Deploying an RDS farm in an Server Core environment

Note: The RD Web Access role requires Desktop Experience; In Server 2016 you can’t change between core and desktop anymore. 

First of all, I have made a script that will install and configure all roles and tools.
It installs the management tools on the server which the script runs on (from this server you can manage the core RDS environment).
Then it will ask on what servers which roles needs to be installed.
Find it on Technet 

After everything is installed, add the servers to server manager on the management server.
However already installed and configured, you need to add the license server and RD Gateway to the farm.
It is already connected to the Connection Broken, but are not automatically detected by Server Manager. 

Afterwards you should use Server Manager to add certificates to the RD Access Roles.
I would use a Wildcard certificate for RD Gateway and RD Web Access, since they are accessed over the internet.
Certificates for the broker role can be issues by your own CA, or if you use a public domain name in your internal domain (example corp.contoso.com), I would request an additional wildcard certificate for your internal domain. 

The first part of the installation can be accomplished by following the steps in the RDS Farm setup script, the second part you’ll need to do using Server Manager. 

Saving on certificates in an multi-tenant Exchange environment

By default, alot of companies buy certificates for Exchange based on the domains that are added to Exchange.
While a company is expanding, it can be very expensive.

In an organization using enormous amounts of domains, it can be challenging to keep up with certificates.
These issues you don’t have with Office 365, since Microsoft is responsible for Autodiscover.

When hosting your own multi-tenant Exchange environment, you can actually use an SRV record instead of an CNAME or A record.
This way it will announce that the corresponding service is hosted elsewhere.

This way you only need the (likely wildcard) certificate of the providing company.
Example:
You have an serviceprovider called Adatum Services, which hosts autodiscover.adatumservices.com.
The IT admin adds a domain (contosoconsultancy.com) to the multi-tenant Exchange environment.
Instead of adding an A record to the Exchange Client Access Server, you add an SRV record telling the Outlook client that the Autodiscover service is hosted elsewhere: on autodiscover.adatumservices.com.

The record for contosoconsultancy.com would look as:
Name: @
Protocol: TCP
Port: 443
Service: _Autodiscover
Target: autodiscover.adatumservices.com
Priority: 10
Weight: 1

Now you don’t have to make changes to your certificates, everytime an domain is added to your Exchange environment.

Posted in Collaboration, Exchange (General)

 

 

User interaction script for SCCM

This script (made by me) allows you to use user-interaction to notify your users about an installation or update of software.
It also allows you to push an installation (with administrator priviliges), while still including the user in the process.

If there is no interaction within 20 seconds per notification, it will go on.

You can also specify a process to check, and notify the user that the application needs to be closed to continue the installation (if the process is running off course).
It will re-check every 20 seconds, but will not continue until the process is closed.

This means that if the user isn’t behind his/her desk, and nothing conflicting is running, it will continue.
This makes the process of installing and updating software a lot more user friendly, but will not compromise compliance.

Download from Technet