At my current age in life, I feel like I’m in my early 30s — full of energy, mentally sharp, and physically strong. That’s no accident. This post shares how I fuel my body, train my mind, and keep my spirit steady. From what I eat to how I move and why I rest, this is the lifestyle that keeps me grateful and grounded.
Author: jetnmariano
-
How I Deployed and Cleaned Up a Windows Server VM in Azure with PowerShell
The Problem
After spinning up a few test VMs in Azure, I realized the costs were creeping up from unused resources. Manual cleanup was time-consuming, especially when tracking which NICs, disks, and IPs belonged to what. I needed a faster, cleaner solution—one script to deploy, another to destroy.
The Solution
I wrote two PowerShell scripts:
New-AzServerVmRdp-20250509_GitHub.ps1: Fully automates deployment of a Windows Server 2019 VM with RDP access.Remove-AzServerVmRdp-20250509_GitHub.ps1: Cleans up the entire environment by removing the resource group.
These scripts not only deploy the VM but configure the VNet, subnet, NSG, public IP, and NIC—all with one command.
The Code
Deploy Script:
New-AzResourceGroup -Name "MyTestRG" -Location "westus" # ... other setup commands New-AzVM -ResourceGroupName "MyTestRG" -Location "westus" -VM $vmConfigCleanup Script:
Remove-AzResourceGroup -Name "MyTestRG" -Force -AsJobThe Result
I can now spin up a fresh, RDP-ready Windows Server in under 10 minutes and wipe it clean with a single line. I tested the RDP connection, confirmed the VM’s performance, and removed the environment—no residual charges, no clutter.
© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.
-
Deploy & Remove Windows Server VM in Azure via RDP
Automate the full lifecycle of a Windows Server VM in Azure — from deployment to secure RDP access and safe cleanup — using PowerShell.
Step-by-Step Process:
- Azure Login and Subscription Setup
Connect-AzAccount Set-AzContext -SubscriptionId "<your-subscription-id>"2. Create Resource Group
New-AzResourceGroup -Name "MyTestRG" -Location "westus"3. Create Virtual Network and Subnet
$subnetConfig = New-AzVirtualNetworkSubnetConfig -Name "MySubnet" -AddressPrefix "10.0.1.0/24" $vnet = New-AzVirtualNetwork -Name "MyVNet" -ResourceGroupName "MyTestRG" -Location "westus" -AddressPrefix "10.0.0.0/16" -Subnet $subnetConfig4. Create Network Security Group with RDP Access
$rdpRule = New-AzNetworkSecurityRuleConfig -Name "Allow-RDP" -Protocol "Tcp" -Direction "Inbound" -Priority 1000 -SourceAddressPrefix "*" -SourcePortRange "*" -DestinationAddressPrefix "*" -DestinationPortRange 3389 -Access "Allow" $nsg = New-AzNetworkSecurityGroup -Name "MyNSG" -ResourceGroupName "MyTestRG" -Location "westus" -SecurityRules $rdpRule5. Create Public IP Address
$publicIp = New-AzPublicIpAddress -Name "MyPublicIP" -ResourceGroupName "MyTestRG" -Location "westus" -AllocationMethod Static -Sku Basic6. Create Network Interface
$subnet = Get-AzVirtualNetworkSubnetConfig -Name "MySubnet" -VirtualNetwork $vnet $nic = New-AzNetworkInterface -Name "MyNIC" -ResourceGroupName "MyTestRG" -Location "westus" -SubnetId $subnet.Id -NetworkSecurityGroupId $nsg.Id -PublicIpAddress $publicIp7. Enter Credentials
$cred = Get-Credential # Use a simple username like 'azureadmin'8. Configure the Server VM
$vmConfig = New-AzVMConfig -VMName "MyServerVM" -VMSize "Standard_B1s" $vmConfig = Set-AzVMOperatingSystem -VM $vmConfig -Windows -ComputerName "MyServerVM" -Credential $cred $vmConfig = Set-AzVMSourceImage -VM $vmConfig -PublisherName "MicrosoftWindowsServer" -Offer "WindowsServer" -Skus "2019-Datacenter" -Version "latest" $vmConfig = Add-AzVMNetworkInterface -VM $vmConfig -Id $nic.Id9. Deploy the Server VM
New-AzVM -ResourceGroupName "MyTestRG" -Location "westus" -VM $vmConfig10. Connect via Remote Desktop
- Launch Remote Desktop (RDP)
- Enter the Public IP of your VM
- Click “More choices” > “Use a different account”
- Log in with:
- Username:
azureadmin - Password: the one you specified
- Username:
- Accept the certificate prompt
✅ You’re connected!
