label Prefix: **Any valid, globally unique DNS name (a unique string consisting of letters, digits, and hyphens, starting with a letter and up to 47 characters long).**
- DNS Label Prefix: **Any valid, globally unique DNS name - a unique string consisting of letters, digits, and hyphens; starting with a letter and up to 47 characters long.**
- _artifacts Location: **Accept the default**
- _artifacts Location: **Accept the default**
- _artifacts Location Sas Token: **leave blank**
- _artifacts Location Sas Token: **leave blank**
![In this screenshot, the 'Custom deployment' blade of the Azure portal is depicted with each parameter value field highlighted and each value set to the values stated above.](images/Hands-onlabstep-bystep-HybridIdentityImages/media/BHOL-feb2022-update.png "The custom deployment blade with all the information listed above entered")
4. Select **Review + Create**.
5. After validation has passed, select **Create**.
![In this screenshot, the configuration for the deployment that you did on the previous tile is summarized and validated.](images/Hands-onlabstep-bystep-HybridIdentityImages/media/BHOL-feb2022-create-add.png "The custom deployment summarize and create tile")
![In this screenshot, the configuration for the deployment you did on the previous tile is summarized and validated.](images/Hands-onlabstep-bystep-HybridIdentityImages/media/BHOL-feb2022-create-add.png "The custom deployment summarize and create tile")
6. Wait for the deployment to complete. The deployment might take about 60 minutes.
6. Wait for the deployment to complete. This might take about 60 minutes.
![In this screenshot, the deployment is complete and you can go directly to the resource group using the go to resource group button.](images/Hands-onlabstep-bystep-HybridIdentityImages/media/BHOL-feb2022-deployment-complete.png "The custom deployment blade with all the information listed above entered")
![In this screenshot, the deployment is complete, and you can go directly to the resource group using the go to resource group button.](images/Hands-onlabstep-bystep-HybridIdentityImages/media/BHOL-feb2022-deployment-complete.png "The custom deployment blade with all the information listed above entered")
### Task 5: Configure the lab environment Azure VMs
1. In the browser window displaying the Azure portal, navigate to the **DC1** Azure VM and connect to it via Remote Desktop. When prompted, sign in by using the following credentials:
- Username: **demouser**
- Username: **demouser**
- Password: **demo\@pass123**
- Password: **demo\@pass123**
> Note: If you get a prompt asking if you want your device to be discoverable on the network, click No.
2. Within the Remote Desktop session to **DC1**, start **Windows PowerShell** and run the following script to disable Internet Explorer enhanced security configuration and User Access Control on both **DC1** and **APP1** Azure VMs:
2. Within the Remote Desktop session to **DC1**, start **Windows PowerShell** and run the following script to disable Internet Explorer enhanced security configuration and User Access Control on both **DC1** and **APP1** Azure VMs:
```pwsh
@ -157,19 +152,18 @@ Timeframe: 150 minutes
Invoke-Command -ComputerName $vmNames {Set-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "ConsentPromptBehaviorAdmin" -Value 00000000}
```
**Note:** To run multiple PowerShell scripts in the same file, you can highlight a specific script and select **Run Selection** next to the green play button.
**Note:** To run multiple PowerShell scripts in the same file, you can highlight a specific portion of the script and select **Run Selection** next to the green play button.
![In this screenshot, the PowerShell is depicted with the script listed above pasted into it.](images/Hands-onlabstep-bystep-HybridIdentityImages/media/PSScript.png "PowerShell with the script pasted into it")
![In this screenshot, the PowerShell is depicted with the script listed above pasted in.](images/Hands-onlabstep-bystep-HybridIdentityImages/media/PSScript.png "PowerShell with the script pasted into it")
3. Within the **Windows PowerShell** window, add the following script to the script pane, and run it to install Remote Server Administration Tools on both **DC1* and **APP1** Azure VMs:
3. Within the **Windows PowerShell** window, add the following script to the script pane, and run it to install Remote Server Administration Tools on both **DC1* and **APP1** Azure VMs:
```pwsh
$vmNames = @('dc1','app1')
Invoke-Command -ComputerName $vmNames {Install-WindowsFeature RSAT -IncludeAllSubFeature}
```
4. Within the **Windows PowerShell** window, add the following script to the script pane, and run it to enable TLS 1.2 on both **DC1* and **APP1** Azure VMs:
4. Within the **Windows PowerShell** window, add the following script to the script pane, and run it to enable TLS 1.2 on both **DC1* and **APP1** Azure VMs:
```pwsh
$vmNames = @('dc1','app1')
@ -187,10 +181,9 @@ Timeframe: 150 minutes
Invoke-Command -ComputerName $vmNames {New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Name 'DisabledByDefault' -Value '0' -PropertyType 'DWord' -Force}
```
5. Within the **Windows PowerShell** window, add the following script to the script pane, and run it to configure Windows Integrated Authentication on the Default Web Site hosted on the **APP1** Azure VM:
5. Within the **Windows PowerShell** window, add the following script to the script pane, and run it to configure Windows Integrated Authentication on the Default Web Site hosted on the **APP1** Azure VM:
```pwsh
$vmNames = @('app1')
Invoke-Command -ComputerName $vmNames {Enable-WindowsOptionalFeature -Online -FeatureName IIS-WindowsAuthentication}
Invoke-Command -ComputerName $vmNames {Set-WebConfigurationProperty -Filter "/system.webServer/security/authentication/anonymousAuthentication" -Name Enabled -Value False -PSPath IIS:\ -Location "Default Web Site"}
@ -202,7 +195,6 @@ Timeframe: 150 minutes
1. Within the **Windows PowerShell** window, from the console pane, run the following to restart **APP1**:
```pwsh
Restart-Computer -ComputerName 'APP1'
