Administering Azure from PowerShell Core

Introduction

Not long ago Microsoft proclaimed to us that they love Linux. And while many remain skeptical of that assertion (and not without reason), the tech giant is continually pouring more time and resources into the open source world. One of the really exciting products of this (to me at least) is PowerShell Core. Not only can I now program with my favorite scripting language from Mac or Linux, I can interact with services like Azure. In fact, Microsoft’s own Azure Cloud Shell runs PowerShell Core, so it’s no side mission for them. Let’s take a look at using it to connect to Azure from a non-Windows environment.

Install PowerShell Core

To start out, we’ll need to install PowerShell Core.

# Download the Microsoft repository GPG keys
wget -q https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb

# Register the Microsoft repository GPG keys
sudo dpkg -i packages-microsoft-prod.deb

# Update the list of products
sudo apt-get update

# Enable the "universe" repositories
sudo add-apt-repository universe

# Install PowerShell
sudo apt-get install -y powershell

# Start PowerShell
pwsh

Now we have PowerShell on Linux!

Next, we will need to install and import the ‘AZ’ module for working with Azure.

Install-Module -Name Az

Import-Module Az

Alright, now we’re ready to rock. Let’s get connected up to Azure using Connect-AzAccount. That will give us a prompt like the one below, supplying a code to be used for connection.

Supply your Azure credentials, and your machine should now be connected.

Now, we can interact with our Azure environment!

Microsoft has done a fantastic job with making PowerShell Core and the Azure cmdlets available on non-Windows systems. It’s a trippy experience to be working with them from Mac or Linux, but I’m excited for the possibilities ahead!

My Journey to Better Privacy (Part 1: Search)

Introduction

The subject of privacy, for me, is one I’ve been more or less dodging for a long time. It’s something I feel strongly about. I make half-hearted attempts at improving it now and then. But overall I’ve mostly let it go by the wayside. It’s really easy to retweet statements by privacy-focused groups or to make recommendations for what others should do. But when it comes to true and meaningful lifestyle change, it’s tough. There is always a rationalization for why it just isn’t worth it.

And so here we are, time to stop making excuses. I’ve decided to set out on a journey to better privacy. In all of life I’ve discovered that taking things in small steps is always more successful for me than changing all the things at once. So I’m going to take one area at a time and tweak it to be more privacy-focused. As I do so I’ll also be discussing with you the pro’s, cons, and flat out pain of each step. But, at the same time there is always the question of how thick you make the tin foil hat. I’m a tech-oriented person that works in a tech-oriented field. Because of my level of exposure to electronics and the internet I will never fully have privacy. I will, however, be trying to strike a balance between obtaining optimal levels of privacy and being able to live a somewhat normal life.

Step 1: Search

The first step on this journey is swapping my search engine. I chose this to be the first one as an easy entry point, because I’ve done it off and on in the past. Over the years it’s become very apparent that Google is not our friend. They are not a tech business that are our buddies. They are an advertising business that’s using our love of free, high-quality software to soak up unthinkable amounts of data. DuckDuckGo, however, is the closest thing in modern day to what a search engine should be. I should have swapped to it permanently a long time ago. Because I’ve struggled with this already I can go ahead and tell you the up and down side.

The Pros

DuckDuckGo provides what you actually want from a search engine, search results without having your essence sucked away as you use it. They don’t track you, ever. Your searches are yours alone. Secondly, they don’t contextualize your search results based off data collected about you (further locking you into your own echo chamber). Most of us probably don’t even realize how tailored our results are to the information Google has on us. Does this provide extremely relevant results? Yes, but at what cost?

TLDR: It’s not watching you like a creep.

The Cons

What? You’re recommending something to me and it isn’t perfect??? How dare you Landon!

No, DDG isn’t perfect. Neither is Google, we’ve just gotten so used to it that we don’t even notice. I mentioned above that I’ve made multiple attempts at swapping. Each time I would be led by my convictions and eventually bow to convenience. Google searches are just GOOD. I mean, flat out really good. If I search for something in DDG and don’t almost immediately find it in the first 1-3 results then I get frustrated and run it in Google. It’s just the way we’ve been conditioned to operate. But, when I run it in Google I almost always find it right away. During most of my IT career I’ve been in a support role, and finding the correct answer right away outweighed my privacy concerns. Then, if I was going to do it with work I justified doing it with my personal devices too.

So what’s different this time? I’m currently in a role where I’m not under pressure to find results instantly. I can take the necessary time to adjust to how DDG operates and give it a chance to give me what I need on result 4 or beyond. And as I’ve done that, I’ve honestly found that what I need is there if I will take the .05 seconds of patience required to look for it. I’ve heard from others that, over time, as Google is given less info on them then the two providers have much more similar results.

One last area of challenge is that this will apply only to me. My wife has been extremely resistant to swapping to DDG in the past and I don’t expect that to change now. This is actually something you’ll face at every turn when trying to live a more privacy-focused life, those you interact with the most will be reluctant. The truth is that the average user just doesn’t care, and ones that consider it find the transition pain enough of a barrier to stop.

TLDR: There will be a period of adjustment because Google is so freaking good, but keep in mind what you’re giving Google in return (do you even know?).

TLDR

I’m swapping search on all my devices from Google to DuckDuckGo, and you should too. Drop the creepy guy looking over your shoulder (probably with a weird mustache) and keep your searches to yourself. Learn more about DDG here.

My First Mobile App

Over the last several months I’ve been on a journey to a) learn Swift and b) create my very first mobile application. And I’m proud to announce that it is complete!

