Igap releases CRM-Pack: always keep your CRM up-to-date (UPDATE: VIDEO)

Igap just released Igap Missito CRM-Pack to let you keep your Dynamics CRM Business Units and CRM Users always up-to-date with the corresponding AD security groups. It also allows your employees to request the membership they need by themselves forcing any of the the CRM Business Unit owners to approve the requests. The Igap Missito CRM-Pack updates the AD-groups automatically and makes sure the Dynamics CRM gets synced on preferrable schedule.

Highlights:

• Move CRM management from CRM to Active Directory and let Missito CRM handle groups and sync changes to CRM.
• Request new CRM Business Units with automatic creation of the corresponding AD-groups and owners.
• Request membership in CRM Business Units
• Approve requests for membership as the owner of CRM Business Units.
• Creation of CRM Users when users are approved as members but has not been CRM Users before.
• Inactivation of CRM Users when users are removed as members to avoid being charged for CRM Users that are not beeing used.
• Inactivation of CRM Business Units when cancelled (AD-groups are removed)

More information:
Product sheet are available here: Product sheet >>
More info available here: Igap.se >>

Igap Missito CRM-Pack is available stand-alone but can easily be upgraded to the complete version of Igap Missito that can publish arbitrary services with self service and complete automation.

UPDATE: Video:

Igap Missito CRM-pack from Igap on Vimeo.

Time is running out for XP - tips for cleaning up

Since Windows XP support officially ends on April 8, 2014 it's high time to get your statistics up to date. In my latest post Migrating windows best practices the focus was primarily to set things up and ready for migration. Now as the time is running out, hopefully you've managed to get most of your XP's up to Windows 7.

Even thought most computers are done there might be a few hiding out there for more or less good reasons. Involved in the migration you'd probably be interested in finding them to eventually close your migration.

In the project I've been working with we've built features like that into the migration web application but in other cases there might be more manual procedures and the other day I came across two powershells that would help you find which computer and users to focus on.

Ashley McGlone posted a great powershell for finding active computers in Active Directory, still running XP:
Use powershell to find windows xp computers still alive in your active directory domain
Combine that one with another powershell from Clint McGuire and you probably will have a great base to finish up your migrations!
Powershell script to get all computers last logon time

Worth mentioning is also that Igap has a neath self service mangement portal in which powershells (or Runbooks) are easily imported into workflows that you can connect to services you create yourself and publish to your users in no time.

Migrating Windows – Best practice tips and tricks

Background

For the past year I've been involved in a migration project at a company with +10’ employees, spread over +20 countries. During the project my role was initially to be responsible for the infrastructure and processes required to make it possible to migrate +15’ computers without local technicians. After the infrastructure role I got responsible for roll-out which is also the role that I've got at this moment. Today we’re migrating 100-250 computers a day rather effortlessly. Sure there is a computer or two every now and then with a hick-up but all in all I must say I’m proud being part of what we have accomplished.

Now the road to get to this point hasn't been bump-less all along. Many lessons have been learned and this post is an attempt to share these lessons.

Set your plan and structure

In a big migration project across an entire company splitting the organization in to pieces is necessary, otherwise planning migrations will be a mess. In this specific project we used departments as the key to decide where to migrate and when. One common phenomenon at many companies is to register computers to departments. This is – in my opinion – risky due to the fact that departments pops-up, get new names or are removed which could lead to computers hanging loose without a belonging. Instead register your assets to your employees which will make it much easier to identify and take actions when users with registered assets leave. Also when departments disappear or get new names, the employees will most likely get their new department information from day one.

Roles and information

Set up the roles you need like department CP (contact person), User (recipient of migrated computer)

Set up your information plan but don’t overdo it. Gather “good to know”-info in one place (use the same web-application?) and decide when to notify users and what to tell them.

Establish your project data source

In the beginning of this particular project the idea was to send a list with computers and their belonging (employee -> department) to each CP at every department, asking the CP to confirm that the computers are registered correctly. Now with X thousands of departments it was soon obvious that the work-load to handle those excel-documents was going to be overwhelming. Also in case of computer ownership changes, department changes or employees moving or quitting there would be absolute chaos. We figured the best way was to set up a web-application with the information needed that published each department with the employees and their computers. Syncing the organization information would also lead to automatic updates of what computers that belongs to what department. Additionally each computer was also made schedulable in order for CP  to choose the date at which a specific computer should migrate.

Identify and automate your migration processes

When the time comes and a computer is about to migrate a bunch of tasks have to be performed. Although the tasks vary from case to case the tasks are probably supposed to be done in the same manner every time. That’s a perfect set up to automate things so start by identifying the steps needed for a successful migration. I.e. send information mail T-x, move computer, add/remove computer to groups or collections, move user, add/remove user to groups or collections etc etc.