```
@ -216,9 +208,9 @@ Timeframe: 150 minutes
1. Connect again to the **DC1** Azure VM via Remote Desktop. When prompted, sign in by using the following credentials:
- Username: **demouser**
- Username: **demouser**
- Password: **demo\@pass123**
- Password: **demo\@pass123**
2. Within the Remote Desktop session to **DC1**, start Internet Explorer and navigate to the link below.
@ -226,51 +218,51 @@ Timeframe: 150 minutes
3. Download and install Edge for **Windows 64-bit**
![Screenshot showing the download link to download Microsoft Edge for business 64-vit version.](images/Hands-onlabstep-bystep-HybridIdentityImages/media/downloadinstalledge.png "Download Edge Link in a browser window")
![Screenshot showing the download link to download Microsoft Edge for business 64-bit version.](images/Hands-onlabstep-bystep-HybridIdentityImages/media/downloadinstalledge.png "Download Edge Link in a browser window")
4. Close **Internet Explorer**.
4. Within the Remote Desktop session to **DC1**, start **Microsoft Edge** from the desktop and navigate to the link below.
5. Within the Remote Desktop session to **DC1**, start **Microsoft Edge** from the desktop and navigate to the link below.
```
https://github.com/microsoft/MCW-Hybrid-identity/tree/main/Hands-on%20lab/studentfiles
```
5. On the **Create Users/Group for Active Directory Demo/Test Environment** page, select the **CreateDemoUsers.ps1** link, right click on **Raw**, and select **Save link as** to save it to the local file system.
6. On the **Create Users/Group for Active Directory Demo/Test Environment** page, select the **CreateDemoUsers.ps1** link, right-click on **Raw**, and select **Save link as** to save it to the local file system.
!["Screen shot showing right clicking on Raw after selecting the CreateDemoUsers.ps1 file. Then selecting Save link as to save the file to local file system."](images/Hands-onlabstep-bystep-HybridIdentityImages/media/savecreateuserscript.png "Saving the CreateDemoUsers.ps1 file")
!["Screenshot showing right-clicking on Raw after selecting the CreateDemoUsers.ps1 file. Then selecting Save link as to save the file to the local file system."](images/Hands-onlabstep-bystep-HybridIdentityImages/media/savecreateuserscript.png "Saving the CreateDemoUsers.ps1 file")
6. On the **Create Users/Group for Active Directory Demo/Test Environment** page, select the **CreateDemoUsers.csv** link (directly above the PowerShell code section) and use the same method to save the corresponding csv file to the same location as the **CreateDemoUsers.ps1** file.
7. On the **Create Users/Group for Active Directory Demo/Test Environment** page, select the **CreateDemoUsers.csv** link (directly above the PowerShell code section) and use the same method to save the corresponding csv file to the same location as the **CreateDemoUsers.ps1** file.
![In this screenshot, the 'Create Users/Group for Active Directory Demo/Test Environment screen is depicted with the 'CreateDemoUsers' file link highlighted near the bottom of the page.](images/Hands-onlabstep-bystep-HybridIdentityImages/media/SaveCSVFile.png "Create users and groups in Azure Active Directory page where you select the link to the CreateDemoUsers.csv file")
> Note: When saving the .csv file, make sure you save it at a csv and not a txt file or that you change the file extension after downloading the file.
> Note: When saving the .csv file, save it at a csv and not a txt file or change the file extension to .csv after downloading the file.
7. Within the same **Microsoft Edge** window navigate to the url below.
8. Within the same **Microsoft Edge** window, navigate to the URL below.
```https://code.visualstudio.com/Download```
8. Download and install the 64 bit User Installer of Visual Studio Code.
9. Download and install the 64-bit User Installer of Visual Studio Code.
!["Screenshot highlighting the 64 bit user installer link for Visual Studio Code."](images/Hands-onlabstep-bystep-HybridIdentityImages/media/downloadvscode.png "Visual Studio Code download button")
!["Screenshot highlighting the 64-bit user installer link for Visual Studio Code."](images/Hands-onlabstep-bystep-HybridIdentityImages/media/downloadvscode.png "Visual Studio Code download button")
9. When you get to the **Select Additional Tasks** screen, make sure to select all of the check boxes before clicking **Next >**.
