Life of an IT Pro Advisor @ Microsoft Canada

I wanted to share this little tidbit of information with you for a while, but I haven't had the time to write / publish this post.  When I finally decided to put my mind to it - I wrote this series of posts while en route to Vancouver BC for my one Western stop of the TechNet Winter Tour 2005, and decided it was about time to get this done!

I am passionate about Active Directory!!! (is case you didn't know from talking with me before) It is the foundation for identity and authentication for Microsoft products. I've personally worked on over 36 Active Directory projects and migrations ranging from 200 users in a single site to 27000 spread nationally in 90+ sites.  I created the "Migration Strategy and AD Practice" at my previous Gold Certified Microsoft Partner who uses it for the bulk of its engagements. To put it simply - I love this stuff! I want YOU to get into AD 2003 and I will do almost anything to help.

One of the things that I found VERY frustrating over the last 5 or 6 years was the lack of clear documentation on in-place upgrades or single domain designs from the "white paper" engine that Microsoft has created.  Let’s face it - are you a large multi-national organization with tons of physical sites? If you are reading this post - probably not.  The proliferation of large white papers around AD design for these large organizations resulted in a lot of discussion and perception issues with my Canadian customers who didn't really need to undergo a more complex and lengthy multiple domain and Pristine domain migration which required 3rd party tools to streamline. That being said - I recently came across a nice little document in the Exchange 5.5 to 2003 migration kit for Small Business that outlines an approach to in-place migrations - Way To Go!

If you still have one or more NT4 domains that you manage and haven’t gotten around to performing your upgrade because of various reasons, this article and subsequent posts in this 8 part series are for you!

First off - my approach to AD design. This series of posts are about migration, not design.  That will be the topic of future posts.  But - because you have to have your "end point" AD design completed before you can start a migration - you have to have a vision on where you want to be before you get started, right?  Let me give you a couple of words of advice on AD design - they have served me well.  I was influenced by two main principles in my design projects.

1. KISS (Keep It Simple S{insert your term here). The simpler the design you have with fewer domains, the easier it will be to implement and maintain on an ongoing basis.
2. Design for Nirvana (I stole that one from Stuart Kwan a while back from an interview he had about AD design). You want pie in the sky and are tired of working with your "old inherited and expand as you go" NT4 domain? Go Long - Go Deep!  Design for what your business needs with all the technology bells and whistles that will make it easier to manage and free your time.

The fewer domains you have (and obviously, the fewer forests) the easier your life as an IT pro will be. That being said - why would you design for multiple domains and un-needed complexity? This was another discussion I had a lot with customers who were going through a design project.  They'd present this multiple domain forest that looks a lot like their old NT4 environment and didn't really have any sound business reasons or technical reasons as to why they thought they needed it that way. I've done the single domain and domain consolidation thing many times and let me tell you - its well worth it.  Even if you have one of those "complete trust" spider webs of NT 4 - one of your larger user account domains could be a candidate for a hybrid in-place migration.

To wrap up this post - Are you (like SO many other Canadian companies) a Candidate for an in-place Migration? Are you interested in streamlining and accelerating you migration while reducing and mitigating you risk? What makes a good candidate? Here's my perspective of a good candidate:

• A domain with concentrated User accounts and computer accounts
• the ability to "touch" all your BDCs in a short period of time in order to minimize the use of Mixed Mode
• a migration team that has a clear vision of where they want to go and are willing to work at getting there
• your target design will have a single forest and as few domains as possible (preferably 1 if you haven't caught on yet)

If you answered YES to these questions - you might want to consider reviewing my approach to in-place migrations. Stay tuned for the next post. 

WHAT DO YOU THINK? Please feel free to click on the Feedback/Comments link at the end of this post to voice your opinions or thoughts on the process as we go along. I am looking forward to hearing from you.  Do you like the idea of a series? Do you have any suggestions? Sound off and be heard!

There will be lots of blog posts up about this, but I can't resist to join in the blog fodder. I am not really a fan of link blogging, but this is worth putting up for you all to use as a resource. 

SP1 was signed off and delivered by the dev team in Redmond earlier today.  The links are starting to come up on the microsoft.com website and the official released code is now available to the public!

