Category Archives: microsoft

cloud computing, microsoft

Microsoft financials: cloud good, Surface down, and “We had no material phone revenue this quarter”

Microsoft has released its financial results for the third quarter of its financial year. Revenue was up 8% year on year, and operating income up 6%. I’m always interested in the segmentation of the figures so here is a quick table:

Quarter ending  March 31st 2017 vs quarter ending March 31st 2016, $millions

Segment Revenue Change Operating income Change
Productivity and Business Processes 7958 +1437 2783 -198
Intelligent Cloud 6763 +667 2181 +5
More Personal Computing 8836 -703 2097 +346
Corporate and Other -1467 +158 -1467 +158

There is a bit more detail in the earnings slide:

image

A few points of note:

Cloud growth remains on track. Office 365 business revenue is up 45% year on year, according to Microsoft. Dynamics 365 revenue is up 81%. Azure revenue is up 93%. Of course these figures are offset by static or declining sales of on-premises licenses, though Microsoft does not spell this out precisely.

Windows is not doing too badly, despite continuing weakness in the PC market. OEM revenue up 5%, which the company attributes to “a higher mix of premium SKUs”. Surface is weak. Revenue is down 26%. Microsoft blames “heightened price competition and product end of lifecycle dynamics.” The truth is that the Surface range is not good value versus the competition. There should be a perfect marriage of hardware and software, given that it is all Microsoft, but instead there have been too many little issues. The likes of HP and Dell do a better job at lower price and with easier upgradeability.

“We had no material phone revenue this quarter” says Microsoft. I remain sad about the killing of Windows Phone, and regard it as a mistake, but that is a done deal.

Xbox is doing OK. Xbox live revenue growth has offset declining hardware sales.

Search revenue is up 8%. Nobody pays for search, so this is about advertising. Windows 10 drives users to “Cortana” search, and Edge defaults to Bing. Users can easily find defaults changed inadvertently, which is annoying, but Microsoft has a touch competitor (Google).

 

 

A reminder of Microsoft’s segments:

Productivity and Business Processes: Office, both commercial and consumer, including retail sales, volume licenses, Office 365, Exchange, SharePoint, Skype for Business, Skype consumer, OneDrive, Outlook.com. Microsoft Dynamics including Dynamics CRM, Dynamics ERP, both online and on-premises sales.

Intelligent Cloud: Server products not mentioned above, including Windows server, SQL Server, Visual Studio, System Center, as well as Microsoft Azure.

More Personal Computing: What a daft name, more than what? Still, this includes Windows in all its non-server forms, Windows Phone both hardware and licenses, Surface hardware, gaming including Xbox, Xbox Live, and search advertising.

android, microsoft

Microsoft needs to fix its Android emulator

6 Comments

Microsoft wants Windows 10 to be an ideal developer operating system, with its Linux subsystem, and Visual Studio 2017 is notable for its strong cross-platform development tools.

There is an annoyance though. Google’s Android SDK includes an emulator for debugging mobile applications, but it requires hardware acceleration in the form of Intel’s HAXM (Hardware Accelerated Execution Manager). Otherwise you get an error as below:

image

Unfortunately this is incompatible with Hyper-V, the hypervisor built into Windows. You cannot fix this by stopping Hyper-V services; it is set when Windows boots.

Hyper-V is increasingly important for general Windows developers. It is not only useful for running up VMs on which to test stuff, but also for the official Docker tools and testing Windows containers.

The solution should be to use the Visual Studio Emulator for Android. This is based on Hyper-V so no problem.

Unfortunately it does not currently work very well. On one of my PCs it starts, but without internet connectivity, rendering it useless for many apps. On another PC it does not start at all.

image

I spent a bit of time trying to get it to work. The networking problem seems to be related to conflicts with other applications using Hyper-V. Specifically, the Visual Studio Emulator for Android uses two Hyper-V virtual network adapters, one connected to the Windows Phone Emulator Internal Switch, and the other connected to an external virtual switch. This second adapter gets its network settings using DHCP (there is no way to change this). The emulator app proxies internet connections from the internal to the external network.

