Home / Nerdio Academy / Nerdio / Nerdio Fundamentals: Onboarding Tools

Nerdio Fundamentals: Onboarding Tools

0 commentsJune 28, 2019Videos

Joseph Landes:
In this session, we’re going to talk about the various onboarding tools that are used by MSPs to onboard customers into Nerdio for Azure. We’ll cover a variety of topics including AD export, how to update groups and contacts, data mirroring, robocopy, and more. Enjoy the session.

Vadim Vladimirskiy
Today, we’ll be covering various onboarding tools and components of the Nerdio admin portal. Let’s jump into it right away. Okay, so we’re back to our favorite account, 5,009, Morehart, Inc, and we are going to go through the onboarding module. As the name implies, onboarding helps onboard new customers as well as occasionally new users or provision new desktops, et cetera. First thing that we’ve already spent a good amount of time on is domains, so I’ll just remind you that this is the place where you would go to add additional domains if there was, you know, a new email domain that needed to be added or anything like that or a domain trust set up. This is the place to go and do it. This is also where you can convert a domain from managed to federated and validate it in Office 365, et cetera.

Vadim Vladimirskiy
The next thing is this AD export functionality. You’ll recall this is a way of connecting to an existing active directory server across a VPN and being able to export data out of it in the format that can be then used to import it into Nerdio, so very simple. You give it a name, you specify the IP address of the server, which is typically on the other side of the VPN connection. With the credentials, you test that connection. It validates that it’s a domain controller. And once you have a source added, you can create jobs.

Vadim Vladimirskiy
There are two types of things you can export. You can export users. You can export groups. Once you have a source defined, they’ll be listed here in the dropdown. You run the job. It creates a CSV file, and then you can take that CSV file, modify it, and put it into one of these bulk add or import or update functions. Okay?

Vadim Vladimirskiy
So once you have that list, or even if you’re creating a new list, you can go in and take that CSV file. Go into bulk add or update users. You can download the template from right here. So, there is a blank template that can be downloaded with this button that will just show what all the various columns are, and then you’ll need to pre-fill the information, or you can download the template with existing users already built into it. This is convenient, because then you can see exactly how everything is laid out with actual data.

Vadim Vladimirskiy
Recall that there is an add update or ignore field. If anything is set to ignore, it is going to not do anything in this line item. If it’s set to add, then it’s going to assume that this is a new user addition. If it’s update, then it will use the Guid listed in this column to actually figure out which object you want to be modifying. This is a mandatory component. If somebody messes up with this information and tries to do an update, it’s going to give an error because it won’t be able to find the object that you’re trying to update again.

Vadim Vladimirskiy
The way it knows which object you’re updating is by looking at this global unique identifier, and it’s got a match. These are exported out of AD. When you are trying to update objects, you always have to download the template that includes the users in it. So, using this button, not this button. Otherwise, you’re going to have to manually go through and figure out, you know, what the Guid is, which is quite a bit of a pain. A quick reminder that pretty much anything you can do from the user add or edit screen can be done via CSV file. You can obviously change the name and email addresses, aliases, password, office licensing, enable or disable, or you can, you know, configure other contact information here. And then you can also manage the desktops.

Vadim Vladimirskiy
For instance, if you had a lot of users that were on RDS collection A, and you wanted to switch them to RD collection B, you would simply have to update, you know, these two fields or probably even just this one where you would specify the new collection name. So, this is a quick and easy way to update multiple things across multiple users. Okay? Very useful during the onboarding process.

Vadim Vladimirskiy
Okay. The other thing you can import or manage or update is groups. Again, very similar concept users, so … Let’s actually go back to this list right here. You can see groups are actually listed next to the user. So, you can list groups. Comma separate them. There’s no quotes required around the actual full name. The comma is what tells it what the name of the group is, as that’s the delimiter. So, you can actually use this method to add individual users into groups, or you can go the other direction and you can add groups first and users into them. Let’s take a look at that.

Vadim Vladimirskiy
We’re going to download a template with the groups in it. Okay. And here you’ll see again, similar add, update or ignore. We have our group name, group type, description, and then members. So for instance, if we have this VDI users group, then we click on members. There’s nobody in that group, which is what we would expect. The RDS users group, we click on that. And this lists the short name, the username, basically, the thing that’s prior to the domain. So, that is how it lists the members.

Vadim Vladimirskiy
You can update membership this way. And also, again, remember you have this Guid listed to the right. This is what identifies which group you’re making a change to. It matches it based on the identifier rather than something like a group name. Group name is the thing that you’re updating in some cases, which is why the Guid is used for it. Yeah. So, remember, groups can contain members that are users. It could also contain other groups. It can contain mailboxes or even contacts, and all of those can be edited here. This is a great way of ingesting or importing or updating a large number of groups at the same time using an easy CSV import method. Then, finally we have a way of doing the same thing for contacts.