Windows Server 2003 Service Pack 1 Home on Microsoft.com
http://www.microsoft.com/windowsserver2003/downloads/servicepacks/sp1/default.mspx

TechNet Information centre on SP1 for Server 2003
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/servicepack/default.mspx

The Service Pack DL link
http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4D81-8354-72593B1C1F43&displaylang=en

But even more interesting are some pre-recorded TechNet WebCasts put on by the great US TechNet team (part of my teams "extended family" in the MS world).  Get out the popcorn and (insert drink of your choice), sit back and listen and watch these informative sessions all about SP1.

• Introducing Windows Server 2003 Service Pack 1 - Overview, Benefits, Availability (Level 100)
  [Recorded on Thursday, January 13, 2005]
• Windows Server 2003 Service Pack 1 - Technical Overview (Level 200)
  [Recorded on Monday, January 24, 2005]
• Windows Server 2003 Service Pack 1 – Security Configuration and Role-Based Server Deployment (Level 300)
  [Monday, February 14, 2005]
• Windows Server 2003 Service Pack 1 – Windows Firewall Client and Server Deployment with Active Directory Group Policies (Level 300)
  [Wednesday, February 23, 2005]
• Windows Server 2003 Service Pack 1 – Windows Firewall Client and Server Deployment with Active Directory Group Policies (Level 300)
  [Monday, March 28, 2005]

Happy birthday SP1.

Now where is my x64 based machine....... :)

In case you haddn't noticed, the URL for my blog has changed from blogs.msdn.com/rclaus to blogs.technet.com/rclaus.  Along with this change we upgraded the blogging engine from .TEXT to CommunityServer.  I am still working out the kinks on how to manage the system from my end, but here are some of the quirks I have noticed.

All OLD posts (prior to today) no longer have a simple "feedback/comment" link on the MAIN page.  If you would like to comment on an old/migrated post, read the whole article by clicking on the Title (at the top) or on the Date/Time (at the end).  This will show you the whole post as well as all existing comments. There should be an option of Rate the post (going forward with all new posts - if you want to) or Post a Comment.  A little more "hidden" then last time, but effective none the less.

New posts have a comments link right from the main page - and when you READ the whole post, you get the opportunity to both rate it AND track it.

You might have also noticed that you can subscribe to the blog via EMAIL if you so choose - instead of using an RSS feed reader. Check out the link at the top right of the weblog for the appropriate links.

Have a look around. Tell me what you think of the new interface with the new features. I'll have more details on some of them and what they do in a couple of days after the official launch. Don't forget that you need to READ the post (click on the title or on the date/time of this post) to get the option to post a comment.

Speaking of recycled braincells, he also did a post on HTTP header filters (found in the add-ins area of the console) that you can put in to block access to a number of programs you might not want to have running through your firewall.  Applications these days can run through port 80 when you think you have them blocked by other means.

On a personal note - I don’t believe it’s a good idea to block MSN Messenger / Windows Messenger / other messenger programs without assessing the impact shutting them off will have on your user community.  Besides being an alternate method of communication to your clients and customers, these services provide valuable “presence information”.  Looking for an in-house solution? Check out Live Communication Server and the new communicator client for a fantastic SECURE managed presence solution.  I’ll be posting more information on these as I prepare for a show in Montreal with Dell around collaboration.

What are YOUR thoughts on blocking access? Are you planning to implement a managed solution? Interested in learning more about LCS 2005?  Post your comments in the FeedBack/Comments link at the bottom of this post.

Here is a list of the recommended header filters for the various services you might want block from escaping your firewall. (see below) 
--------- 
En parlent d’utiliser l’information que Bruce Cowper a déjà poster, j’ai vu qu’il a écrit un post au sujet “HTTP HeaderFilters” que tu peu utiliser pour “blocker” accès a les logicielle que vous n’aime pas laisser passer au par-feu.  Les logicielles peuvent utiliser port 80 pour communiquer avec des services – non seulement les port standard qu’il utilise.

Avant d’implémenter ces filtres, je veux faire le commentaire que je ne pense pas que c’est une bonne idée  de « blocker » ces logiciels sans communique votre désir a vos usager. C’est un autre méthode qu’ils utilise a communiquer avec leurs clients et a partager leur « information de présence ».  Est-ce que vous cherche un solution qui est géré par vous dans votre réseau? Regard « Live Communications Server » et le nouveau client « Communicator » pour une solution fantastique. Je vais faire un post avec plus d’information dans quelques jour après que j’ai compléter un présentation a Montréal avec Dell au sujet de collaboration.