The reference to Windows Phone comes about because this is essentially the Windows Phone emulator adapted to run Android.

In my Hyper-V setup I have another internal switch, called DockerNAT, used by the Docker tools, as well as a third internal switch which I’ve used for other things. In the emulator’s network settings I can actually see four Desktop Adapters (in addition to the primary “Emulator adapter”, of which only one has internet connectivity via my business network. I theorised that the emulator is attempting to proxy via the wrong adapter, and disabled the others in Control Panel – Network Connections. However it still does not connect.

Judging by posts like this and this, there may be some cocktail of settings in Hyper-V and in Control Panel that gets this working. Bear in mind though that I want everything else to work too.

I also note that Windows developer evangelist Scott Hanselman suggests setting up a dual boot arrangement so that you can boot with HAXM enabled when you want to develop on Android, and with Hyper-V otherwise – implying that there is no other easy fix.

This works, though it is a dreadful solution. Rebooting is not only time-consuming, but disruptive to the flow of your work, and having to reboot with special settings just to work on Android is painful.

It strikes me that this could be fixed with a bit of effort. If Microsoft is serious about persuading developers to use Windows 10, Visual Studio and Xamarin for cross-platform mobile apps, that would be a good idea.

gadgets, microsoft

Email hassles with migration to Windows 10 – if you use Windows Live Mail

6 Comments

Scenario: you are using Windows 7 and for email, Windows Live Mail, Microsoft’s free email application. You PC is getting old though, so you buy a new PC running Windows 10, and want to transfer your email account, contacts and old messages to the new PC.

Operating systems generally come with a built-in mail client, and Windows Live Mail is in effect the official free email client for Windows 7. It was first released in 2007, replacing Windows Mail which was released with Vista in 2006. This replaced Outlook Express, and that evolved from Microsoft Mail and News, which was bundled with Internet Explorer 3 in 1996. Although the underlying code has changed over the years, the user interface of all these products has a family resemblance. It is not perfect, but quite usable.

Windows 8 introduced a new built-in email client called Mail. Unlike Windows Live Mail, this is a “Modern” app with a chunky touch-friendly user interface. Microsoft declared it the successor to Windows Live Mail. However it lacks any import or export facility.

The Mail app in Windows 10 is (by the looks of it) evolved from the Windows 8 app. It is more intuitive for new users because it no longer relies on a “Charms bar” to modify accounts or other settings. It still has no import or export feature.

The Mail app is also not very good. I use it regularly now myself, because there is an account I use which works in Mail but not in Outlook. I don’t like it. It is hard to articulate exactly what is wrong with it, but it is not a pleasure to use. One of the annoyances, for example, is that the folders I want to see are always buried under a More button. More fundamentally, it is a UWP (Universal Windows Platform) app and doesn’t quite integrate with the Windows desktop as it should. For example, pasting text from the clipboard is hilariously slow and flashes up a “Pasting” message in an attempt to disguise this fact. Sometimes it behaves oddly, an open message closes unexpectedly. It is like the UWP Calculator app, another pet hate of mine – I press the Calculator key on my Windows keyboard, up comes the Calculator, then I type a number and it doesn’t work, I have to click on it with the mouse before it accepts input. Just not quite right.

I am getting a little-off topic. Back to my scenario: how are you meant to transition from Windows Live Mail, the official mail client for Windows 7, to the Mail app in Windows 10, if there is no import feature?

In one way I can explain this. First, Microsoft does not really care about the Mail app. Everyone at Microsoft uses Outlook for email, which is a desktop application. This is important, because it means there is no internal pressure to make the Mail app better.

Second, Microsoft figures that most people now have a cloud-centric approach to email. Your email archive is in the cloud, so why worry about old emails in your Mail client?

This isn’t always the case though. A contact of mine has just been through this exact scenario. He has happily used Windows Live Mail (and before that Outlook Express) for many years. He has an archive of old messages which are valuable to him, and they are only in Windows Live Mail.