Implement your processes

Set up a scheduled job to perform the tasks needed at the time when a computer is scheduled. A reliable workflow engine is an advantage and from my experience I can recommend both Igaps iWorker (part of Igap Missito) and Microsofts Orchestrator where iWorker is highly flexible, has extensive logging possibilities and Orchestrator is a great engine even if it’s a little more slow rowing and may be a bigger investment if not already in place. Add your user information notifications to the scheduled job according to your information plan. 

In this specific project we moved both computers and groups, added and removed different groups and prepared SCCM (Microsoft System Center Configuration Manager) with both Windows installation and application prerequisites.

Monitoring and follow-up

Migrating many computers every day could generate an extensive back-log if problems aren’t dealt with right away. To be able to see what went well and what didn’t we used a lightweight web-application called Igap SDO to monitor the deployments in SCCM. With the web application we were able to see what migrations that went well, what migrations that were currently running and what migrations that had gone wrong. Additionally for the ones that went wrong the logs are available for the SCCM people to identify issues in the migration process, correct them and check that they were actually resolved.

Another important feature is to make sure that all the scheduled jobs that run logs exactly everything. This will be a great help during the migrations to be able to track down every single step in the process that can be improved. 

Igap SDO

Application mapping

Since we identified and implemented the processes needed, made some small corrections along the way the workload decreased dramatically after a while. The time released could then be used to improve things further. One thing that was much appreciated was the automatic application mapping addition to the migration process. Most of the applications were and are re-packaged for the new platform. Some of them easier others a little more difficult. The application mapping addition was included to make sure that the user got the applications for the new platform that corresponded to the applications he or she on the old platform. I think the addition made the questions a lot fewer and the employee satisfaction a lot higher. It was all set up in a database with the old and the new application mapped to each other and then used in a step in the scheduled migration job.

Extra extra

We’ve accomplished more great stuff in the automation of migration process but they would be more suitable for a book since this post is already too long. But feel free to contact me if you have any questions or want to now more!

Solve ps-drive problem with SCCM2012 sp1 powershell script

I was trying to run a powershell script on a SCCM2012 sp1 machine and couldn't get it to work. After importing the Configuration module I just couldn't access the powershell drive. The problem only occured when trying to use a service account. With my normal admin account everything was working fine. This led me to believe  that it was access permission problems but no, that was a dead end.

Here's what i was trying to do:
Import-Module ‘c:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1’
Cd ps1:
Remove-CMDevice -DeviceName $computername -force

The errors I got was:
Cannot find drive. A drive with the name 'ps1' does not exist.

This command cannot be run from the current drive. To run this command you must first connect to a Configuration Manager drive.

The only problem here was that "get-psdrive" didn't return any ps1: drive that i needed.

Finally I found the error. It seems that starting powershell from within the Configuration Manager Console once registers the ps-drive for the current user account. Here's how you do it

1. In Configuration Manager Console click "Connect via Windows PowerShell"

 2. Type A for "Always run"

All done!

Simple way to compare two datarow objects C#

DataRow dr1 = ..

DataRow dr2 = ..

IEqualityComparer<DataRow> comparer = DataRowComparer.Default;

bool isMatch = comparer.Equals(dr1, dr2);

 

Enjoy!

MMS 2013 - Las Vegas

MMS 2013 is closing in with only one week to go until show time. We're looking forward to see what news will come from the giant software company, it will be particularly interesting to see third party IT automation and self service solutions.

We'll be back with some posts live from the event!

Get to the Attribute Editor in AD Users and Computers without browsing for the user

The "Attribute Editor" tab in Users and computers is very useful in many ways. The only big disadvantage with it is that it doesn’t show when searching for objects and opening properties from the search result list.

To show the tab I used to open the object from the search results, get the path from the object tab and then browse down the AD tree to open it from its location. Not fast, neither fun.

I accidently discovered another way to get the Attribute Editor to show, which is to open the properties of an object from another object. In other words, open the properties for a user by opening the properties from the members list of a group that the user is member of. This only works when the user is closed and opened from the group, so the workaround is:
1. Search the object you want to see properties for.
2. Open the member of tab and display properties for one of the groups that the user is member of. Try to pick a group with few members.
3. Close the properties for the user.
4. Open the properties for the user by double click the user name in the members list of the group you opened in the second step.
5. Taa-daaa. The Attribute Editor tab is shown!

Sound very complicated, but is way faster than browsing the user.

Remember that the Attribute Editor is only shown if the advanced features are enabled in ADUC (View -> Advanced Features).