Clean Up: Delete Azure Windows Server VM and Resources to Avoid Charges
To prevent ongoing charges after testing, it’s important to delete all associated resources, including:
- The Virtual Machine (
MyServerVM) - Public IP Address
- Network Interface (
MyNIC) - Network Security Group (
MyNSG) - Virtual Network and Subnet (
MyVNet,MySubnet) - Managed Disk
- And any other resource under the resource group
You can remove all of these at once using the following command:
Remove-AzResourceGroup -Name "MyTestRG" -Force -AsJob© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.
-
Deploy and Clean Up a Windows VM in Azure Using PowerShell
To provision a Windows 10 virtual machine in Azure, assign it a public IP address, and successfully connect to it via Remote Desktop Protocol (RDP).
Step-by-Step Process:
1. Azure Login and Subscription Setup
Connect-AzAccount Set-AzContext -SubscriptionId "<your-subscription-id>"2. Create Resource Group
New-AzResourceGroup -Name "MyTestRG" -Location "westus"3. Create Virtual Network and Subnet
$subnetConfig = New-AzVirtualNetworkSubnetConfig -Name "MySubnet" -AddressPrefix "10.0.1.0/24" $vnet = New-AzVirtualNetwork -Name "MyVNet" -ResourceGroupName "MyTestRG" -Location "westus" -AddressPrefix "10.0.0.0/16" -Subnet $subnetConfig4. Create Network Security Group with RDP Access
$rdpRule = New-AzNetworkSecurityRuleConfig -Name "Allow-RDP" -Protocol "Tcp" -Direction "Inbound" -Priority 1000 -SourceAddressPrefix "*" -SourcePortRange "*" -DestinationAddressPrefix "*" -DestinationPortRange 3389 -Access "Allow" $nsg = New-AzNetworkSecurityGroup -Name "MyNSG" -ResourceGroupName "MyTestRG" -Location "westus" -SecurityRules $rdpRule5. Create Network Interface (NIC)
$subnet = Get-AzVirtualNetworkSubnetConfig -Name "MySubnet" -VirtualNetwork $vnet $nic = New-AzNetworkInterface -Name "MyNIC" -ResourceGroupName "MyTestRG" -Location "westus" -SubnetId $subnet.Id -NetworkSecurityGroupId $nsg.Id6. Enter Credentials
$cred = Get-Credential # Use a username like: azureadmin and a strong password7. Configure the Windows 10 VM
$vmConfig = New-AzVMConfig -VMName "MyVM" -VMSize "Standard_B1s" $vmConfig = Set-AzVMOperatingSystem -VM $vmConfig -Windows -ComputerName "MyVM" -Credential $cred $vmConfig = Set-AzVMSourceImage -VM $vmConfig -PublisherName "MicrosoftWindowsDesktop" -Offer "Windows-10" -Skus "win10-22h2-pro" -Version "latest" $vmConfig = Add-AzVMNetworkInterface -VM $vmConfig -Id $nic.Id8. Deploy the Virtual Machine
New-AzVM -ResourceGroupName "MyTestRG" -Location "westus" -VM $vmConfig9. Create and Attach a Public IP Address
$publicIp = New-AzPublicIpAddress -Name "MyPublicIP" -ResourceGroupName "MyTestRG" -Location "westus" -AllocationMethod Static -Sku Basic $nic = Get-AzNetworkInterface -Name "MyNIC" -ResourceGroupName "MyTestRG" $nic.IpConfigurations[0].PublicIpAddress = $publicIp Set-AzNetworkInterface -NetworkInterface $nic10. Reset VM Admin Credentials (if needed)
Set-AzVMExtension -ResourceGroupName "MyTestRG" -Location "westus" -VMName "MyVM" -Name "ResetAccess" -Publisher "Microsoft.Compute" -ExtensionType "VMAccessAgent" -TypeHandlerVersion "2.4" -Settings @{ "UserName" = "azureadmin" } -ProtectedSettings @{ "Password" = "YourNewP@ssw0rd!" }
Final Step: Connect via Remote Desktop
- Launch Remote Desktop (RDP)
- Enter the Public IP of your VM
- Click “More choices” > “Use a different account”
- Login as:
- Username:
azureadmin - Password: the one you specified
- Username:
- Accept certificate prompt
You’re now connected! ✅
Clean Up: Delete Azure VM and Resources to Avoid Charges
When you’re done testing, it’s important to clean up to avoid being billed for unused resources like disks, NICs, static IPs, and NSGs. You can do that with one simple PowerShell command:
# Clean up everything in one shot Remove-AzResourceGroup -Name "MyTestRG" -Force -AsJobThis command deletes:
- The Virtual Machine (
MyVM) - Network Interface (
MyNIC) - Network Security Group (
MyNSG) - Virtual Network (
MyVNet) and Subnet (MySubnet) - Public IP (
MyPublicIP) - Managed Disks and any attached resources
© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer. -
Compact and Defrag Exchange On-Prem Mailbox Database
This script uses
eseutilto perform offline defragmentation and compaction of Exchange mailbox databases, helping reclaim unused space and improve performance.# Dismount database Dismount-Database -Identity "Mailbox Database 001" # Defrag the database (adjust path as needed) eseutil /d "E:\ExchangeDB\Mailbox Database 001.edb" /t"E:\Temp\DBDefrag.edb" # Mount database back Mount-Database -Identity "Mailbox Database 001"This script must be run during off-hours. Always take a full backup before running offline defrag.
© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer. -
Assign Permissions to Distribution Group and Linked Shared Mailbox
This script adds members to an existing Distribution Group and grants them appropriate permissions on a related shared mailbox (like “Send As” and “Full Access”). Useful when a team manages both a DL and its mailbox.
# Add members to Distribution Group $members = @("[email protected]", "[email protected]", "[email protected]") foreach ($m in $members) { Add-DistributionGroupMember -Identity "Sales Team" -Member $m } # Assign Send As & Full Access to all DG members (loop through) foreach ($m in $members) { Add-MailboxPermission -Identity "[email protected]" -User $m -AccessRights FullAccess -InheritanceType All Add-ADPermission -Identity "Sales Team" -User $m -ExtendedRights "Send As" }Great for use in tightly aligned teams with shared inbox responsibility.
© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.
-
Create Marketing Shared Mailbox with Read, Send As, and Full Access Roles
This script creates a Marketing shared mailbox and assigns three permission tiers: 10 users with read-only, 10 with “Send As,” and one owner with full access. Great for controlled collaboration environments.
# Create Shared Mailbox New-Mailbox -Name "Marketing Shared" -Shared -PrimarySmtpAddress "[email protected]" # Assign Read-Only Access (View Only - use mailbox folder permissions) $readUsers = @("[email protected]", "[email protected]", "[email protected]") foreach ($user in $readUsers) { Add-MailboxFolderPermission -Identity "[email protected]:\Inbox" -User $user -AccessRights Reviewer } # Assign Send As permissions $sendAsUsers = @("[email protected]", "[email protected]", "[email protected]") foreach ($user in $sendAsUsers) { Add-ADPermission -Identity "Marketing Shared" -User $user -ExtendedRights "Send As" } # Assign Full Access to Owner Add-MailboxPermission -Identity "[email protected]" -User "[email protected]" -AccessRights FullAccess -InheritanceType AllRun this after connecting to Exchange Online. Mailbox folder permissions are used for read-only access.
© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.
-
ChromeEdgeCleaner
Welcome!
This utility helps system administrators quickly clear cache, cookies, history, and temp files from both Chrome and Edge using PowerShell—ideal for troubleshooting browser issues or prepping a machine for user handoff.Description:
This script uses file system paths and environment variables to remove temporary internet files, browsing history, and cached data from both Microsoft Edge and Google Chrome. It is especially useful in enterprise environments for periodic cleanup or pre-deployment routines.# Clear Chrome browser data $chromePaths = @( "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Cache", "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Code Cache", "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Cookies", "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\History", "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Temp" ) foreach ($path in $chromePaths) { if (Test-Path $path) { Remove-Item $path -Recurse -Force -ErrorAction SilentlyContinue } } # Clear Edge browser data $edgePaths = @( "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Cache", "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Code Cache", "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Cookies", "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\History", "$env:LOCALAPPDATA\Microsoft\Edge\User Data\Default\Temp" ) foreach ($path in $edgePaths) { if (Test-Path $path) { Remove-Item $path -Recurse -Force -ErrorAction SilentlyContinue } }Notes:
- Best run with administrative privileges.
- Does not remove saved passwords or extensions.
- Can be scheduled via Task Scheduler for weekly cleanup.
© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.
-
Distribution Group & Shared Mailbox Permissions
Welcome:
This PowerShell module automates the creation of a Distribution Group and assigns shared mailbox permissions in one go. Built for environments like Pimco and Monster where access precision and scale are critical.Description:
Create a Distribution Group with over 20 members, nest a shared mailbox and another DL, and assign permissions like “Send As” and “Full Access” as needed.# Create Distribution Group New-DistributionGroup -Name "LegalTeamDG" -PrimarySmtpAddress [email protected] -OrganizationalUnit "OU=Groups,DC=domain,DC=com" # Add users $users = @("[email protected]", "[email protected]", ..., "[email protected]") foreach ($user in $users) { Add-DistributionGroupMember -Identity "LegalTeamDG" -Member $user } # Nest a Shared Mailbox and DL Add-DistributionGroupMember -Identity "LegalTeamDG" -Member "[email protected]" Add-DistributionGroupMember -Identity "LegalTeamDG" -Member "[email protected]" # Assign Send As and Full Access Add-RecipientPermission -Identity "[email protected]" -Trustee "LegalTeamDG" -AccessRights SendAs -Confirm:$false Add-MailboxPermission -Identity "[email protected]" -User "LegalTeamDG" -AccessRights FullAccess -InheritanceType AllReplace placeholder values with actual names and domains.