Unfortunately Microsoft does not currently have any solution for this. The answer used to be that Windows Live Mail actually works fine on Windows 10, so you can just install it. However Microsoft has declared Windows Live Essentials, of which Live Mail is a component, out of support and it is no longer available for download.

image

Incidentally I am writing this post in Windows Live Writer, another component of Essentials, but which fortunately has been published as open source.

If you can find the Windows Live installation files though, it still runs fine on Windows 10. You do need the full setup, called wlsetup-all.exe, rather than the web version which downloads components on demand. Here it is, installed and connected on Windows 10:

image

This application is no longer being maintained though, and there are some compatibility issues with some email services. This will get worse. The better answer then is to migrate to full Outlook. However, Microsoft makes Outlook expensive for home users, presumably to protect its business sales. Office Home and Student does not include Outlook, and to buy it separately costs more, currently £109 in the UK. Another option is to subscribe to Office 365 and pay a monthly fee.

Even if you intend to migrate to Outlook eventually, it may make sense to use Live Mail for a while on Windows 10. There is an export option to “Exchange” format which means you can migrate messages from Live Mail to Outlook.

This is all more work than it should be, for what must be a common scenario. You would think that migrating from the official mail client for Windows 7, to the official mail client for Windows 10, would not be so difficult.

development, microsoft, professional, software development

QCon London 2017: IoT insecurity, serverless computing, predicting technical debt, and why .NET Core depends on a 36,000 line C++ file

I’m at the QCon event in London, a multi-vendor conference aimed primarily at enterprise developers and architects.

image
Adam Tornhill speaks at QCon London 2017

A few notes on day one. Alasdair Allan gave a keynote on security and the internet of things; it was an entertaining and disturbing résumé of all that is wrong with the mad rush to connect everything to the internet though short on answers; our culture has to change so that organisations such as hotels, toy manufacturers, appliance vendors and even makers of medical equipment take security seriously but it is not clear how this will come about unless so many bad things happen that customers start to insist on it.

Michael Feathers spoke on strategic code deletion, part of a track on “Dark code: the legacy/tech debt dilemma.” This was an excellent session; code is added to projects more often than it is removed, and lack of hygiene in this regard has risks including security, reliability and performance. But discovering which code is safe to remove is not always trivial, and Feathers explored some of the nuances and suggested some techniques.

Steve Faulkner gave a session on serverless JavaScript, or more specifically, using Amazon Web Services (AWS) Lambda and API Gateway. Faulkner said that the API Gateway was the piece that made Lambda viable for them; he is Director of Platform Engineering at Bustle, a busy content site based in the USA. In a nutshell, moving from EC2 VMs to Lambda has yielded both financial savings and easier management. The only downside is performance; each call to a Lambda function takes a minimum of 100ms whereas the same function on a WM might take 20ms. In the end it is not critical as performance remains satisfactory.

Faulkner said that AWS is ahead of its competitors (Microsoft, Google and IBM were mentioned) but when pressed said that both Microsoft and Google offered strong alternatives. Microsoft’s Azure Functions are spoilt by the need to specify a maximum scale, rather than scaling automatically, but its routing solution is in some ways ahead of AWS, he said. Google’s Functions will be great when out of beta.

Adam Tornhill spoke on A Crystal Ball to prioritise Technical Debt, another session in the dark code track. This was my favourite of the day. Tornhill presented a relatively simple way to discover what code you should refactor now in order to avoid future issues. His method is based on looking for files with many lines of code (a way of measuring complexity) and many commits (suggesting high importance and activity), the “hotspots” in your projects. For more detail and some utilities see Tornhill’s blog.

Why do we end up with bad or risky code in our software? Tornhill said that developers often mistake organisational problems for technical problems and try unsuccessfully to fix them with tools.

