PowerShell | Tom's Notes

Creating some virtual machines in Azure with PowerShell

By Tomica Kaniski in Other 15/03/2019 0 Comment

The other day I was creating some Linux virtual machines (I know, I know…) and, with Azure being my preferred hosting platform, I’ve decided to create this machines by using a simple PowerShell script. Not because I’m so good at PowerShell, but because I like it… and sometimes I really don’t like clicking through the wizard to create multiple machines.

I wanted to create multiple machines with ease, each with “static” IP address from the provided subnet, accessible via the Internet (SSH, HTTP) and running the latest Ubuntu Linux, of course.

So, I was browsing through the official documentation (a.k.a. docs.com, more specifically https://docs.microsoft.com/en-us/azure/virtual-machines/linux/quick-create-powershell), and I’ve come up with this (my version of the official docs):

# prerequisites
Install-Module -Name Az -AllowClobber -Scope CurrentUser

# connect to Azure
Connect-AzAccount
Select-AzSubscription "<YOUR_SUBSCRIPTION_ID>"

# create VMs
$vmname = "myVM1"
$ip = "10.11.11.11"
$rg = "myResourceGroup"
$loc = "WestEurope"
$vnet = Get-AzVirtualNetwork -Name $rg -ResourceGroupName $rg
$subnet = Get-AzVirtualNetworkSubnetConfig -Name $subnet.Name -VirtualNetwork $vnet
$pip = New-AzPublicIpAddress -Name "$vmname-pip" -ResourceGroupName $rg -Location $loc -AllocationMethod Dynamic -IdleTimeoutInMinutes 4
$nsg_ssh = New-AzNetworkSecurityRuleConfig -Name "ssh" -Protocol "Tcp" -Direction "Inbound" -Priority 300 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 22 -Access "Allow"
$nsg_web = New-AzNetworkSecurityRuleConfig -Name "web" -Protocol "Tcp" -Direction "Inbound" -Priority 301 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 80 -Access "Allow"
$nsg = New-AzNetworkSecurityGroup -Name "$vmname-nsg" -ResourceGroupName $rg -Location $loc -SecurityRules $nsg_ssh,$nsg_web
if(Test-AzPrivateIPAddressAvailability -IPAddress $ip -ResourceGroupName $rg -VirtualNetworkName $vnet.Name){
  $ipconfig = New-AzNetworkInterfaceIpConfig -Name "$vmname-ip" -Subnet $subnet -PrivateIpAddress $ip -PublicIpAddress $pip
  $nic = New-AzNetworkInterface -Name "$vmname-nic" -ResourceGroupName $rg -Location $loc -IpConfiguration $ipconfig -NetworkSecurityGroupId $nsg.Id
}
$securePassword = ConvertTo-SecureString ' ' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ("tomica", $securePassword)
$vmConfig = New-AzVMConfig -VMName $vmname -VMSize "Standard_A1_v2" | Set-AzVMOperatingSystem -Linux -ComputerName $vmname -Credential $cred -DisablePasswordAuthentication | Set-AzVMSourceImage -PublisherName "Canonical" -Offer "UbuntuServer" -Skus "18.10" -Version "latest" | Add-AzVMNetworkInterface -Id $nic.Id
$sshPublicKey = cat ~/.ssh/id_rsa.pub
Add-AzVMSshPublicKey -VM $vmconfig -KeyData $sshPublicKey -Path "/home/tomica/.ssh/authorized_keys"
New-AzVM -ResourceGroupName $rg -Location $loc -VM $vmConfig

# prerequisites

Install-Module -Name Az -AllowClobber -Scope CurrentUser

# connect to Azure

Connect-AzAccount

Select-AzSubscription "<YOUR_SUBSCRIPTION_ID>"

# create VMs

$vmname = "myVM1"

$ip = "10.11.11.11"

$rg = "myResourceGroup"

$loc = "WestEurope"

$vnet = Get-AzVirtualNetwork -Name $rg -ResourceGroupName $rg

$subnet = Get-AzVirtualNetworkSubnetConfig -Name $subnet.Name -VirtualNetwork $vnet

$pip = New-AzPublicIpAddress -Name "$vmname-pip" -ResourceGroupName $rg -Location $loc -AllocationMethod Dynamic -IdleTimeoutInMinutes 4