Requires Exchange Online PowerShell module.
Add DLs with caution—permissions are inherited recursively.
© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.
-
Dynamic Distribution List Generator (PowerShell)
Description:
This script automates the creation of Dynamic Distribution Groups based on user attributes (e.g., department, title, or office) and applies filters to populate the group membership dynamically.# Connect to Exchange Online (Modern Auth) Connect-ExchangeOnline -UserPrincipalName [email protected] # Define variables $DLName = "DL-SLC-IT" $RecipientFilter = "(Department -eq 'IT') -and (Office -eq 'Salt Lake City')" # Create the Dynamic Distribution Group New-DynamicDistributionGroup -Name $DLName -RecipientFilter $RecipientFilter # Confirm creation Get-DynamicDistributionGroup -Identity $DLName | Format-List Name,RecipientFilter- Customize
$DLNameand$RecipientFilteras needed for your organization. - This script assumes you have Exchange Online PowerShell V2 module installed.
- Optional: Add
-PrimarySmtpAddressor-DisplayNameif you want a specific email format.
Dynamic DL Generator
Easily generate dynamic distribution lists in Exchange Online using custom filters and automated membership rules. Ideal for modern, policy-based email groups.
© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.
- Customize
-
License & Group Audit
Shine a light on your Microsoft 365 usage.
This tool provides a snapshot of license assignments and group memberships—perfect for cleanup, budgeting, and security reviews.Description:
Quickly audit Microsoft 365 user licenses and group memberships to spot inconsistencies and optimize provisioning.# Connect to Microsoft Graph Connect-MgGraph -Scopes "User.Read.All", "Directory.Read.All" # Get all licensed users $users = Get-MgUser -All | Where-Object { $_.AssignedLicenses } foreach ($user in $users) { $groups = Get-MgUserMemberOf -UserId $user.Id [PSCustomObject]@{ DisplayName = $user.DisplayName UserPrincipal = $user.UserPrincipalName Licenses = ($user.AssignedLicenses | ForEach-Object { $_.SkuId }) -join ', ' Groups = ($groups | Where-Object { $_.'@odata.type' -eq '#microsoft.graph.group' } | ForEach-Object { $_.DisplayName }) -join ', ' } }Requires Microsoft Graph PowerShell SDK.
Replace
SkuIdwith readable license names by mapping GUIDs if needed.Ideal for license audits and ensuring users belong to correct security or M365 groups.
© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.
-
Shared Mailbox Access Report
Instantly audit who has access to what.
This report gives you a clear view of shared mailbox permissions across your tenant—crucial for security, compliance, and peace of mind.Description:
Generate a report listing all users with Full Access to shared mailboxes. Perfect for security audits and handoff reviews.# Connect to Exchange Online Connect-ExchangeOnline -UserPrincipalName [email protected] # Get all shared mailboxes and their access permissions $sharedMailboxes = Get-Mailbox -RecipientTypeDetails SharedMailbox -ResultSize Unlimited foreach ($mbx in $sharedMailboxes) { Get-MailboxPermission -Identity $mbx.Alias | Where-Object { $_.AccessRights -like "*FullAccess*" -and $_.User -notlike "NT AUTHORITY*" } | Select-Object @{Name="SharedMailbox";Expression={$mbx.DisplayName}}, @{Name="User";Expression={$_.User}}, AccessRights }Filters out system accounts like
NT AUTHORITY\SYSTEM.Modify the
AccessRightsfilter if you need SendAs or SendOnBehalf reporting.Great for auditing or onboarding/offboarding reviews.
Shared Mailbox Access Report
Generate a detailed report showing who has access to each shared mailbox in Exchange Online. Essential for security reviews and access audits.
© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.
-
Mailbox Migration Utility
Seamlessly migrate mailboxes between servers or tenants with minimal downtime.
This tool automates batch migrations, preserves permissions, and logs progress — built for smooth transitions in hybrid and cloud environments.Description:
Migrate batches of mailboxes to Exchange Online with minimal effort. Ideal for hybrid setups or post-merger transitions.# Connect to Exchange Online and Exchange On-Prem Connect-ExchangeOnline -UserPrincipalName [email protected] $Session = New-PSSession -ConfigurationName Microsoft.Exchange ` -ConnectionUri http://onprem.exchange.local/PowerShell/ ` -Authentication Kerberos Import-PSSession $Session -DisableNameChecking # Create Migration Batch New-MigrationBatch -Name "Marketing_Migration" ` -CSVData ([System.IO.File]::ReadAllBytes("C:\Scripts\marketing.csv")) ` -TargetDeliveryDomain "domain.mail.onmicrosoft.com" ` -AutoStart -AutoCompleteEmailAddress [email protected] [email protected] [email protected]- Make sure your on-prem Exchange supports remote PowerShell.