Qu’est-ce que vous pensez au sujet de blocker les services de « chat » et « présence » comme MSN or Windows Messenger au bureau?  Est-ce que vous recherchez un solution interne et gérer pas vous-mêmes? Êtes-vous intéresser d’avoir d’autre information a propos « Live Communications Server 2005 ».  Cliquez au lien « Feedback/Comments » à la fin post pour être entendu.

Voici une liste avec les filtres d’http pour les logiciels que vous désirez « blocker ».

I’ve had a request for information from Christian P asking about managing the IMF (intelligent Message Filter) archive folder and what utilities you can use to help you with the task. Yup – IMF can be very useful, but it can also create a large volume of mail that you need to look at for false positives…

I was about to write a nice reply to him with this post – but I will steal some already used brain cells from my colleague Bruce Cowper.  He’s written up a reply to someone who asked him the same question while he was out west.

Here is a link to his post on the subject of  “Tools for handling archived Email/SPAM generated by the IMF”
http://blogs.msdn.com/brucecowper/archive/2005/03/18/398679.aspx

J’ai reçu un question par courriel de ChristianP qui me demande comment gérer les courriels qui son identifier comme pourriels. Il trouve que c’est difficile de rechercher tous les pourriels pour des courriels qui on été incorrectement classifier.  En utilisant l’IMF, ça va crée beaucoup de fichier dans le dossier des archives.

J’étais en trains d’écrire un post pour lui aider, mais j’ai décider d’utiliser un post que mon collègue a écrit sur son site de web.  Il a écrit un post quand il étais en l’ouest pour le tournée de TechNet d’hiver. 

Voici le lien a son post au sujet « Tools for handling archived email/spam generated by the IMF ». C’est en anglais, mais c’est vraiment bien écrit.
http://blogs.msdn.com/brucecowper/archive/2005/03/18/398679.aspx

Les diapositives sont maintenant disponibles en français. Voici le lien pour le site de web ou tu peu les télécharger.
http://www.microsoft.com/technet/canada/wintertour2005/postevent/default.asp

J’ai aussi inclus le lien pour un article j’ai écrit ou il y a beaucoup de ressources et logicielles que j’ai utilisé pendant les séances.
http://blogs.msdn.com/rclaus/archive/2005/02/24/379540.aspx

Merci tout le monde pour un tourné de TechNet qui était vraiment « fun ». On va avoir un rencontre avec l’équipe pour décider comment améliorer la prochaine tournée. 

-------------

The slides have been available for a while on the post event web resource page. Here is a link to the official post event site.
http://www.microsoft.com/technet/canada/wintertour2005/postevent/default.asp

I’ve also included a link to an article that I published earlier in the tour that has links to all sorts of utilities and evaluation software you can download and try for yourself.
http://blogs.msdn.com/rclaus/archive/2005/02/24/379540.aspx

Thanks goes out to everyone for making this TechNet tour so fun. I had a great time and can’t wait to have a post tour pow-wow and discuss how to make the next one even better!

We tried something different – I think you liked it.  Presenting half of the day in French, the other half in English was a little bit of a challenge, but I enjoyed flipping back and forth between the two. I really liked wrapping up my part of the tour in Montréal – the crowd is always friendly and engaging.

I am happy to see there is a LOT of interest in the local IT Professional community. I was talking with Mitch after the event and he is thrilled with the number of registrations.  In case you haven’t been there yet – the start of their webpage is up and running at www.mitpro.ca.  Keep it in your favourites list and check back with it often for updates and information about local user group events.

On a technical note – I have not managed to duplicate the Virtual Machine Remote Control client hang that locked up my presentation laptop for the last demo of the first session. I guess I didn’t pay my dues to the Demo gods.  I am glad that I was able to “redo” the missing VSMT demo during the second session.

What did you think of the Event? Did you like the dual format? How did you like the demos and updated content? What would you change for next time?  If you wanted to add something else – click on the Feedback/Comments link at the end of this post.  I’ll make sure to add them to the post event ad post tour discussions with the team.

Thanks Montréal! J’avais beaucoup de Fun!

Je suis maintenant dans ma chambre d’hôtel après avoir terminé mes présentations TechNet, à Québec.  Pour la première fois, j’ai un rhume qui me donne des problèmes de  voix et je suis vraiment fatigué.  Merci a tous ceux qui on persister durant les présentations et durant le forum de «question et réponse » en fin de journée.