He also mentioned an example of high-risk code, the file gc.cpp which performs garbage collection in .NET Core, the next generation of Microsoft’s .NET Framework. This file is over 36,000 lines and should be refactored. There is a discussion on the subject here. It exactly bears out Tornhill’s point. A developer proposes to refactor the file, back in March 2015. Microsoft’s Karel Zikmund defends the status quo:

Why it is this way? … Partly historical reasons (it is this way since the start). Partly because devs working on it didn’t feel the urge to refactor it. Partly because splitting of gc.cpp is non-trivial and risky and because it does not bring too big value (ramp up in the code base can be gained also in the combination of reading BOTR and debugging the code). Why it is staying this way? … Cost/benefit/risk ratio is IMO not in favor of a change here.

Few additional thoughts:
Am I happy that there is only 1 large file? No, but it doesn’t hurt me much either.
Do I see the disadvantages of large file? Yes, but I don’t think they are huge. More like minor annoyances with easy workarounds.
And to turn it around: Do you see the risk of any changes here? Do you see the cost of extra careful code reviews to mitigate the risk?

Strictly technically, we truly believe this is a formatting change. If it was simple to split it up and if it would be low risk and if it would be very easy to review, it might be worth the ‘minor’ improvements mentioned above … but I don’t see that combo happening (not on a noticeable scale in gc.cpp).
On a personal note: I also trust CLR team that if all these three things were true, the refactoring would have happened long time ago.

Note that some of this code goes back beyond .NET Core to the .NET Framework, the “historical reasons” that Zikmund mentions. We can see that the factors preventing change are as much organisational as technical.

Finally I attended a session on Microsoft’s Cognitive Services. Note this was in the “Sponsored solution track”. Microsoft also has a stand here focused on its Cognitive Services.

There is not much Microsoft Platform content at QCon and it seems under-represented, though many of the sessions are applicable to developers on any platform. I am not sure of all the reasons for this; there used to be an Advanced .NET track at QCon. It does reflect some overall development trends as well as the history and evolution of QCon itself. That said, there is a session on SQL Server on Linux so the company is not completely invisible here.

As for the session, it was a reasonable overview of Microsoft’s expanding Cognitive Services APIs, which covers things like image recognition, speech recognition and more. I would have liked more depth and would have preferred to hear from a practitioner, in other words, “we built an application on Cognitive Services and this is what we learned.” I am not altogether clear why the company is pushing this so hard, except that it is a driver for developers to use Azure. I asked about how developers should deal with the problem of uncertainty*, in other words, that Cognitive Services does not deliver absolute results but rather draws conclusions with a confidence score – eg it might be pretty sure that an image contains a human face, fairly sure that it is male, and somewhat confident that the age of the person is mid forties. When the speaker demoed speech recognition it went pretty well except that “Start” was transcribed as “Stop.” This stuff is difficult.

Looking forward now to Day Two: Containers, Machine Learning, and more.

*More concisely expressed as “Systems are moving from the deterministic to the probabilistic” by Stephen Whitworth, who is now speaking on Machine Learning.

microsoft, office 365

New Office 365 OneDrive for Business sync client now supports team sites

Microsoft has announced new capabilities for its next-generation OneDrive for Business sync client – the software that lets users access OneDrive documents through Windows Explorer rather than having to go via a web browser.

Technically, there are two ways to access OneDrive with Windows Explorer. One uses WebDAV and only works online, the other makes a local copy of the documents and synchronises them when it can. Microsoft pushes users towards the second option. If you use WebDAV, repeated authentication prompts and lack of offline capabilities are annoyances that many find it hard to cope with.

Problem is that the old OneDrive for Business sync client, called Groove, is just not reliable. Every so often it stops syncing and there is often no solution other than to delete all the local copies and start again.

Microsoft is therefore replacing it with a new OneDrive for Business sync client, which has been in preview since September 2015. “The preview client adds OneDrive for Business connectivity to our proven OneDrive consumer client,” explained Microsoft, abandoning the problematic Groove.

There was a snag though. The new client did not support Team Sites, also known as SharePoint Online, but only personal OneDrive for Business cloud storage. Many businesses make more use of Team Sites than they do of the personal storage. Users with both had to run both the old and new sync clients side by side.

