Weekly Reflections - brian-anderson01/Capstone GitHub Wiki

Week 2

  • Accomplishments
    • This week I worked on getting the Windows server setup with AD and the other required services. I got the server created with ADDS installed.
    • I also researched integrating the local AD server into Azure. I have not yet begun the process, however I have a much better idea of what the process looks like
  • Issues encountered
    • I did not encounter any issues this week. Getting the AD server going was familiar and went well
  • SKills acquired/strengthened
    • Learned about implementing local AD into Azure and that there is more than one way to implement it
  • Thoughts for next week
    • Need to get the AD server synced up with Azure AD and look into getting authentication working
    • Getting an Azure VPN set up may be necessary

Week 3

  • Accomplishments
    • Setup Azure AD connect
    • Implemented Azure/local AD seamless SSO
    • Setup DC to sync up with Azure AD
    • Implemented hybrid AD join for new devices (joins local ad and Azure AD)
  • Issues encountered
    • Encountered some errors while implementing the Azure AD join, joining failed on the DC once but was resolved by using some commands to disconnect from the AAD and then letting it rejoin upon reboot. Also thought that the auto-join for new devices was not working, but I came to learn that the DC needed to sync with Azure before it would auto-join new clients.
  • SKills acquired/strengthened
    • Learned a lot about Azure AD and Azure connect as well as SSO
    • Learned about some of what goes on in the background of syncing up with Azure. Mainly learned this through troubleshooting errors
  • Thoughts for next week
    • Need to implement auto-enrollment of devices into Intune, I've read this can be done with group policy, so will be aiming to get that done next week
    • Once that is sorted out, I'm going to look into the Azure file shares. However, I may end up setting up the VPN instead as a VPN will be required to connect to the shares anyways.

Week 4

  • Accomplishments
    • Setup Intune automatic enrollment for new devices joined to the domain using Group Policy
    • Synced one of the Azure users to the local AD so that a local account would have an Intune license
    • Created new root and client certificates for VPN authentication
    • Attempted to set up a VPN however, ran into issues there
  • Issues encountered
    • Intune auto-enrollment was erroring at first and would not go through. I checked the logs and discovered that I needed to sign in as a user with an Intune license. Once I did that the issue was resolved
    • Attempted to set up an Azure VPN, however trying to install the VPN on some clients did not succeed. I would try to install the VPN, but it would not install, no pop-ups or errors would show. It wouldn't work.
  • Thoughts for next week
    • I will be looking into the VPN issues and hopefully resolving those, then moving on to deploying the certificates automatically somehow.

Week 5

  • Accomplishments
    • Created a root and client certificate for VPN authentication
    • Created a new Azure VPN and configured it
    • Got the VPN connected and working both on the DC and workstation
    • Created and configured a new storage account and Azure file share
    • Started to implement hybrid AD authentication for Azure file shares
  • Issues encountered
    • Getting the Azure file share authentication passthrough working had some issues. I was getting a bunch of PowerShell errors that I was able to fix, but then whenever I would run the script for setup it would hang. I left it for around an hour and still, nothing had happened. Upon trying again the same happened.
  • Thoughts for next week
    • Going to be looking into resolving the issue with the PowerShell script hanging up, and getting the passthrough authentication up and working. Once that's working I am going to get the file shares deployed and working using the hybrid authentication.

Week 6

  • Accomplishments
    • Enabled AD authentication for Azure Files
    • Integrated Azure Files on the Server and Workstation
    • Researched more into the basic Azure VPN and how it works
      • Figured out what program actually creates the VPN connection, and leveraged that to automatically connect the VPN
    • Setup a workaround to get the VPN to almost always be on using a PowerShell script that I wrote
  • Issues encountered
    • The Azure Files authentication setup script kept hanging and would not actually run. I left it running for an hour but it would not run. I eventually was able to get that fixed though
    • Was also having issues with the AD authentication when actually mapping the drive
      • I kept getting errors similar to last semester saying network password is incorrect or path does not exist. I was finally able to fix the issue with some DNS work and adding a route to the VPN and AD authentication is working for Azure files
    • I attempted to use Intune to auto-connect the VPN with the script I made but it was quite slow at running it and an error occurred when it ran. The error is likely because of how it is run. I am now using task scheduler instead which actually works quite well.
  • Thoughts for next week
    • May create a PowerShell script that will automatically create a task in task scheduler that starts the VPN on login and maps the drive. This could be then added to Intune and deployed to all Intune deployed computers
    • I also may look into automating the deployment of the VPN certificate, however, I have to do more research before determining that.