$nsg_ssh = New-AzNetworkSecurityRuleConfig -Name "ssh" -Protocol "Tcp" -Direction "Inbound" -Priority 300 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 22 -Access "Allow"

$nsg_web = New-AzNetworkSecurityRuleConfig -Name "web" -Protocol "Tcp" -Direction "Inbound" -Priority 301 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 80 -Access "Allow"

$nsg = New-AzNetworkSecurityGroup -Name "$vmname-nsg" -ResourceGroupName $rg -Location $loc -SecurityRules $nsg_ssh,$nsg_web

if(Test-AzPrivateIPAddressAvailability -IPAddress $ip -ResourceGroupName $rg -VirtualNetworkName $vnet.Name){

$ipconfig = New-AzNetworkInterfaceIpConfig -Name "$vmname-ip" -Subnet $subnet -PrivateIpAddress $ip -PublicIpAddress $pip

$nic = New-AzNetworkInterface -Name "$vmname-nic" -ResourceGroupName $rg -Location $loc -IpConfiguration $ipconfig -NetworkSecurityGroupId $nsg.Id

}

$securePassword = ConvertTo-SecureString ' ' -AsPlainText -Force

$cred = New-Object System.Management.Automation.PSCredential ("tomica", $securePassword)

$vmConfig = New-AzVMConfig -VMName $vmname -VMSize "Standard_A1_v2" | Set-AzVMOperatingSystem -Linux -ComputerName $vmname -Credential $cred -DisablePasswordAuthentication | Set-AzVMSourceImage -PublisherName "Canonical" -Offer "UbuntuServer" -Skus "18.10" -Version "latest" | Add-AzVMNetworkInterface -Id $nic.Id

$sshPublicKey = cat ~/.ssh/id_rsa.pub

Add-AzVMSshPublicKey -VM $vmconfig -KeyData $sshPublicKey -Path "/home/tomica/.ssh/authorized_keys"

New-AzVM -ResourceGroupName $rg -Location $loc -VM $vmConfig

If this helps you with similar task – you’re welcome.

Cheers!

Renewing the expired Office Online/Web Apps Server farm certificate

By Tomica Kaniski in Other 17/12/2018 2 Comments

Certificates sometimes expire… it happens! 🙂

But what happens if the certificate for your Office Online Server (OOS) or Office Web Apps Server (OWAS) farm expires and your farm is not available anymore?

Obviously, OOS farm and your Skype for Business, Exchange & SharePoint integration stops working. Next thing to do will be to renew the expired certificate.

But how?

My MVP colleague Andi Krüger did a nice blog post on updating the farm certificate, and it’s fairly simple – Set-OfficeWebAppsFarm -CertificateName “RenewedOOSInternalCertificate” should do the trick… if your farm is running.

If things got out of hand and your farm is not running anymore and you cannot use the Set-OfficeWebAppsFarm cmdlet (you’ll see that Office Online (WACSM) service is Stopped and cannot be brought back up with the expired certificate and your machine is showing that it’s no longer part of the farm), you’ll need to take a different approach, because you’ll be getting errors when running the above mentioned command (like “It does not appear this machine is part of an Office Online Server farm.” or similar).

WACSM Service is Stopped and and your machine is showing that it’s no longer part of the farm

One of the possible solutions would be:

make a note of the Friendly Name of your old (expired) certificate (MMC or PowerShell) (in my case it’s called “OOSInternalCertificate“)
remove the expired certificate
renew/request/install the new certificate
change the Friendly Name of a new certificate to match the previous one
start the Office Online (WACSM) service or restart the machine
(copy the certificate/do the procedure on other farm members, if needed)

Everything is back normal

Your farm operations should now be restored and you can run Get-OfficeWebAppsFarm cmdlet normally:

Or you can open up the farm’s discovery URL – if it’s rendering again, everything should be OK (in my case “https://oos.myfarm.local/hosting/discovery“):

Even the discovery works

Cheers!

PowerShell helps with Altaro

By Tomica Kaniski in Other 28/06/2018 0 Comment

I really like Altaro VM Backup! It’s so simple, fast and gets the job done. If you haven’t tried it yet, please do – it fulfills the backup needs of small and medium businesses. I’m using it for backup of my Hyper-V virtual machines, of course.

Have I mentioned that they also have the free version, because – they do!