- Run
Complete-MigrationBatchif-AutoCompleteis not used. - This utility supports staged, cutover, or remote migrations.
Mailbox Migration Utility
Automate mailbox migrations from on-prem to Exchange Online with detailed logging and status checks. A time-saving tool for hybrid environments.
© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.
-
Bulk Out of Office Scheduler
Schedule and manage auto-replies for multiple users at once — perfect for company-wide holidays or department leaves.
This PowerShell tool updates internal and external messages in bulk, saving time and reducing manual errors.Description:
Schedule automatic out-of-office replies for multiple users in one go. Useful for holidays, company events, or terminations.# Connect to Exchange Online Connect-ExchangeOnline -UserPrincipalName [email protected] # Import CSV of users with their messages and date range $Users = Import-Csv "C:\Scripts\outofoffice.csv" foreach ($user in $Users) { Set-MailboxAutoReplyConfiguration -Identity $user.UserPrincipalName ` -AutoReplyState Scheduled ` -StartTime $user.StartTime ` -EndTime $user.EndTime ` -InternalMessage $user.InternalMessage ` -ExternalMessage $user.ExternalMessage }UserPrincipalName,StartTime,EndTime,InternalMessage,ExternalMessage [email protected],5/6/2025 08:00,5/10/2025 17:00,"I'm out of the office.","Thank you for reaching out. I’ll respond after my return."Make sure date/time format matches your system locale.
You can adjust messages per user or use static content.
Useful for managing departments, terminated accounts, or planned leaves.
Bulk Out of Office Scheduler
🔗 View on GitHub© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.
-
The Price of Earning Respect in IT: What They Don’t Tell You
📜 The Price of Gaining Respect in the IT World
By Jet Mariano
Respect in IT isn’t handed out with certifications, job titles, or seniority. It’s earned — quietly, repeatedly — through solutions delivered under pressure, systems recovered when no one else could, and long hours spent automating what others assumed had to be manual.
I’ve restored failed VMs when the backups looked hopeless.
I’ve rebalanced VMware clusters to keep production workloads running efficiently.
I’ve automated daily cloud operations across Azure — from onboarding to Defender alert responses — reducing hours of repetitive tasks into seconds of silent execution.In one instance, proactive Azure Defender tuning flagged behavior that could have led to a ransomware attack. No one ever knew how close it came — and that’s the point. The better your work, the less noise it makes.
I’ve diagnosed why provision-on-demand failed in a live CTS environment, traced financial VM crashes back to Veeam I/O timing conflicts, and implemented site-to-site VPN connections that quietly brought entire departments online again.
No one claps for any of it.
No one sees the nights spent scripting, or the documentation created while others sleep.But that’s where respect lives in IT —
Not in applause, but in quiet confidence.
Not in recognition, but in results.You don’t demand respect in this field.
You build it.One restored environment at a time.
One secure connection at a time.
One automated fix before someone even files the ticket.
🔥 Final Thought:
If you’re still working toward that respect —
Don’t force it.
Deliver, document, and repeat.Sooner or later, your work will do all the talking.
🛡️
© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer. -
Migrating Devices from On-Prem Active Directory to Azure AD: A Step-by-Step Guide
📋 Preparation Checklist:
- Administrator Access:
Ensure you have local administrator privileges on the device and permissions to join devices to your Azure AD tenant. - Backup Tools:
Prepare external storage or a secure share for temporary backup of user data.
🛠️ Step-by-Step Migration Process:
1. Backup User Data
Before making any changes to domain membership, back up critical user data:
- Folders: Documents, Desktop, Downloads, Pictures
- Browser Favorites and Passwords:
Export bookmarks from Chrome, Edge, or Firefox.
Backup or sync saved passwords if available. - Mapped Drives and Group Shares:
Document connections if needed for re-mapping after migration.
2. Disjoin Device from On-Premises Domain
- Navigate to Settings > System > About > Domain or Workgroup settings.
- Choose to Disconnect from the domain.
- When prompted, join a Workgroup (e.g.,
WORKGROUP). - Important:
Ensure you know the local administrator credentials before disjoining.
Restart the device after disjoining.
3. Join Device to Azure AD
✅ Two methods:
GUI Method (Recommended):
- Open Settings > Accounts > Access Work or School > Connect.
- Select Join this device to Azure Active Directory.
