Lost in a Timewarp

I had to give up blogging about Microsoft technologies for a while.  More about why and how it all worked coming soon, but not quite.  I was in this place for a while:


But i’ve now rejoined humanity and look forward to continue with my thoughts on the IT landscape.  Put it this way, I know more now than I ever did before…good and bad!


Posted in Uncategorized | Leave a comment

Movin’ on Up…!

Well now, it’s been a while, hasn’t it!  For the past year I’ve been the technical lead on a large Exchange 2007 > Exchange 2013 on-premises email migration for Canada’s biggest Telco. From pre-sales to Pilot to Production implementation, I was the lead architect which was a fun project not to mention exhausting.  The sheer numbers involved are quite alarming and Exchange 2007 brought it’s own complexities when moving to a much newer architecture. We got there in the end and I am happy to report that I reached a maximum customer enforced migration limit of 1000 employee mailboxes per night.  I migrated 34,000 mailboxes in 10 weeks or thereabouts, not bad! I could have done more but the support overhead would have been a problem for the customer helpdesk.  I’ll write about it in a different and detailed blog post, where I can do justice to the planning and execution involved to achieve this success.  The real customer milestone was all “human” mailboxes migrated by the Exchange 2007 Support Deadline of April 15th 2017.  The remainder is shared mailboxes and all the other “stuff” that you amass during a ten year implementation of any mission critical application.


(see i wasn’t making it up) #ExchangeYoda

Now to the real point of this blog post.  For the first time in 15 years, I’ve moved out of the traditional “Microsoft Eco-System” that has been the mainstay of my career.  To recap, I worked my way up as a Windows Server guy, finally working as a Consultant in different parts of the world.  As of Monday, I now work for Big Blue. It’s an interesting move for me, a real challenge as I could easily have stayed with my previous employer (who didn’t want me to go) which was just voted Canada’s largest  (#1) Azure Partner in North America.  I was already transitioning into a much wider business focused role as a Solution Architect and could have eeked out a new career path, though it would have taken some time.  I loved my time with those guys but it was time to move on.  My new role at  is that of Cloud and Cognitive Technical Leader, which in real world terminology means I will be responsible for the Cloud strategy new and projected, within my region in Canada.  I will work closely with the Sales teams to assist customers in their Hybrid IT adoption strategies.  So, not much different from working as a P-Seller for Microsoft, but this role is dedicated pre-Sales and I must admit I really love talking to customers about why they should adopt the cloud and that whole business discussion.  I spent many years as a delivery engineer and architect but it was time to expand on my skills and accept the challenge.  Taking risks got me to where I am now, so why change the habit of a lifetime 😊.

More to follow, but here’s to risk and reward!


Posted in Non-Microsoft, Uncategorized | Tagged , , | Leave a comment

At School for Dynamics 365

Enjoying a day of Microsoft Dynamics 365 training here at the Microsoft Vancouver office, with the excellent Adriana Nedelcu presenting.  Interesting to see the maturation of the CRM suite, now with  hybrid capability embracing the power of Azure cloud analytics, PowerBI and other awesome stuff.


Posted in Microsoft | Tagged , , , | Leave a comment

Messaging Misery Ends Soon…

I’m pretty quiet on the blogging front right now, due to the fact i’m working exclusively on one project.  This is one of the largest email migration projects in Canada, migrating 85K mailboxes from Exchange 2007 to Exchange 2013.  We just passed the 15,000 mailbox milestone!  Fun times, can’t wait to say good riddance to extended legacy coexistence!


On April 11, 2017, Exchange Server 2007 will reach End of Life. If you haven’t already begun your migration from Exchange 2007 to Office 365 or Exchange 2016, you need to start planning now.

End of life means that Microsoft will no longer provide the following for Exchange 2007:

  • Free or paid assisted support (including custom support agreements)
  • Bug fixes for issues that are discovered and that may impact the stability and usability of the server
  • Security fixes for vulnerabilities that are discovered and that may make the server vulnerable to security breaches
  • Time zone updates

Your installation of Exchange 2007 will continue to run after this date. However, because of the changes listed above, we strongly recommend that you migrate from Exchange 2007 as soon as possible.

To learn about your options for migrating from Exchange 2007 to Office 365 or a newer version of Exchange Server, check out Exchange 2007 End of Life Roadmap.

If you have other Office 2007 servers or clients, such as SharePoint Server 2007, PerformancePoint Server 2007, Office Communications Server, Project Server 2007, or Office 2007 client applications, check out Resources to help you upgrade from Office 2007 servers and clients for information about their end of life dates and upgrade options.