I was among those complaining so it is pleasing to see that Microsoft, a mere 15 months later, has met my request, by adding support for Team Sites to its new client.

image

(I had no idea until I looked today how much support the feedback had received).

Today’s announcement also includes a new standalone Mac client, which can be deployed centrally, and an enhancd UI with an Activity Center.

There are also new admin features in the Office 365 dashboard, like blocking syncing of specified file types, control over device access, and usage reporting.

There may still be some snags – and note that the new client is still a preview.

Competitors like DropBox and Box have some technical advantages, but Microsoft’s key benefit is integration with Office 365, and the fact that it comes as part of the bundle in most plans. If it can iron out the technical issues, of which sync has to date been the most annoying, it will significantly strengthen its cloud platform.

cloud computing, microsoft

Microsoft Office 365 Activation Hassles

1 Comment

Imagine you are a customer of Microsoft’s Office 365 service, including a subscription to the Office desktop applications like Word, Excel and Outlook.

One day you click on the shortcut for Word, but instead of opening, it just shows a “Starting” splash screen which never progresses.

Being smart, you try to start Word in safe mode by holding down the Ctrl key, but the exact same thing happens.

Annoying, when you want to do your work. What is going on?

I took a look at a case like this. Two things you should do (after the usual reboot):

1. Look in the event viewer. Here, I found a clue that the issue is related to software activation, specifically Event 2011 “Office Subscription Licensing exception”:

image

2. For all things related to Office licensing, open a command prompt, go to (for example) C:\Program Files (x86)\Microsoft Office\Office16, and type:

cscript ospp.vbs /dstatus

In this case I got the following:

image

This told me that Windows thinks TWO product keys for Office are installed. One has expired, the other is fine.

The guilty party may (or may not) be the trial version of Office typically pre-installed with a new PC. Or it could be a consequence of changing your Office 365 subscription. Neither would be the fault of the user, who is fully licensed and has done nothing other than follow Microsoft’s normal procedures for installing Office 365.

Solution: we reinstalled Office from the Office 365 portal, and attempted to remove the dud product key with:

cscript ospp.vbs /unpkey:<Last five characters of product key>

as explained here. All is well for the moment.

This kind of thing drives me nuts though. Activation and subscription license checking is for the benefit of the vendor, not the user, and should never get in the way like this.

Further, cannot Microsoft find some way of informing the user when this happens, and not have Word simply hang on starting? How difficult is it to check for licensing and activation issues, and throw up a message?

azure, cloud computing, microsoft

From Windows Embedded to cloud: Microsoft announces the Connected Vehicle Platform

Microsoft has announced the Connected Vehicle Platform, at the CES event under way in Las Vegas.

image

The company is not new to in-car systems, but its track record is disappointing. It used to be all about Windows Embedded, using Windows CE to make a vehicle into a smart device.

Ford was Microsoft’s biggest partner. It built Ford SYNC on the platform and in 2012 announced five years of partnership and 5 million SYNC-enabled vehicles.

However in 2014 Ford announced SYNC 3 with no mention of Microsoft – because SYNC 3 uses Blackberry’s QNX.

What went wrong? There’s a 2014 analysis from Bill Howard that offers a few clues. The bit that chimes with me is that Microsoft was too slow in updating the system. The overall Windows story over the last 10 years is convoluted to say the least, with many changes to the platform and disruptive (in a bad way) strategy shifts. The same factor is a large part of why Windows Phone failed.

It is not clear at this stage whether or not Microsoft’s Connected Vehicle Platform partners (which include Renault-Nissan and BMW) will use Windows Embedded in their solutions; but what is notable is that Microsoft’s release makes no mention of it. The company has shifted to a cloud strategy, and is primarily offering Azure services rather than mandating how manufacturers choose to consume them. The detail of the announcement identifies five key areas:

  • Telematics and Predictive services
  • Marketing (“Customer insights and engagement”)
  • Productivity (Office 365, Skype)
  • Connected ADAS (Advanced Driver Assistance Systems), ie. the car helping you to drive
  • Advanced Navigation

Cortana also gets a mention. We may think of Cortana as a virtual assistant, but what this means is a user interface to intelligent services.