With this little digression out of the way, the thing I want to write now is something that really helped me the other day. I created (yet another) virtual machine on my Hyper-V host and then I tried to add it to backup as well. It is really simple to do this in Altaro – you just select your virtual machine and then drag & drop it to the desired backup location and schedule and that’s it!

As I was connected to my host via Remote Desktop, I was having trouble with drag & drop. I wasn’t able to add my new virtual machine to either backup location or schedule. I’m stuck.

So… when all things fail, you’re usually saved by “reading the friendly manual” (RTFM). Or by using PowerShell. I’ve decided to try the latter.

How do you use PowerShell to add the virtual machine to backup when using Altaro VM Backup?

There are a couple of steps, but basically you need to establish the connection to backup server, make Altaro VM Backup aware of your virtual machine, assign it to the desired backup location and schedule. And that’s it! And, even better – the good people at Altaro have written the PowerShell scripts that help you do all that!

The steps are:

(inside PowerShell console) go to the C:\Program Files\Altaro\Altaro Backup\Cmdlets where here you can see all the scripts that come out-of-the-box:

all scripts are equipped with help and examples, accessible by adding the –help parameter:

first, we need to establish connection to backup server by using the StartSessionPasswordHidden.ps1 scripts (that will give us connection to the backup server and also Session token (Data field) which we need as first parameter for all the next steps):

next, we need to make Altaro VM Backup aware of our new virtual machine by getting the HypervisorVirtualMachineUuid of this virtual machine with GetVirtualMachines.ps1 script:

then we can add this virtual machine to Altaro with AddVirtualMachineToConfig.ps1 script by passing the Data (actually the VirtualMachineRefId) value from the previous step:

next, we need to check our available backup locations with GetBackupLocations.ps1 script:

by using the AddVirtualMachineToBackupLocation.ps1 with BackupLocationId from the previous step, we will assign our virtual machine to desired backup location:

next, we need to add this virtual machine to a desired schedule as well – with GetSchedules.ps1 script, we can get the ScheduleId:

and with this parameter in hand, we can start the AddVirtualMachineToSchedule.ps1 script:

last, but not least, we need to close all sessions by using the EndAllSessions.ps1 script:

finally, we can see the results in the GUI (our machine should be added to the backup location and schedule – everything that’s needed to start backing it up!):

Pretty simple (and cool), right?! Hope it helps!

Cheers!

Scheduling a PowerShell script… with arguments

By Tomica Kaniski in Other 24/04/2017 20 Comments

Let’s say that you have a neat PowerShell script, which you want to run on some kind of a schedule (a script which will collect some data and send you an e-mail, every day in the same hour… ‘til the end of time – maybe this one) – how can you do it? Smile

The answer is simple. Yes, there is a tool included with Windows operating system, which can help you… and it’s called… well – Task Scheduler. Smile

And… if you never used the Task Scheduler in Windows, maybe this is the time to start.

It’s a rather simple tool – you click through a simple wizard, select what you need (a program) and when you need it, and you’ve created a scheduled task.

OK… so, I can run a program? What about a PowerShell script?

The real question here is “Who/what will run my PowerShell script?”. And then, the answer is simple – the PowerShell engine.

This means that your “program” is powershell.exe. This also means that in your scheduled task you should enter something like this:

(note the full path to powershell.exe – C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe)

Now we have a scheduled task which will start PowerShell in designated time, every single day. Usually, this is not enough, and we need to add some arguments to the command running (like the path to the script we want to execute).

(argument field in this case contains -Command “& ‘C:\Scripts\Get-HyperVReport.ps1‘“ – be really careful about the single/double quotes here!)

Configured like this, our scheduled task will execute the following command:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command "& 'C:\Scripts\Get-HyperVReport.ps1'"

1	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command "& 'C:\Scripts\Get-HyperVReport.ps1'"

Two remaining things that we have to check is to have our Get-HyperVReport.ps1 script saved in C:\Scripts and that user, under whom this task is running, has the appropriate permissions to run it. Also, if task should be running unnatended (usually it should), make sure to configure it so.