Posted in Microsoft | Tagged , , , , , | Leave a comment

Sometimes You Gotta Laugh…

Strange times in which we live, this made my day today…


“Yes, insert the USB stick I sent you into the White House domain controller.”

 credit ‏@SwiftOnSecurity
Posted in Microsoft | Tagged , , , , | Leave a comment

Released: Exchange Server Role Requirements Calculator 8.4

Released: Exchange Server Role Requirements Calculator 8.4

New calculator released, get it now and size your deployments correctly!

Posted in Microsoft | Tagged , | Leave a comment

BIG NEWS! Introducing AzureAD Pass-Through Authentication and Seamless Single Sign-on

When I spoke with one of the Identity Management PMs couple of months ago in Redmond, he observed that many customers are deploying ADFS incorrectly or not following best practice, leading in turn to a Support overhead far above what was originally envisaged.  ADFS is definitely not fun to troubleshoot, due to certificates, multiple load-balanced ADFS and WAP servers (4 in all) etc and you can go read a great blog post about all of that here: Ask Premier Field Engineering (PFE) Platforms – ADFS Deep-Dive: Troubleshooting.

Great news today then, that SSO deployment looks to have gotten easier thanks to Pass-Through Authentication and Seamless Single Sign-on via Azure AD Connect.  It’s still in Preview, but I can already see our deployments getting easier.  Read the article below.


Howdy folks,

Today’s news might well be our biggest news of the year. Azure AD Pass-Through Authentication and Seamless Single Sign-on are now both in public preview!

When we talk to organizations about how they want to integrate their identity infrastructure to the cloud, we often hear the same set of requirements: “I’ve got to have single sign-on for my users, passwords need to stay on-premises, and I can’t have any un-authenticated end points on the Internet. And make sure it is super easy”.

We heard your feedback, and now the wait is over. I’m excited to announce we have added a set of new capabilities in Azure AD to meet all those requirements: Pass-Through Authentication and Seamless Single Sign-on to Azure AD Connect! These new capabilities allow customers to securely and simply integrate their on-premises identity infrastructure with Azure AD.



Click for video:



Azure AD pass-through authentication

Azure AD pass-through authentication provides a simple, secure, and scalable model for validation of passwords against your on-premises Active Directory via a simple connector deployed in the on-premises environment. This connector uses only secure outbound communications, so no DMZ is required, nor are there any unauthenticated end points on the Internet.

That’s right. User passwords are validated against your on-premises Active Directory, without needing to deploy ADFS servers!

We also automatically balance the load between the set of available connectors for both high availability and redundancy without requiring additional infrastructure. We made the connector super light-weight so it can be easily incorporated into your existing infrastructure and even deployed on your Active Directory controllers.

The system works by passing the password entered on the Azure AD login page down to the on-premises connector. That connector then validates it against the on-premises domain controllers and returns the results. We’ve also made sure to integrate with self-service password reset (SSPR) so that, should the user need to change their password, it can be routed back to on-premises for a complete solution. There is absolutely no caching of the password in the cloud. Find more details about this process in our documentation.

Seamless single sign-on for all

Single sign-on is one of the most important aspects of the end-user experience our customers think through as they move to cloud services. You need more than just single sign-on for interactions between cloud services – you also need to ensure users won’t have to enter their passwords over and over again.

With the new single sign-on additions in Azure AD Connect you can enable seamless single sign-on for your corporate users (users on domain joined machines on the corporate network). In doing so, users are securely authenticated with Kerberos, just like they would be to other domain-joined resources, without needing to type passwords.

The beauty of this solution is that it doesn’t require any additional infrastructure on-premises since it simply uses your existing Active Directory services. This is also an opportunistic feature in that if, for some reason, a user can’t obtain a Kerberos ticket for single sign-on, they will simply be prompted for their password, just as they are today. It is available for both password hash sync and Azure AD pass-through authentication customers.

Enabling these new capabilities

Download the latest version of Azure AD Connect now to get these new capabilities! You’ll find the new options in a custom install for new deployments, or, for existing deployments, when you change your sign-in method.


I encourage you to download the new version of Azure AD Connect today and start testing out these new functions.

The fine print

As with all previews there are some limits to what we currently support. We are working hard to ensure we provide full support across all systems. You can find the full list of supported client and operating systems in the documentation, which we’ll be updating consistently as things change.

Also, keep in mind that this is an authentication feature, so it’s best to try it out in a test environment to ensure you understand the end-user experience and how switching from one sign-on method to another will change that experience.

And last but by no means least, it’s your feedback that pushes us to make improvements like this to our products, so keep it coming. I look forward to hearing what you think!