There is big competition for all this of course, with Google, Amazon and Apple also in this space. There is also politics involved. If you read Howard’s analysis linked above, note that he mentions how the auto companies dislike restrictions such as Google insisting that you can’t have Google Search unless you also use Google Maps (I have no idea if this is still the case). There is a tension here. In-car systems are an important value-add for customers and critical to marketing vehicles, but the auto companies do not want their vehicles to become just another channel for big data-gathering companies like Google and Amazon.

Another point of interest is how smartphones interact with your car. If you want a simple and integrated experience, you can just dock your phone and use it for navigation, communication and entertainment – three key areas for in-car systems. On the other hand, a docked phone will not have the built-in screen and control of vehicle features that an embedded system can offer.

microsoft, software development

Microsoft to release Visual Studio for the Mac – except it is not

3 Comments

Microsoft’s Mikayla Hutchinson (ex Xamarin) has announced Visual Studio for the Mac:

This is an exciting development, evolving the mobile-centric Xamarin Studio IDE into a true mobile-first, cloud-first development tool for .NET and C#, and bringing the Visual Studio development experience to the Mac.

I tend to agree that it is a significant piece of news. It signals Microsoft’s intent to offer first-class support for Mac developers. Other than at Microsoft events, the majority of the developers I see at conferences carry Macs rather than Windows laptops, and if the company is to have any hope of winning them over to its cross-platform ASP.NET web application framework, getting excellent development support on Macs is a critical step.

Naming things is not Microsoft’s greatest strength though. Sometimes it gives different things the same name, such as with OneDrive and OneDrive for Business, or Outlook for Windows and Outlook for iOS and Android. It makes sense from a marketing perspective, but it is also confusing.

This is another example. No, Microsoft has not ported Visual Studio to the Mac. This is a rebrand of Xamarin Studio, originally a cross-platform IDE for its C# mobile app framework, but more recently Mac-only.

Hutchinson makes the best of it:

Its UX is inspired by Visual Studio, yet designed to look and feel like a native citizen of macOS …. Below the surface, Visual Studio for Mac also has a lot in common with its siblings in the Visual Studio family. Its IntelliSense and refactoring use the Roslyn Compiler Platform; its project system and build engine use MSBuild; and its source editor supports TextMate bundles. It uses the same debugger engines for Xamarin and .NET Core apps, and the same designers for Xamarin.iOS and Xamarin.Android.

The common use of MSBuild is a key point. “Although it’s a new product and doesn’t support all of the Visual Studio project types, for those it does have in common it uses the same MSBuild solution and project format. If you have team members on macOS and Windows, or switch between the two OSes yourself, you can seamlessly share your projects across platforms,” says Hutchinson.

image

The origins of what will now be Visual Studio for the Mac actually go back to the early days of the .NET Framework. Developer Mike Kruger decided to write an IDE in C# in order to work more easily with a pre-release of .NET Framework 1.0. His IDE was called SharpDevelop. Here is an early version, from 2001:

image

Of course by then most developers used Visual Studio to work with C#, but there were several reasons why SharpDevelop continued to have a following. Unlike Visual Studio, it was built in C# and you could get all the code. It was free. It was also of interest to Mono users, Mono being the open source implementation of the .NET Framework originated by Miguel de Icaza (also now at Microsoft). In 2003, Mono developers started work on porting SharpDevelop to run on Linux using the GNOME toolkit (Gtk#). This forked project became MonoDevelop.

Xamarin (the framework) of course has its roots in Mono and when Xamarin (the company) decided to create its own IDE it based it on MonoDevelop. So MonoDevelop evolved into Xamarin Studio.

Incidentally, SharpDevelop is still available and you can get it here.  MonoDevelop is still available and you can get it here.