One other thing that may be useful – with this script, we need to specify some additional parameters (like ClusterName or if it will send us an e-mail when completed). In this case, we can easily add the required parameters to the arguments field, like this:

(argument field in this case contains -Command “& ‘C:\Scripts\Get-HyperVReport.ps1‘ -ClusterName MyCluster -SendMail $true -SMTPServer smtp.mail.com -MailFrom [email protected] -MailTo [email protected]“)

The whole command is then:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command "& 'C:\Scripts\Get-HyperVReport.ps1' -ClusterName MyCluster -SendMail $true -SMTPServer smtp.mail.com -MailFrom hyper-v@mail.com -MailTo some.mail@mail.com"

1	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command "& 'C:\Scripts\Get-HyperVReport.ps1' -ClusterName MyCluster -SendMail $true -SMTPServer smtp.mail.com -MailFrom [email protected] -MailTo [email protected]"

Hope this helps!

Cheers!

P.S. One other other thing (yes, it’s written twice… live with it Smile ) that can be useful – you can also use PowerShell to create scheduled task which will run this PowerShell script (instead of using “the lame wizard”). Pssst… take a look at the New-ScheduledTask command. Winking smile

P.P.S. You can also make use of Adam’s function, which will make your life easier – https://github.com/adbertram/Random-PowerShell-Work/blob/master/Scheduled%20Tasks/New-ScheduledScript.ps1. Thanks, Adam!

How PowerShell keeps my photo collection neat

By Tomica Kaniski in Other 23/04/2017 0 Comment

As I love taking photos, sometimes it might be difficult to keep my photo collection “neat”. My camera is set to save every photo in two formats (one for editing, and another one for “long term storage”, as I like to say Smile ) – .ARW and .JPG.

When I come home from a “photo trip”, I go through the photos taken and delete the ones I don’t really like. As I need to delete both copies, sometimes it happens that I forgot to delete .JPG or .ARW file of the same photo (which leads to “inconsistencies” in my collection… which is not “neat” Smile ).

To overcome this, I’ve come up with a solution – a simple PowerShell script to check if there are any .ARW files which are missing it’s corresponding .JPG file (basically, I’m looking for files sharing the same name, but with different extension):

$dir = "C:\Users\Tomica\Pictures\SuperCoolPictureFolder" 
$jpg = Get-ChildItem -Path $dir -Filter "*.JPG" | % {$_.BaseName} 
$arw = Get-ChildItem -Path $dir -Filter "*.ARW" | % {$_.BaseName} 
Compare-Object -ReferenceObject $jpg -DifferenceObject $arw

$dir = "C:\Users\Tomica\Pictures\SuperCoolPictureFolder"

$jpg = Get-ChildItem -Path $dir -Filter "*.JPG" | % {$_.BaseName}

$arw = Get-ChildItem -Path $dir -Filter "*.ARW" | % {$_.BaseName}

Compare-Object -ReferenceObject $jpg -DifferenceObject $arw

So, output will be something like this (with right arrow in results meaning that I have .ARW files for which I don’t have the corresponding .JPG file, which further means that I’ve deleted the .JPG file which I didn’t like and now I need to delete .ARW as well):

Arrow on the left side means that I have .JPG files for which I don’t have the corresponding .ARW file. No results will mean that I have the files in sync – for each .ARW file, there is a corresponding .JPG file.

Next step will be to tweak the script and probably automate the deletion process. For now, I’m satisfied with PowerShell providing me info about the duplicates and deleting the files manually. Smile

Cheers!

Reinstalling your Hyper-V hosts

By Tomica Kaniski in Other 10/10/2016 0 Comment

Have you ever reinstalled your Hyper-V hosts?

I know, there is not much need for it (as everything usually works just fine), but still… there is a “Windows Server 2016 re-installation wave” coming and maybe you’ll find the the next pieces interesting and useful.

One of the “messy” tasks with Windows reinstallation is networking… and by “messy” I mean “you have more than one network cable in your Hyper-V hosts” and you need to know which networks are connected where. Smile

What happens is that Windows somehow always forgets your network device order, all the pretty names you’ve applied and you get stuck with names like “Ethernet”, “Ethernet 2”, etc.

There is a way to fix this (there are many, actually) – we can ask our younger colleague to go to the server room and unplug the cables one by one and then plug them back in, following the rename on our (Windows) side. This way we are certain that all the corporate, DMZ, storage, live migration, etc. cables don’t get “confused” when added to their respective teams and if we labeled cables properly, everything will work with fresh Windows installation also.