Il me semble que vous avez approuvé le nouveau format consistant de 70% démo et 30% diapositives.

J’ai l’impression que la communauté est vraiment vivante et importante au Québec. Le nouveau groupe d’usagé recherche des individus intéresser à participer à la formation d’un groupe permanent.  Si vous avez indiqué votre intérêt (question #14 sur la forme d’évaluation) Jean-François vous contactera sous peut.

J’aime bien présenter au Québec! Puis-je m’améliorer? Voulez-vous changer la tournée TechNet pour la prochaine visite au Québec? Si vous désirez partager vos commentaires cliquez le "feedback/comments" lien en sous de cette post.

I missed this one being posted due to my heads down with the TechNet tour.  I saw it internally, but it is now public.  It is completely relevant to the Service Pack 1 discussions I get into over the course of this TechNet tour.  I constantly get questions after the SP1 session about recommendations as to a roll out plan, testing metrics and best practices for the rollout of SP1 for servers.  I preface the session by stating that this is a Release Candidate software release and not final.  This means that it should be in your testing labs to understand the full workings and implications of deploying the SP to your servers.

Here is the 22 page guide on how Microsoft internal Technical group (ITG) rolled out SP1 internally on Corp servers (talk about eating dogfood).
http://www.microsoft.com/downloads/details.aspx?FamilyID=16ac3ec7-1fb6-4bda-b579-b1486d753950&DisplayLang=en

As you might have heard me at one of the sessions… In regards to BOTH the service pack AND this reference document – “Get it. Download it. Read it. Test it”. The sooner the better!  Some very valuable insight into issues that you might face in your environment is covered inside the document.  It’s a GREAT read – just the right amount of depth for the subject that also covers PROCESS.

To cut to the chase (although you should really download and read the document)

• Read the documentation on the SP
  SP1 overview (http://www.microsoft.com/windowsserver2003/downloads/servicepacks/sp1/overview.mspx)
  SP1 readme (http://www.microsoft.com/downloads/details.aspx?FamilyId=ECB01031-881D-4642-A67D-026287C042F8&displaylang=en)
  SP1 FAQ (http://www.microsoft.com/windowsserver2003/downloads/servicepacks/sp1/sp1faq.mspx)
• Plan
  Communicate your plan
  Document your plan
  Look for disk space issues
  Implement Change management requests
  Target Non critical server first
• Test
  Test lab (thought of Virtual Server?)
  Update OEM / IHV / ISV and drivers prior to rollout
  Server role owners / experts involved in testing
  Test, test, test again
  Application compatibility (DCOM and RPC)
• Deploy
  Automate as much as possible
  Use a Sequencing approach to pieces prior to SP deployment
  Remote upgrades
• Security
  Plan for Firewall config after SP1 deployment is complete
  USE the SCW or it’s suggested settings in whatever process makes sense for your organization

Issues they came across: DiskSpace, App Compat with COM, SMS deployment with Veritas Backup Agents (didn’t stop agent prior to deployment) and inability to deploy to DataCentre servers until vendor re-qualifies.

That is enough of a tease – go download the document and read up! Any experiences or best practices you want to share? Post me a feedback/Comment at the end of this post to be heard!

Bruce and I recently finished presenting the Toronto TechNet Winter Tour 2005 event in (where else) Toronto.  We mentioned we wanted to gauge interest in having a Canadian WEBCAST on Virtual Server 2005.  This inquiry is a DIRECT response to the number of questions we received on VS 2005 during the tour to date (not just Toronto).

• Are you interested in such an “online event” taking place?
• What format would you be interested in having? (Slide Deck/Demo vs Open Q&A)
• Pre-submitted questions for the general structure and then open Q&A for items not covered during the predominantly DEMO oriented content?

Use this post as an opportunity to tell us WHAT you would like to see for an online WebCast (demo / slide / Q&A format). Based on your feedback – we will tailor the content to your requests – if humanly possible :)

How do you do this?  Click on the FeebBack/Comments LINK at the bottom of this post. We’ll get back to you (via the blogs and possible post event email) as to the date and time of this Customized event made just for you – the Canadian IT Professional.

Stay Tuned for more information!

If you get close to 1000 IT Professionals in the room, you can feel the electricity in the room from the collective bandwidth of technology knowledge which is directly relational to the amount of radio frequency related to cell phones and personal communication devices.