Vadim Vladimirskiy
Occasionally, we have situations where customers have, you know, contacts in their active directory, and then they want those synced up to Azure AD. A very similar concept. I don’t know if we have any. Probably, we do have one. So again, you got your contact. You got your Guid. You can add new ones. Obviously, if you’re adding one, you leave the Guid field blank and fill out the rest of the information. Okay. So, this is a way to easily import, add, or update users, groups and contacts.

Vadim Vladimirskiy
Okay. The rest of our time, I think, we’re going to be spending on data mirroring. Okay. So, data mirroring is intended to be used for copying files or file-shared data from a source SMB share. Think a file server or some sort of a NAS device that users map their drives to. So, this could be an on premises server. This could be another cloud server. The requirement is is that it has to be accessible by IP via SMB, so you should be able to map a drive to it.

Vadim Vladimirskiy
Let’s see. So if we go to data mirroring, okay. First thing we got to do is add a source. Typically, this would be the file server or some device on the other end of the VPN. But in this case, I’m going to try to do this from the existing file server. So, let’s actually set up a quick little test, and I’m going to log in as Andy IT Admin. Hopefully the password hasn’t been changed recently. Let’s see.

Vadim Vladimirskiy
Okay, let’s go to FSO1 and see what we have on it we can create. Okay, so there is a test folder and there is a test file in there. Okay. Excellent. Let’s do the following. That IP address of FSO1, if I recall correctly, is .11. Yup. It is. All right. And I also think that Andy IT Admin is an administrator, which means we’ll be able to add a source with those credentials. What happens when you try to add a source is that it’s going to try to connect from FSO1 to the IP address you specify here with the credentials that you specify here. Now, this may not work, because it’s trying to connect from FSO1 to FSO1, but let’s see.

Vadim Vladimirskiy
Right now, this is running a script on FSO1, trying to get the listing of all the various shares available in FSO1. That seems to have worked, so let’s click save. Okay, so that’s being added. That should be a task. There it is. So in a minute or so, we’ll see the peer appear. And then once it does, we’re going to go ahead and add a job. Once this is coming up, I’m going to RDP directly into FSO1 and show you what actually happens and what changes you can make to tweak the data mirroring jobs if you ever needed to.

Vadim Vladimirskiy
Excellent. Here is our FSO1. Let’s see how we’re doing here. Okay, so that’s done. There is our FSO1. Here is what it was able to determine, that it queried all of the shares on FSO1 and it can see all of the administrative shares, which is, a lot of times, where you’re copying from, but also all of this standard find shares. So, that’s all expected. Now, let’s go ahead and add a job. We’re going to add a job. We are going to call it, you know, Test Job1. We’re going to select our source. We only have one source right now. We’re going to select our drive or share. Because … Let’s go to FSO1 and see where that file is that we just created. It’s the E drive, it’s public, and it’s test.

Vadim Vladimirskiy
Okay? Let’s say we want to mirror the entire public folder, so we’ll go into data mirroring. We will say it’s going to be on the E drive and the folder is going to be public. And we’re going to mirror it to FSO1 E drive, right? So, it’s sort of taking it from one server to the same server. Not a typical, you know, real case scenario, but should be illustrative of how this works. Let’s have it create a folder called transfer. We then get to define a schedule when this runs. You can say, you know, run it at 9:00 p.m. every day starting tonight. You can click enable.

Vadim Vladimirskiy
The really important thing here to remember is that any existing files, by default, it’s set up as a mirror, so any existing files will be overwritten. So if somebody goes live and has users working against this new destination file server, then those files at the next run of this job will get overwritten. So, it’s really important to remember to disable this. And unfortunately, sometimes people trip over that. You know, we kind of have these warnings in red everywhere.

Vadim Vladimirskiy
Okay, so this is now creating this job. Now, what is actually happening on the back end? On the back end, it’s creating a schedule task and an associated script for that job. So, let’s go into task scheduler. And in a minute, we should see a new folder appear here called Nerdio. Inside of that folder, we will have a scheduled task that’s going to have a robocopy command associated with it. That robocopy command is going to tell the system what to do. Let’s just … There we go. There is Nerdio. Just came up. There is our job, Test Job1. You can see it’s set to run as administrator with the highest privileges, so this is going to run unattended. It’s going to run on the schedule that we specified. Remember we said nightly or daily at 9:00 p.m. It’s enabled. And what it’s going to do is it’s going to run a command. This is basically a Powershell command. We can look at it in just a second.

Vadim Vladimirskiy
Let’s go ahead and edit this. Okay, so there is our action. It’s going to run the Powershell executable with a bunch of parameters that are going to tell it, you know, what to copy from where, with what parameters, all that kind of stuff. So, all of this is integrated into this one command. Let’s go ahead and actually run the job. When we click on … Right now, it’s enabled, and it’s going to run at 9:00 p.m. So, it’s not going to run right now unless we click it. If we’re going to do run now, so what we should notice on FSO1 is a robocopy process that should start or at least a Powershell process. There it is.