- Enter the user’s Azure AD email address and password.
PowerShell Method (Optional for Advanced Users):
powershellCopyEdit
dsregcmd /join(Additional setup like authentication context may apply.)
Restart the device after joining.
4. Confirm Azure AD Join Success
Open PowerShell and run:
powershellCopyEdit
dsregcmd /status✅ Look for:
- AzureAdJoined : YES
- DomainJoined : NO (expected after leaving on-premises domain)
5. Restore User Data
- Copy back Documents, Desktop, Downloads, and Pictures.
- Restore browser favorites and re-import saved passwords.
- Reconnect mapped drives, printers, or any network-based resources.
6. User Login
The user can now log in using their Azure AD email address and password.
✅ If Multi-Factor Authentication (MFA) is enabled, users should complete MFA registration during first login.
7. Final Configuration
- Verify mapped network drives.
- Ensure printer connections are restored.
- Test access to any business-critical applications.
- Confirm OneDrive sync settings if applicable.
🧠 Important Tips:
- Double-check BitLocker status. If BitLocker is enabled, back up recovery keys before starting.
- Some applications (like SolidWorks or AutoCAD) may require license reactivation post-migration.
- Communicate expected login changes to users ahead of time to minimize confusion.
🌟 Conclusion:
Migrating from on-premises Active Directory to Azure AD doesn’t have to be stressful.
With careful preparation — backing up data, ensuring admin access, and confirming every step — you can move endpoints securely and efficiently into the modern cloud ecosystem.Taking the time to handle each stage methodically ensures a smooth experience for both the IT team and end users alike.
Stay ready. Stay secure. 🛡️
© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer. - Administrator Access:
-
Building Strength for Any Opportunity: Five Pillars to Prepare Yourself
In today’s fast-moving world, opportunities can appear when we least expect them.
Whether it’s a job opening, a new project, or a chance to lead, how we prepare determines how we rise.Here are five key pillars to help anyone stay ready, resilient, and confident:
🧠 1. Build a Clear Self-Story
When opportunities come, be ready to introduce yourself with calm clarity.
Focus on:
- Who you are
- What you specialize in
- What unique value you bring
- Why you’re passionate about growing and contributing
Knowing your story strengthens your voice — and your direction.
🛡️ 2. Think in Pillars, Not Panic
When facing challenges (whether designing a system, a business, or a solution), anchor yourself on these five pillars:
- Scalability — Can this grow without breaking?
- Security — Is it protected from threats?
- Availability — Will it stay reliable under pressure?
- Monitoring — Can I see when things go wrong?
- Recovery — Can I bring it back if disaster strikes?
No matter the project or problem, thinking in pillars brings focus and confidence.
🛠️ 3. Automate and Secure What You Build
Whatever you create — systems, habits, workflows — build them with automation and security in mind.
- Script and standardize repeatable steps.
- Protect secrets and sensitive information.
- Monitor what you’ve built so it stays healthy.
Success isn’t just about starting strong — it’s about sustaining strength through discipline.
✍️ 4. Turn Mistakes into Upgrades
Mistakes aren’t failures — they’re training.
When things go wrong:
- Stay calm.
- Own the problem.
- Fix it thoughtfully.
- Strengthen the system so it doesn’t happen again.
Each mistake, if treated right, becomes a foundation stone for bigger resilience.
🔥 5. Lead with Calm Power
Before stepping into any new opportunity, remind yourself:
“I’m not seeking approval.
I’m offering protection, innovation, and stability to the right people.”Confidence isn’t noise — it’s calm clarity.
You don’t need to push yourself forward — your strength will naturally pull the right opportunities to you.
🌟 Final Thought:
Opportunity doesn’t knock when we beg for it.
It finds those who are quietly building, strengthening, and preparing every day.Stay ready. Stay strong. Stay you. 🛡️
Written by Jet Mariano
Systems Engineer | Cloud Security Specialist | Creator of jetmariano.us© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer. -
Cross-Tenant Synchronization (CTS) Setup Using PowerShell: Secure Collaboration Made Easy
Introduction
Cross-Tenant Synchronization (CTS) enables organizations to securely synchronize user identities between Azure Active Directory (Entra ID) tenants. While CTS can be configured through the Azure Portal, leveraging PowerShell allows for faster, repeatable, and error-free deployments.
In this guide, you’ll learn how to set up CTS entirely through PowerShell, ensuring efficient collaboration across multiple cloud environments.
Why Use PowerShell for CTS?
- ✅ Automate configuration steps and reduce human error.
- ✅ Create templates for rapid onboarding of future partner tenants.
- ✅ Maintain an audit trail of your cross-tenant setup actions.
Whether you’re managing a single trusted partner or multiple tenants in a complex hybrid environment, PowerShell provides unmatched precision and speed.