Week 7

  • Accomplishments
    • Installed and configured AD CS on my domain controller. Promoted the DC as a certificate authority.
    • Joined another windows VM to the domain and enrolled it into intune with my admin account. Installed the Intune Certificate Connector on this VM to communicate with Intune for certificate deployment.
    • Configured the certificate connector and the DC to deploy certificates to Itune, then created the configuration profile in the Intune control center. Certificates are now auto-deployed to Intune connected devices.
    • Edited the VPN to use a new root cert, then setup VPN auto-deployment with Intune
    • Tested the certificate and VPN auto-deploy, and confirmed everything is working
  • Issues encountered
    • I was having some issues with getting the certificates deployed. Weird errors were showing in event viewer and I was having a hard time pinpointing the issue. I ended up finding out it was a configuration issue with the Intune pkcs profile caused by me incorrectly inputting the CA name.
  • Thoughts for next week
    • With the start of a new sprint, I am going to look into setting up Intune Autopilot and will be researching more about Intune and adding to the sprint objectives

Week 8

  • Accomplishments
    • Created new tasks and objectives for sprint 3
    • Researched setting up Intune Autopilot
    • Installed Intune AD connector on my AD server, however I still need to setup everything on the Intune portal
  • Issues encountered
    • Some errors occurred while installing the Intune AD connector and the installation failed. However this was easily resolved as I forgot to run it as admin the first time.
    • After some research it appears that setting up autopilot to join a hybrid AD environment is not possible on an Azure VM
  • Thoughts for next week
    • Setup everything for Autopilot on the Intune side
    • Setup automatic domain join and Intune enrollment then test the functionality

Week 9

  • Accomplishments
    • Setup Intune Autopilot and got everything configured on the DC as well as on Intune. Enabled hybrid domain join in autopilot as well.
  • Issues encountered
    • Once everything was setup, I went to test Autopilot and the service itself worked as expected, however the auto-domain join doesn't work at the moment. I have been trouble shooting the issue and I believe there are some configuration changes I need to make to get this working
  • Thoughts for next week
    • Get domain join working and test to confirm. Research other Intune functionality.

Week 10

  • Accomplishments
    • Got Autopilot domain join working, tested and confirmed. It works quite well now and Autopilot joins the domain and applies all Intune policies as expected which I'm quite happy with.
  • Issues encountered
    • I spent the entire week troubleshooting the domain join issue and ended up contacting support today. I spend hours and hours searching and trying different things. Eventually, right before recording the demo I got the domain join working and showed that in the demo.
  • Thoughts for next week
    • Now that autopilot works, I want to get the Azure files script working and I will be on track with the final sprint.

Week 11

  • Accomplishments
    • Created a page covering the objectives and tasks for this sprint. Once that was setup I started to research getting Azure Log Analytics setup. After some research I managed to get the logging agent installed on the domain controller and functioning. I queried for windows event logs and was able t retrieve logs from the server from the Azure portal.
  • Issues encountered
    • I did not encounter any issues while getting the Azure logging setup. However I did briefly look at the Azure Files script and it appears there's an error when connecting to the file share similar to what I was encountering earlier this semester. The error is quite vauge and may be more of an issue than I had initially thought.
  • Thoughts for next week
    • Get the Azure monitoring setup for performance metrics on the server
    • Setup some alerts for logs/metrics
    • Look into the Azure files script more

Week 12

  • Accomplishments
    • Setup Azure monitoring for performance metrics on the DC
    • Tested and confirmed that the metrics were being sent to Azure
    • Created some Azure log search templates so that certain useful logs can easily be accessed
    • Created alerts for memory usage as well as certain event logs
    • Worked on troubleshooting Azure Files issue
  • Issues encountered
    • I had no issues with the Azure logging and it was pretty straight forward to setup
    • Azure files still will not connect on any of the workstations. I am getting the same error I was encountering last semester and eariler in this semester. The fixes I put in place to fix it during the early sprints no longer has any effect on the issue. I am still looking for solutions to resolve the issue.
  • Thoughts for next week
    • Continue to troubleshoot Azure file share
    • Setup Intune remote help and see if it could be useful in the real world

Week 13

  • Accomplishments
    • Get the Azure files drive map script working properly and reliably
    • Found out how to visualize the performance metrics I was collecting so that they are easier to read an can be seen in a graph
    • Created a dashboard with the event logs from the server as well as graphs showing disk usage, available memory and CPU utilization on the server.
  • Issues encountered
    • The mapped drive script was not applying to any of the computers I assigned it to for a while. After some troubleshooting I just deleted the entry from Intune and created a new one which fixed it.
    • I was having issues with the script as well, and after removing one of the functions that wasn't really necessary it started to work much more consistently and properly.
  • Thought for next week
    • This was the final sprint so I just need to make a PowerPoint and demo to present.