So now some sort of circle is complete and what began as SharpDevelop, a rebel imitation of Visual Studio, will now be an official Microsoft product called Visual Studio for the Mac – though how much SharpDevelop code remains (if any) is another matter.

Historical digression aside, the differences between Visual Studio and Visual Studio for the Mac are not the only point of confusion. There is also Visual Studio Code, an editor with some IDE features, which is cross-platform on Windows, Mac and Linux. This one is based on the Google-sponsored Chromium project and has won quite a few friends.

Should Mac users now use Visual Studio Code, or Visual Studio for the Mac, for their .NET Core or ASP.NET Core development? Microsoft will say “your choice” but it is a good question. The key here is which project will now get more attention from both Microsoft and other open source contributors.

Still, we should not complain. Two rival Microsoft IDEs for the Mac are a considerable advance on none, which was the answer until Visual Studio Code went into preview in April 2015.

azure, microsoft, office 365

Hands on with Microsoft’s ADConnect

I’ve been trying Microsoft’s ADConnect tool, the replacement for the utility called DirSync, which synchronises on-premises Active Directory with Azure AD, the directory used by Office 365.

It is therefore a key piece in Microsoft’s hybrid cloud story.

In my case I have a small office set-up with Active Directory running on Server 2012 R2 VMs. I also have an Office 365 tenant that I use for testing Microsoft’s latest cloud stuff. I have long had a few basic questions about how the sync works so I created a small Server 2012 R2 VM on which to install it.

ADConnect can be installed on a Domain Controller, though this used to be unsupported for DirSync. However it seems to be tidier to give ADConnect its own server, and less likely to cause problems.

There are a number of pre-requisites but for me the only one that mattered was that your domain must be set up on the Office 365 tenant before you configure ADConnect. You cannot configure it using the default *.onmicrosoft.com domain.

Adding a domain to Office 365 is straightforward, provided you have access to the DNS records for the domain, and provided that the domain is not already linked to another Office 365 tenant. This last point can be problematic. For example, BT uses Office 365 to provide business email services to its customers. If you want to migrate from BT to your own Office 365, detaching the domain from BT’s tenant, to which you do not have admin access, is a hassle.

When I tried to set up my domain, I found another problem. At some point I must have signed up for a trial of Power BI, and without my realising it, this created an Office 365 tenant. I could not progress until I worked out how to get admin access to this Power BI tenant and assign my user account a different primary email address. The best way to discover such problems is to attempt to add the domain and note any error messages. And to resist the wizard’s efforts to get you to set up your domain in a different tenant to the one that you want.

That done, I ran the setup for ADConnect. If you use the Express settings, it is straightforward. It requires SQL Server, but installs its own instance of SQL Server Express LocalDB by default.

image

You enter credentials for your Office 365 tenant and for your on-premises AD, then the wizard tells you what it will do.

image

I was interested in the link on the next screen, which describes how to get all your Windows 10 domain-joined computers automatically “registered” to Azure AD, enabling smoother integration.

image

If you follow the link, and read the comments, you may be put off; I was. It involves configuring Active Directory Federation Services as well as Group Policy and looks fiddly. I suspect this is worth doing though, and hope that configuration will be more automated in due course.

The next step was to look at the outcome. One thing that is important to understand is that synced users are distinct from other Office 365 users. Imagine then that you have existing users in Office 365 and you want to match them with existing on-premises users, rather than creating new ones. This should work if ADConnect can match the primary email address. It will convert the matching Azure AD user into a synced user. Otherwise, it will just create new users, even if there are existing Azure AD users with the same names. If it goes wrong, there are ways to recover. Note that the users are not actually linked via the email address, they are linked by an attribute called an ImmutableID.

The Office 365 admin portal is fully aware of synced users and the user list shows the distinction. Users are designated as “In Cloud” or “Synced with Active Directory”.

image

Synced users cannot be deleted from the Office 365 portal. You delete them in on-premises AD and they disappear.