Prerequisites
- Global Administrator or Directory Administrator permissions in your tenant.
- Microsoft Graph PowerShell SDK installed (
Install-Module Microsoft.Graph -Scope CurrentUser) - Appropriate Graph API permissions:
Directory.ReadWrite.AllPolicy.ReadWrite.CrossTenantAccessUser.ReadWrite.All
Step 1: Connect to Microsoft Graph
Connect-MgGraph -Scopes "Directory.ReadWrite.All", "User.ReadWrite.All", "Policy.ReadWrite.CrossTenantAccess"
Step 2: Add the External Organization to Cross-Tenant Access Policy
New-MgCrossTenantAccessPolicyConfigurationPartner ` -TenantId "<External-Tenant-ID>" ` -InboundAccess @{ B2bCollaborationInbound = @{ IsEnabled = $true; Policy = @{ CollaborationRestrictions = "AllowAll" }}} ` -OutboundAccess @{ B2bCollaborationOutbound = @{ IsEnabled = $true; Policy = @{ CollaborationRestrictions = "AllowAll" }}} ` -InboundTrust @{ IsMfaAccepted = $true; IsCompliantDeviceAccepted = $false; IsHybridAzureADJoinedDeviceAccepted = $false }Important: MFA must be cloud-based (Authenticator App, FIDO keys). Phone/SMS MFA will cause provisioning failures.
Step 3: Create Cross-Tenant Synchronization Configuration
New-MgCrossTenantSynchronizationConfiguration ` -DisplayName "CTS External Tenant Sync" ` -TenantId "<External-Tenant-ID>" ` -SynchronizationJob @{ SynchronizationRules = @( @{ SourceObjectType = "User" TargetObjectType = "User" Scope = @{ Query = "userType eq 'Member'" } Actions = @( @{ ActionType = "Create" }, @{ ActionType = "Update" } ) } ) }
Step 4: (Optional) Trigger Provisioning on Demand
Invoke-MgCrossTenantSynchronizationUserProvisioning ` -PartnerTenantId "<External-Tenant-ID>" ` -UserId "<User-Object-ID>"This step is helpful for immediate validation after setting up CTS policies.
Best Practices
- Validate MFA methods before starting provisioning.
- Use Conditional Access policies to protect external identities.
- Start with a small test user group before bulk synchronization.
- Regularly audit synchronization logs.
Conclusion
PowerShell unlocks the full potential of Cross-Tenant Synchronization by making deployments faster, scalable, and easier to audit. By following this approach, you ensure that trusted collaboration between organizations remains secure, compliant, and future-ready.
Implement CTS with confidence — and take control of your hybrid collaboration strategy.
✨ Next Step:
If you’re new to Cross-Tenant Synchronization, start here first: Cross-Tenant Synchronization (CTS) Explained© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer. -
Cross-Tenant Synchronization (CTS) with Azure B2B Collaboration and PowerShell
Introduction
Cross-Tenant Synchronization (CTS) allows organizations to securely sync users across Azure Active Directory (Azure AD) tenants for seamless B2B collaboration. Instead of manually managing external identities, CTS automates identity sharing, reduces administrative burden, and strengthens security.
In this guide, we’ll cover what CTS is, why it matters, and how you can configure it using real-world PowerShell examples.
What is Cross-Tenant Synchronization (CTS)?
CTS enables organizations to automatically create and manage B2B collaboration users across tenants, ensuring updated identities and permissions without manual intervention. It facilitates external collaboration without compromising compliance or security.
Why Use CTS for B2B Collaboration?
- Secure Identity Sharing: Automates user onboarding and offboarding between organizations.
- Unified Collaboration: Enables external users to access Teams, SharePoint, and other Microsoft 365 services.
- Simplified Management: Reduces manual directory maintenance and ensures identities stay updated.
- Compliance: Supports MFA and Conditional Access for external users.
High-Level Setup Steps for CTS
- Establish a trust relationship between the source and target Azure AD tenants.
- Define synchronization rules for user attributes.
- Configure B2B Collaboration settings.
- Automate and manage policies with PowerShell.
PowerShell Sample: Setting Up B2B Trust
# Step 1: Connect to Azure AD Connect-AzureAD # Step 2: Create a basic B2B Invitation Policy New-AzureADPolicy \ -Definition @('{"B2BInvitation": {"Enabled": true}}') \ -DisplayName "CTS B2B Collaboration Policy" \ -Type "B2BInvitationPolicy" # Step 3: Set Cross-Tenant Access Policy for External Collaboration Connect-MgGraph -Scopes "Policy.ReadWrite.CrossTenantAccess" $policy = @{ inboundTrust = @{ isMfaAccepted = $true; isCompliantDeviceAccepted = $true } outboundTrust = @{ isMfaAccepted = $true; isCompliantDeviceAccepted = $true } } Update-MgPolicyCrossTenantAccessPolicy -BodyParameter $policy
Best Practices for Cross-Tenant Synchronization
- Enforce MFA: Require multi-factor authentication for all external users.