But… there is another way. We can use what we already have – our documentation. Here I mean “our current setup” – we have our network adapters and teams already configured in our current Windows installation, why don’t we just export this info and use it after the reinstallation?

We can do this easily by using PowerShell!

The idea is to export network adapter names and MAC addresses of our physical network adapters (excluding the virtual and team adapters), in a CSV file, so that we can use it later, to rename our adapters after the reinstallation:

Get-NetAdapter | where {$_.InterfaceDescription -notlike "Microsoft*" -and $_.InterfaceDescription -notlike "Hyper-V*"} | Export-Csv C:\Hyper-V.csv -Delimiter ";"

1	Get-NetAdapter \| where {$_.InterfaceDescription -notlike "Microsoft" -and $_.InterfaceDescription -notlike "Hyper-V"} \| Export-Csv C:\Hyper-V.csv -Delimiter ";"

After reinstallation, we can use the following command to rename our adapters, as per our saved CSV file:

$networks = Import-Csv C:\Hyper-V.csv -Delimiter ";"
foreach($network in $networks){
    Get-NetAdapter | where {$_.InterfaceDescription -notlike "Microsoft*" -and $_.InterfaceDescription -notlike "Hyper-V*" -and $_.MacAddress -eq $network.MacAddress} | Rename-NetAdapter -NewName $network.Name
}

$networks = Import-Csv C:\Hyper-V.csv -Delimiter ";"

foreach($network in $networks){

Get-NetAdapter | where {$_.InterfaceDescription -notlike "Microsoft*" -and $_.InterfaceDescription -notlike "Hyper-V*" -and $_.MacAddress -eq $network.MacAddress} | Rename-NetAdapter -NewName $network.Name

}

And voilà – our networks are named nicely again (and our colleague didn’t need to go to the cold server room… this time). Smile

Cheers!

Playing with folders and permissions

By Tomica Kaniski in Other 11/01/2016 0 Comment

This one will be short and sweet. Smiješak

Imagine you have an Active Directory full of users. You also have a file server in your environment. And, as it happens, each of your users needs to have a folder created just for himself, on this file server. Each folder should have inheritance disabled and each user should get full permissions on his folder.

What do you do?

Well, we can manually create the required folders, or we can use a PowerShell script which will do it for us. Obviously, I’ve chosen PowerShell (maybe not the nicest script in the world, but it does the job), or this post would be… lame. Smiješak

So, the interesting part of this script goes like this (I’ve added a few empty lines to make comments more visible):

# get user/folder names from Active Directory (SamAccountName property)
$users = Get-ADUser -Filter * | Select SamAccountName

foreach($user in $users)
{
    $folder = "D:\Share\$user"
    
    # create a (sub)folder for each user
    New-Item -Path $folder -Type Directory
    
    # read the current access rules applied to a folder
    $acl = Get-Acl -Path $folder

    # disable the inheritance, but leave the inherited access rules in place
    $acl.SetAccessRuleProtection($True, $True)
    
    # add Full access rule for a specific user
    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("$user","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")

    # add this rule to existing ruleset
    $acl.AddAccessRule($rule)

    # and finally, apply the new ruleset to a folder
    Set-Acl -Path $folder -AclObject $acl
}

# get user/folder names from Active Directory (SamAccountName property)

$users = Get-ADUser -Filter * | Select SamAccountName

foreach($user in $users)

{

$folder = "D:\Share\$user"

# create a (sub)folder for each user

New-Item -Path $folder -Type Directory

# read the current access rules applied to a folder

$acl = Get-Acl -Path $folder

# disable the inheritance, but leave the inherited access rules in place

$acl.SetAccessRuleProtection($True, $True)

# add Full access rule for a specific user

$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("$user","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow")

# add this rule to existing ruleset

$acl.AddAccessRule($rule)

# and finally, apply the new ruleset to a folder

Set-Acl -Path $folder -AclObject $acl

}

Cheers!

Open Cloud BBQ – Nano Server

By Tomica Kaniski in Other 18/06/2015 0 Comment

There was a barbecue today… on the roof… of the Microsoft office! How cool is that??? Smiješak

I’ve had an honor to join my colleagues and friends, and contribute to this great event with a presentation called “Nano Server – budućnost je tu!”, which was actually inspired by Jeffrey Snover’s Ignite speech about Nano Server – the new installation option in Windows Server 2016.