What an event. I was charged up to participate in this city, based on my previous experience in November – I couldn’t fathom how well it might go off today. Based on the personal congratulations and “way to go” comments around the breaks and Q&A sessions – you seemed to like the new format – less slides, more demos related to the real world environment that I work in day in and day out. It seems like we hit the mark. I trust that you have told us in the evaluation forms any improvements we could have done to make it better (if you haven’t or want to add comments – click on the feedback/comments link at the end of this post).

I LOVED the participation levels at this event!!!!! Way more then last November here in Toronto.  The DEPTH of the questions Bruce and I were being asked – great to see the sessions bringing relevance to the technology you are using (or could/want to be) using in your environment.

It seems like IT Professionals in Toronto are challenged with the same issues I’ve seen across Canada so far:

• Not enough time
• Working in reactive mode and the desire to change to Proactive mode
• Difficulty handling/managing change in your environment
• Desire to have a representative test environment to do adequate testing PRIOR to new technology/patch/service pack release
• Looking to connect with other IT professionals in your LOCAL community that have faced similar problems and resolved them with their own special processes.

I believe in the POWER of local/Canadian IT Professional community. There are a number of avenues for you to connect to this community in order to network and build the interpersonal relationships that will allow you to solve issues you are facing today. Your challenge is to discover where these communities are located and what are their areas of credible expertise.  A starting point could be http://www.microsoft.com/technet/canada/usergroups/default.aspx I must caution you - it’s only a starting point for locating these online communities.  If you have found online resources that have been helpful to you to date – post them as feedback/comments to this post and I will add them in to an ongoing resource page/article in the near future.

I had a fantastic time with the Toronto event and the participants - You Guys ROCK. Thanks for having me back to talk with you – I hope this can continue in the future. How can I/we do better in the future? Post me a Feedback/Comment and I’ll  be sure to pass it along to our future event planning meetings.

We had a great crowd with a larger turnout then the last time we put on the show. The TechNet Winter Tour 2005 rolled in to Ottawa on Tuesday. I brought my team mate Bruce Cowper along for the ride and he concurs – we had a great time.  Lively crowd – lots of participation and questions, all around great time.  OK - We got off to a little shaky start with microphone problems and a display issue, but things smoothed out. After lunch was a blast and the Q & A session at the end was great. 

I thought I would share an observation with you on the tour so far.  Ottawa falls in line with what we’ve seen so far across Canada.  After talking with the team and experiencing my 5th city this time around – we’ve collectively noticed the calibre of questions being asked by the audience is higher then previous tours.  The questions are more intricate and deal with implementation or operational issues rather then functionality type questions. I wanted to know if this was because:

1. we’re providing more relevant and timely information to you
2. we’re giving you more depth to the content and your interest is being stimulated
3. you are in the process of deploying or planning to deploy the technology that is being demonstrated.
4. Other – please list 
5. all of the above

Which would it be?  Sound off and let me know your thoughts on the questions and your overall opinion of the show in the Feedback/Comments link at the bottom of this post.

I can’t wait to read the evaluation forms commentary to see what we can do for the next tour! I’ll try to forget that both Bruce and I incorrectly resolved the full name of the ISA product!  (Internet Security & Acceleration Server) Trust me, my BOSS won’t let us live that one down – for a LOOOONG time.

In order to beat out Bruce on the POST event blog posts – I have snuck back to the hotel room to get my first words edgewise as to how the Vancouver edition went for the TechNet winter tour 2005.  What a city! What an Audience! What a great group of IT Pros!  Can you believe the weather!  I actually got out in the sun with my sunglasses and no winter coat – Unheard of!  Is there an opening at the Vancouver MS office – I might put in for a transfer…

It was great to see all of you – great attendance numbers and great interaction. I had a lot of fun with all the Q&A both during the sessions and in the post Q&A forum.  If for some reason you didn’t get a chance to ask your question in person – please hit the feedback/comments link at the bottom of this post.  I’ll do my best to answer as soon as possible and share it with the rest of the Canadian (and worldwide) community.

There is a post on all the post event resources located here on my blog – it includes all the free tools, evaluation software and additional resources that we’ve found helpful developing the content for people to use.

Thanks for such a good turnout to the event. I am so glad to have made the trip out west to see you all. I hoped you liked the “double trouble” event with both of us taking turns presenting and driving the demos. Can you think of anything that we could have done better or things you would have changed?  Drop me a feedback/comment so that I can include it in the planning meetings for the next tour.