The next obvious issue is that if you dive in like me and just install ADConnect with Express Settings, you will get all your on-premises users and groups in Azure AD. In my case I have things like “ASP.NET Machine Account”, various IUSR* accounts, users created by various applications, and groups like “DHCP Administrators” and “Exchange Trusted Subsystem” that do not belong in Office 365.

These accounts do not do much harm; they do not consume licenses or mess up Office 365. On the other hand, they are annoying and confusing. You may also have business reasons to exclude some users from synchronization.

Fortunately, there are various ways to fine-tune, both before and after initial synchronization. You can read about it here. This document also states:

With filtering, you can control which objects should appear in Azure AD from your on-premises directory. The default configuration takes all objects in all domains in the configured forests. In general, this is the recommended configuration.

I find this puzzling, in that I cannot see the benefit in having irrelevant service accounts and groups synced to Office 365 – though it is not entirely obvious what is safe to exclude.

I went back to the ADConnect tool and reconfigured, using the Domain and OU filtering option. This time, I selected what seems to be a minimal configuration.

image

The excluded objects are meant to be deleted from Office 365, but so far they have not. I am not sure if this will fix itself. (Update: it did, though I also re-ran a full initial sync to help it along). If not, you can temporarily disable sync, manually delete them in the Office 365 portal, then re-enable sync.

What if you want to exclude a specific user? I used the steps described to create a DoNotSync filter based on setting extensionAttribute15. You use the ADConnect Synchrhonization Rules Editor to create the rule, then set the attribute using ADSIEdit or your favourite tool. This worked, and the user I marked disappeared from Office 365 on the next sync.

image

Incidentally, you can trigger an immediate sync using this PowerShell command:

Start-ADSyncSyncCycle -PolicyType Delta

Complications

Setting up ADConnect does introduce complexity into Office 365. You can no longer do everything through the portal. It is not only deletion that does not work. When I tried to set up a mailbox in Office 365 I hit this message:

image

“This user’s on-premises mailbox hasn’t been migrated to Exchange Online. The Exchange Online mailbox will be available after migration is completed.”

I can see the logic behind this, but there might be cases where you want a new empty mailbox; I am sure there is a way around it, but now there is more to go wrong.

Update: there is a rather important lesson hiding here. If you have are running Exchange on-premises and want to end up on Office 365 with ADConnect, you must take care about the order of events. Once ADConnect is running, you cannot do a cutover migration of Exchange, only a hybrid migration. If you don’t want hybrid (which adds complexity), then do the cutover migration first. Convert the on-premise mailboxes to mail-enabled users. Then run ADConnect, which will match the users based on the primary email address.

It is also obvious that ADConnect is designed for large organisations and for administrators who know their way around Active Directory. There is a simplified sync tool in Windows Server Essentials, though I have not used it. It would be good though to see something between Essentials and the complexity of ADConnect. For example, I had imagined that there might be a mapping tool that would let you see how ADConnect intends to match on-premises users with Office 365 users and let you amend and exclude users with a few clicks.

Microsoft has been working on this stuff for some time and is not done yet. In preview for example is Group Writeback, which lets you sync Office 365 groups back to on-premises AD.

image

Maybe Microsoft might also consider using different icons for the various ADConnect utilities as they do look a bit silly if you pin them to the taskbar:

image

The tools are:

  • Azure ADConnect (Wizard)
  • Synchronization Rules Editor (advanced filtering)
  • Synchronization Service WebService Connector Config (SOAP stuff)
  • Synchronization Service Key Management (what it says)

On the plus side, I have not hit any mysterious Active Directory errors and it has all worked without having to set up certificates, reverse proxies, special DNS entries (other than the standard ones for Office 365), or anything too fiddly, though note that I avoided ADFS and automatic Windows 10 registration.

Final thoughts

If you need to implement this, you will find doing what I did and trying it out on a test domain is worth it. There seem to be quite a few pitfalls, and as ever, it is easier to get it right at the start rather than trying to fix things up afterwards.