10. When you get to the **Select Additional Tasks** screen, select all checkboxes before clicking **Next >**.
!["Select additional tasks screen in the Visual Studio Code installer with all check boxes selected."](images/Hands-onlabstep-bystep-HybridIdentityImages/media/vscodeadditionaltasks.png "Visual Studio Code installer with all options selected")
!["Select additional tasks screen in the Visual Studio Code installer with all checkboxes selected."](images/Hands-onlabstep-bystep-HybridIdentityImages/media/vscodeadditionaltasks.png "Visual Studio Code installer with all options selected")
10. Within the Remote Desktop session to **DC1**, start File Explorer, navigate to the folder where you downloaded both files, right-click on the file **CreateDemoUsers.ps1**, select **Properties**, in the **CreateDemoUsers.ps1 Properties** dialog box, check the **Unblock** checkbox and select **OK**.
11. Within the Remote Desktop session to **DC1**, start File Explorer, navigate to the folder where you downloaded both files, right-click on the file **CreateDemoUsers.ps1**, select **Properties**, in the **CreateDemoUsers.ps1 Properties** dialog box, check the **Unblock** checkbox and select **OK**.
11. Within the File Explorer window, right-click on the file **CreateDemoUsers.ps1** again and select **Open with Code**.
12. Within the File Explorer window, right-click on the file **CreateDemoUsers.ps1** again and select **Open with Code**.
12. Close the **Get Started** tab in Visual Studio Code and then click to install the PowerShell extension.
13. Close the **Get Started** tab in Visual Studio Code and then click to install the PowerShell extension.
!["Visual Studio code with the Get Started tab open and the popup to install PowerShell. The x to close the Get Started Tab and the Install button for the PowerShell extension are both highlighted."](images/Hands-onlabstep-bystep-HybridIdentityImages/media/vscode-getstarted.png "Visual Studio Code Get Started")
!["Visual Studio Code with the Get Started tab open and the popup to install PowerShell. The x to close the Get Started Tab and the Install button for the PowerShell extension are both highlighted."](images/Hands-onlabstep-bystep-HybridIdentityImages/media/vscode-getstarted.png "Visual Studio Code Get Started")
13. In the resulting popup window, select **Trust Workspace & Install**
14. In the resulting popup window, select **Trust Workspace & Install**
!["The popup to trust the workspace and install the PowerShell extension in Visual Studio Code. The Trust Workspace and Install button is selected."](images/Hands-onlabstep-bystep-HybridIdentityImages/media/vscode-powershell.png "Visual Studio Code Trust Workspace & Install")
14. In the **Visual Studio Code** window, change line **148** from:
15. In the **Visual Studio Code** window, change line **148** from:
```pwsh
$UserCount = 1000 #Up to 2500 can be created
@ -281,12 +273,11 @@ Timeframe: 150 minutes
$UserCount = 2500 #Up to 2500 can be created
```
11. In **Visual Studio Code** save the change. In **Windows PowerShell** run the **CreateDemoUsers.ps1** script to create a lab environment organizational unit hierarchy and populate it with test user accounts.
16. In **Visual Studio Code**, save the change. Then, in **Windows PowerShell**, run the **CreateDemoUsers.ps1** script to create a lab environment organizational unit hierarchy and populate it with test user accounts.
12. Within **Windows PowerShell** window run the following script to modify settings of the AD user accounts you will use in this lab:
17. Within the **Windows PowerShell** window, run the following script to modify the settings of the AD user accounts you will use in this lab:
```pwsh
$adUser1 = Get-ADUser -Filter {samAccountName -eq "AGAyers"}
$adUser1groups = $adUser1 | Get-ADPrincipalGroupMembership
$adUser1groups | foreach { if ($_.name -ne 'Domain Users') {Remove-ADPrincipalGroupMembership -MemberOf $_.name -Identity $adUser1.DistinguishedName} }
@ -306,16 +297,14 @@ Timeframe: 150 minutes
Get-ADGroup -Identity 'Enterprise Admins' | Add-ADGroupMember -Members 'CN=Ayers\, Ann,OU=NJ,OU=US,OU=Users,OU=Demo Accounts,DC=corp,DC=contoso,DC=com'
```
13. Within **Windows PowerShell** window, add the following script to the script pane, and run it to create additional organizational units named **Servers** and **Clients** and move the **APP1** computer account to the first of them:
18. Within the **Windows PowerShell** window, add the following script to the script pane, and run it to create additional organizational units named **Servers** and **Clients** and move the **APP1** computer account to the first of them:
```pwsh
New-ADOrganizationalUnit -Name 'Servers' -Path 'OU=Demo Accounts,DC=corp,DC=contoso,DC=com'
New-ADOrganizationalUnit -Name 'Clients' -Path 'OU=Demo Accounts,DC=corp,DC=contoso,DC=com'
Move-ADObject -Identity 'CN=APP1,CN=Computers,DC=corp,DC=contoso,DC=com' -TargetPath 'OU=Servers,OU=Demo Accounts,DC=corp,DC=contoso,DC=com'
```
14. Sign out from **DC1**.
19. Sign out from **DC1**.
You should follow all steps provided *before* performing the Hands-on lab.