Best regards,

Alex Simons (Twitter: @Alex_A_Simons)

Introducing #AzureAD Pass-Through Authentication and Seamless Single Sign-on


Posted in Microsoft | Tagged , , | Leave a comment

Information about moving your data to the Canada datacenter region – November 1st Deadline!



Customer Action required by October 31, 2016…

Canadian Customers with data residency requirements who would like to have their core customer data moved to the Canada datacenter region, will need to request a move before October 31, 2016. Data moves will complete within 24 months after the enrollment period. We recommend that you take no action, unless your organization needs core customer data to be stored at rest in the Canada datacenter region. By choosing to move your data, customers limit Microsoft’s possibilities to optimize the location of their core customer data at rest in either their current or the Canada datacenter region.



If your organization has a requirement to store core customer data at rest within Canada, you will have to request a move via the Office 365 admin center. The deadline for requesting your move is October 31, 2016. Data moves will complete within 24 months after the enrollment period. No action is required if you do not have data residency requirements or if you were previously notified of a data move completing. If you do not request to move your data, we may still move your customer data to the Canada datacenter region as part of our optimization procedures. In either case, Microsoft will respect the data residency commitments made in the Microsoft Online Services Terms.

What do I need to do to prepare for this change?

You can review the location of your core customer data at rest and request to move your data in the Organization Profile section of the Office 365 admin center. Please click Additional Information to learn more about the move program and instructions to request a move.

Additional information

How to request your data move

On the Organization Profile page, scroll down to the Data Residency Option section.


Data location

Reports on the current Office 365 location of Client data at rest for Exchange, SharePoint and/or Skype for Business will say “North America” for US datacenters or “Canada” once moved to Canada.

Data residency option

Canadian customers will have this option available until Nov 1, 2016 and is provided to accommodate organizations that have strict Canadian data residency requirements and require their core customer data to be stored at rest in the Canada datacenter region.  By choosing to move your data, your Data will be in Toronto or Quebec datacenters.  More information and frequently asked questions about this move program are available on the TechNet move site.

To opt-in to move your data click on Data residency option “Edit”

If the customer elects to move their data to Canada they will see a confirmation message “Your organization has requested to move its core customer data to the Canada datacenter region.”


You can also confirm the eligibility and request confirmation vi the message center: https://portal.office.com/adminportal/home#/MessageCenter


Posted in Microsoft | Tagged | Leave a comment

Design your Exchange infrastructure right (or PLEASE consider moving to Office 365)!

I think I said somewhere recently that I’m technical lead on a rather large (well for Canada) Exchange 2007 > 2013 migration.  I’ve also been doing assessments on several other large (80,000+ mbx) environments with a mix of Exchange 2007/2010/2013 as the install base.  For the most part these large enterprises have dedicated Active Directory/networking/storage/Exchange staff running SCOM and full monitoring suites, where the server health is usually stable and optimized. But now and then I get asked to look after smaller deployments, where High Availability and true Site Resiliency are nothing other than a Christmas wish.  Where buying a pair of KEMP Hardware Load Balancers is a serious budget consideration.  Quite often these small shops don’t bother too much about applying the latest Exchange Cumulative Update or Rollup Updates for Exchange.  Or patching the underlying Windows Server OS…or even the Domain Controllers.  Dig in a little deeper and you often see a “if it’s not broke don’t fix it” attitude.

Newsflash:  you might want to revisit that nonchalance and remember it’s all about what happens when you have that major outage…when mail stops flowing and your CEO is screaming down the phone at the IT Director at 3am…when you make “the call” to your friends at Microsoft Premier Support.  They quickly find out you are several Rollup Update/Cumulative Updates behind…or even worse running different mixed version of RU and CU together!  They tell you to call them back when you’ve updated your environment.  A shiver runs through you as you think of all that must be accomplished to bring the environment up to date…if only you had planned a little better.  Do you really know how to patch an environment with no disruption?  Did you ever use the Maintenance Mode script functionality supporting the DAG?  Do you really know which DBs are hosting the active and passive copies of your data on which server and in which datacenter? When was the last time you logged into your perimeter devices and upgraded the firmware?

It happens all the time and there’s no excuse. If this is you it’s time you watched this session from Ignite 2016…

Design your Exchange infrastructure right (or consider moving to Office 365)


Posted in Microsoft | Tagged , , | Leave a comment

Download Ignite 2016 Videos and Slides!


I didn’t make it to Microsoft Ignite 2016 – but no worries it’s all available online!  As usual, Michel de Rooij MVP has developed a script that will download all the Ignite videos and slide decks. You can find his script here on the TechNet gallery:


Posted in Microsoft | Tagged , , | Leave a comment