- Use Conditional Access: Protect sensitive apps and data.
- Attribute Filtering: Only sync necessary user attributes.
- Separation of Admin Rights: Do not grant external users privileged roles.
- Audit and Monitor: Regularly review cross-tenant policies and access logs.
Conclusion
Cross-Tenant Synchronization (CTS) streamlines external collaboration without sacrificing security. Whether you’re preparing for mergers, managing strategic partnerships, or extending services to external clients, automating CTS setup using PowerShell ensures scalability, consistency, and security.
Implement CTS today and strengthen your organization’s B2B collaboration foundation.
✨ Related: See my PowerShell Toolbox for essential automation scripts.
© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer. -
Best Infrastructure as Code (IaaC) Samples with Real-World Explanations
Introduction
Infrastructure as Code (IaaC) has transformed how organizations deploy, configure, and manage their environments.
Instead of manual configurations, IaaC enables repeatable, secure, and scalable deployment processes — using code.In this post, I share real-world IaaC examples that professionals can apply across cloud and on-premises environments.
1. Azure Virtual Machine Deployment using PowerShell (ARM Templates Alternative)
Scenario:
Spin up a virtual machine (VM) on Azure with custom settings — OS type, disk size, networking — in a repeatable, automated way.Sample Command:
powershellCopyEdit
New-AzVM ` -ResourceGroupName "ProductionRG" ` -Name "WebServer01" ` -Location "EastUS" ` -VirtualNetworkName "ProdVNET" ` -SubnetName "WebSubnet" ` -SecurityGroupName "WebSG" ` -PublicIpAddressName "WebPublicIP" ` -Image "Win2022Datacenter"Explanation:
Instead of manually clicking through Azure Portal, this script launches a new production-ready VM within seconds.
This reduces human error and ensures configuration consistency.
2. On-Premises VMware VM Deployment via PowerCLI
Scenario:
Provision a Windows Server virtual machine in a vSphere datacenter using PowerShell.Sample Command:
powershellCopyEdit
New-VM -Name "SQLServer02" ` -ResourcePool "ProductionPool" ` -Datastore "Datastore01" ` -Template "Win2022Template" ` -VMHost "esxi01.mydomain.local"Explanation:
This PowerCLI script clones a preconfigured template, attaches storage, and places the VM into a production cluster — all in one shot.
Perfect for disaster recovery planning or rapid server scaling.
3. Microsoft 365 User Creation with PowerShell
Scenario:
Automate user onboarding in Azure Active Directory + Microsoft 365.Sample Command:
powershellCopyEdit
New-MsolUser ` -UserPrincipalName "[email protected]" ` -DisplayName "New User" ` -FirstName "New" ` -LastName "User" ` -LicenseAssignment "company:ENTERPRISEPACK"Explanation:
Instead of manually adding users through the Microsoft 365 Admin Center, this IaaC approach ensures users are created consistently — with proper licensing attached — even in bulk.
4. Azure Resource Group + Storage Deployment with Bicep
Scenario:
Provision an entire Resource Group with a Storage Account using Bicep (Azure’s new declarative IaaC language).Sample Bicep Code:
bicepCopyEdit
resource storage 'Microsoft.Storage/storageAccounts@2022-05-01' = { name: 'appstorage${uniqueString(resourceGroup().id)}' location: resourceGroup().location sku: { name: 'Standard_LRS' } kind: 'StorageV2' }Explanation:
Bicep simplifies complex Azure deployments.
You can version-control your cloud architecture like you would application code.
5. Automating Cisco Meraki Network Device Configuration
Scenario:
Automate bulk configuration of Meraki MX Firewalls or APs across multiple branches.Sample API Call (Python):
pythonCopyEdit
import meraki dashboard = meraki.DashboardAPI(api_key='YOUR_API_KEY') response = dashboard.devices.updateDevice( serial='Q2XX-XXXX-XXXX', name='Branch1-Security-Appliance', tags=['branch', 'security'], address='123 Main St, City, State' )Explanation:
Using APIs, infrastructure configuration is no longer limited to traditional servers.
Networking devices — switches, firewalls, access points — are now part of your automated deployments.
✨ Conclusion
Infrastructure as Code isn’t just for large enterprises — it’s for any IT professional who wants to:
- Eliminate manual errors
- Speed up deployments
- Strengthen disaster recovery
- Make infrastructure truly agile
Starting small — with a few PowerShell scripts, Bicep templates, or API automations — leads to major efficiencies over time.
© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.