The whole Nano Server idea is very simple – let’s remove all the “unnecessary” roles and features (especially the famous GUI), and leave only the parts that we really need for whatever purpose (i.e. we’re getting the “purpose built servers”). All the purposes/roles that are supported in this preview version are Hyper-V, File Server and Failover Clustering, and they are working great on this “nano-sized” server operating system (even in this early preview).

I’m really excited about Nano Server, and I’m so glad that I’ve had a chance to talk about it at such great event. Because there were so many questions about it during the day/evening, I’ve noticed that Nano Server is a very cool subject for attendees also. Nice!

The presentation is available on SlideShare – check it, install the Nano Server and start rocking your datacenters! Smiješak

Open Cloud BBQ – Nano Server from Tomica Kaniski

Cheers!

Hyper-V reporting script

By Tomica Kaniski in Other 22/01/2015 5 Comments

There’s something nice for all you Hyper-V admins out there – don’t know if you’ve seen it already, but Serhat Akinci (my MVP colleague) made a great script for reporting the health of your Hyper-V hosts, called Get-HyperVReport.

You can use it on local or remote Hyper-V hosts and clusters, schedule and e-mail the reports (something to read while enjoying the morning coffee… or tea Smile ), and they look like this:

Highlights (from TechNet page):

More than 2600+ lines of PowerShell, HTML and CSS code examples
Creates a plain but detailed and user-friendly HTML report which is compatible with all modern browsers
Provides more detailed information via tooltips in the HTML report. (cells with asteriks and highlighted)
Checks and installs required runtime environment prerequisites like Hyper-V and Clustering PowerShell
Collects information by using standard Hyper-V and Clustering PowerShell cmdlets and custom WMI queries
Shows alerts in the report for certain situations (utilizations, VM checkpoints, replication status, etc.)
Can be used directly from command-line or as a scheduled Windows task
Supports report delivery via e-mail with advanced options. (authentication, TLS/SSL, multiple recipients)
Includes a mode that reports only alerts in the Hyper-V environment. (aka HighlightsOnly mode)
Advanced error handling and logging. (Console messages and log file)

Download of this script, and more information about it, is available at TechNet Gallery. And remember – don’t let your Hyper-V hosts run all by themselves! Smile

Cheers!

Adventure of installing the Windows Azure Active Directory Module for PowerShell

By Tomica Kaniski in Other 28/05/2014 0 Comment

Well, you know the story – “something needs to be done immediately, usually in the middle of the night, involving PowerShell, and you don’t have all the needed modules installed…”.

The solution seems easy enough – install the required modules, connect to Office 365 and do the job. Yeah… but no! Smile

More specific – I’ve tried to install the Windows Azure Active Directory Module for Windows PowerShell the other night. In the end, I’ve succeeded, but something kept me awake a little longer than necessary.

I’ve read an article on TechNet, explaining the management of Azure Active Directory using PowerShell. Why? Because I couldn’t do what was needed via the (nice) user interface.

So, instructions said “Install the Windows Azure AD Module” – I’ve downloaded the appropriate installer (Windows Azure Active Directory Module for Windows PowerShell (64-bit version)), and started the installation.

Almost immediately, I’ve got an error saying that the Microsoft Online Services Sign-In Assistant (version 7.0 or greater) needs to be already installed. OK, I’ve downloaded this piece of software as well (from here), and installed it. “Fortunately” it demands a machine reboot. Rebooted.

Now I’ve tried to install the Windows Azure AD Module again, and got the same error:

I must say that I’m little confused at this point, because I was convinced that I’ve installed this just a minute or two ago. Ok, it’s late. No big deal – I’ve ran the installation again, and got the following screen:

So, it is installed after all. Maybe it’s the wrong version (on the other hand, the TechNet article contains the link to download)? After a few moments of searching, I’ve found the more recent version of this Sign-In Assistant, called Microsoft Online Services Sign-In Assistant for IT Professionals BETA. I’ve installed this version now, and tried to install the Windows Azure AD Module afterwards. Now it finally worked!

The conclusion – this TechNet article is slightly out-of-date (linked to the wrong version of the Sign-In Assistant, which doesn’t work with the current version of Windows Azure AD Module) and, until this is resolved, you’ll need to install the BETA version from the link provided above (this one).

Cheers!