Vadim Vladimirskiy
Okay, so it’s running right now. If we refresh this, we should see it says running. Okay. And it should be done fairly quickly. Okay. Obviously, it’s done. Now, we can go back here, right? Then, what do we see? We see that we ran the job and it’s complete. Now ,the fact that it says complete, what that means is that it completed triggering the job. It doesn’t mean the job completed running. This was an initiation of the job, not that it knew that the job is now done. Unfortunately, the NAP has no visibility of how long robocopy takes to run. Now, what can you do … Now, how do you know what actually happened? Did it work? Did it not work? Obviously, you can log in and see if the files were copied.

Vadim Vladimirskiy
So, let’s do that first just to see if it worked as expected. We had a transfer folder we wanted to create. Now, we have a test folder and we have a hello folder. And if we see when this file was created, you know, that’s the file that we copied from the other location. So, this is all exactly as we expect it. Now, without logging into the file server, we could have clicked on download logs. What this does is it triggers a command on FSO1 that goes in, zips up the logs and passes them through to the NAP, so you can actually view what happened. Where are these logs?

Vadim Vladimirskiy
When robocopy runs, part of this action here is to log the output of robocopy to a location on the E drive called data mirroring logs. And you can see that there is going to be a file that will have the name of the job, the date, the time, and then a unique identifier. And if you double click here, you will see what happened. This is actually robocopy output, so we see what it copied from, what it copied to, what type of switches it used, and then what it copied, and what the result is. Right? This is what you need to confirm that the backup is running short of just looking at the destination. But this is a kind of a conclusive review of what’s going on.

Vadim Vladimirskiy
So, what we just did by running this download logs is we basically zipped up that file and made it available here. There is now a download button next to that completed task. We’re going to click download. There’ll be a zip file. Inside of that zip file will be the file we just looked at. Okay? So, this is a nice, simple way for someone just sitting inside of NAP to be able to set up data copies and transfers from an existing location to FSO1.

Vadim Vladimirskiy
A few things to note. You can define multiple sources, and sources would be servers, right? So, it’s an individual device you’re copying from and then that device may have multiple drives, multiple shares, whatever. And then you can set up multiple jobs that could be doing different things from different sources. Important to keep in mind — because this is mirroring, it is going to … Like, if you set up a job that overlaps with another job, they’re going to fight with each other. You know, one is going to copy files there and the other one is going to delete those files, and there’s just going to be a mess. So whenever you setting up jobs, just make sure that each source has only one job associated with it and each destination only has one job associated with it. So if you have, you know, public share, you’re going to copy from public to public, from users to users, or whatever, you know, whatever the names of those shares are.

Vadim Vladimirskiy
Then when go-live happens, it is critical that someone goes in here and either deletes the job or at the very least disables it. Okay? So, disabling the job. You will see over here, it’s going to be disabled, and then it should also be reflected on the scheduled tasks. Right now, you see it says ready. Once that command runs, it should say disabled right there. That’s how it works.

Vadim Vladimirskiy
If someone goes in and deletes anything from what I showed you, so like if they delete the scheduled task or the scheduled folder, then the jobs will disappear from the NAP as well. So, let’s go ahead and do that. Let’s delete this and then come out to here and refresh our data mirroring jobs. Once this is done, the job should be gone because it’s no longer visible as a scheduled task within the environment. Okay, let me add another job. Oops, not another source. Another job. Okay. And show you some of the tweaks that you can make.

Vadim Vladimirskiy
So, we have our test FSO1. We’re going to copy from public to … No, let’s do … We were doing from E public to transfer, and we were going to run it whenever. It doesn’t really matter. Then, allow. Click save. Okay. Okay, so you see the job disappeared. It’s going to get re-added now. And because this is using robocopy … Now, let’s say you wanted to make some changes. Let’s say you wanted to skip old files, or you wanted to not override things. You just wanted to add new files. There’s lots of switches and parameters that you can pass to robocopy to customize it.

Vadim Vladimirskiy
So, what you can do is go into actions. Take this command, put it into Notepad, make your changes. Right? These are the parameters it’s using now. Robocopy source destination, no progress, resume if it fails, mirror. If it can’t read something, wait zero seconds. If it can’t write something, wait zero seconds. Verbose, and then I think this just means the output to the log or something like that. Right? There’s other commands you can add. There is, you know, a whole set of … Oh boy, that’s really small.

Vadim Vladimirskiy
If you run robocopy like that, this will show you all the available commands. You can pretty much achieve anything with the right combination of these. You can copy security settings, not copy security settings. You can overwrite, not overwrite, select files that have been modified within a certain amount of time or a non-modified certain amount of time. Really, a ton of flexibility, very great built-in tool that Microsoft has in Windows. So, you can modify this command in Notepad and then take this modified command and then paste it back into the argument section right there.

Vadim Vladimirskiy
Save it, and now it’s going to run the job as you need it to run as opposed to the way it’s been configured by default. The way it’s by default should be good enough, you know, 90%+ of the time. But sometimes, there’s unique requirements.

Videos in the series