Named “The Simple Workout”, it is exactly that. Just a simple, randomized workout using bodyweight exercises. It’s based loosely on the card deck workout, where you draw a card and use its suite for the exercise type and number for the reps. But, I’m lazy… Instead of remembering which suites go to which workouts, and having to keep up with a deck of cards, I just wrote an app where I can simply hit a button.

In celebration of creating my first app (and to celebrate Independence Day) I’m releasing it for free! So please download it, enjoy, and be sure to send me any feedback you have on issues or suggested improvements.

I’m only releasing it to the iOS App Store currently, but I’m open to a new learning experience down the road that would lead me to port it over to Android.

DISCLAIMER: Please consult a doctor before performing any physical activity that might endanger your health. This app is provided as-is, makes no guarantee of results, and is to be used at your own discretion.

Download for free here.

App Privacy Policy

Privacy Notice

This privacy notice discloses the privacy practices for apps developed by me.

Information Collection, Use, and Sharing

Data is not collected, used, or shared.

Your Access and My Security Measures

No data is collected, therefore no access or security is needed.

Life in the Key of E

Many years ago, sometime during high school, I set out to learn guitar. This was in the days before YouTube, so all I had to work with was an antique book of my dad’s. Utilizing that, and eventually the internet, I picked up four or five chords and was feeling pretty good about myself. E (or perhaps E minor, I forget which I learned first) was instantly my favorite. When I played it the sound just resonated with me. As time went on I would learn a couple of basic songs, but mostly I would just wing it, combining different cords to make up a tune. Often this revolved around E.

After a couple of decades I’m still at basically the same skill level that I attained in college. Sure my strumming has improved and I picked up a couple of tricks, but I’ve learned no more chords and still for the life of me cannot remember any actual songs. This has been a source of great frustration for me. I don’t like to fail, and it has bothered me to no end that my mastery never reached the level of others I know. Most guitar players can pick one up and play a favorite song or two, even those that know fewer cords than I do. The majority of my time with the guitar is spent simply playing the E chord, with variations thrown in by lifting one finger to make it E minor. I think it sounds pretty good, and I thoroughly enjoy jamming out in this way, but I definitely feel like a loser in regards to the guitar.

In recent years God has allowed me to see how this parallels my life. I’m a very thought-oriented person. Because of this, I tend to decide who\how I should be and then set out to make that happen. I will work tirelessly in pursuit of the course of action I believe to be best, and throw myself headlong against any obstacle that threatens it. To the great surprise of my adult self, that doesn’t always mean success. There are areas that I was certain were to be my primary focus but I’ve seen very little growth or success in them over the years. This is especially sad because I was doing them in service to God, for His Kingdom. However, there are areas I’ve completely ignored that have flourished without me even paying them direct attention. Those taken-for-granted skills and interests developed naturally despite being secondary in focus. It’s almost like I couldn’t help but be good in them. You might say they just resonated. And, funny enough, they also opened more opportunities to speak with people about Jesus than any of the areas I had tried to force open.

So, what am I trying to say? Follow your heart and be the truest version of yourself? No, that crap comes from Disney movies. Your heart is wickedly deceptive and can’t be trusted to steer itself (Jeremiah 17:9). What I am saying is that you were fearfully and wonderfully made by an infinitely wise God. Seek Him, be yourself, and let Him use it in mighty ways. Don’t feel like you have to pattern yourself after this pastor, or that leader, or some successful person. “God is most glorified in us when we are most satisfied in Him.” (Piper) Be satisfied in Him, content with the strengths and weaknesses He’s given you, and play your song. Even if you don’t know a “real” song like the cool kids.

Quickly Copy AD Group Memberships To A New User

I recently moved into a new role and needed to to be added to a number of AD groups. An often-used method for this is to model a new employee’s permissions after someone already in the same role. For one or two groups it is relatively simple to just do this manually, but as you can imagine it quickly gets tedious when several are involved. For this reason, I whipped up the following PowerShell snippet to ease the pain.

This works by:

  1. Pulling the list of AD groups that user1 is a member of.
  2. Selecting only the memberof property and expanding it to make sure the list isn’t truncated.
  3. Looping through each of the groups to:
    • Extract only the group name from the Distinguished Name (which is the format it comes in from the previous command).
    • Use the extracted group name with Add-ADGroupMember to add our new user to that group.

 

get-aduser user1 -Properties memberof | select -ExpandProperty memberof | ForEach-Object -Process {$groupName = ($_ -split ',*..=')[1]; Add-ADGroupMember -Identity $groupName -Members user2}

Giving God Control(?)

Many times we tell God that we’re giving Him control, then continue trying to drive life ourselves. It’s like asking an expert to guide you through a new city, then holding onto the steering wheel the entire time. Below is an excellent portrayal of this attitude in action by my talented sister Lauren Adlman.

Why God

I’m proud to introduce the first collaborative effort between myself and my sister, Lauren Adlman. This is a cartoon reminding us that the very things we see as failures and shortcomings God is using for His perfect will, and ultimately for our good.

SQL Server “Failed to open loopback connection”

TLDR: If you have the SQL Browser Service disabled then you must also have Shared Memory enabled, otherwise SQL Server can’t communicate with itself.

While setting up a sandbox Always On Availability Group cluster recently I ran into some unexpected behavior. The first sign of problems was that SQL Agent would not start. The service seemed to start just fine but then would immediately crash. In order to troubleshoot that I went to the SQL Server logs, which failed to load. Never in my career has opening the logs been an issue, so my curiosity was piqued. I decided to try running the stored procedure xp_readerrorlog manually to see if that would work. That returned this error:


Failed to open loopback connection. Please see event log for more information.

When Googling for more information, I came across several posts where DBA’s had encountered this error. However, almost every one of them seemed to have hit it for different reasons, and none helped resolve my situation. The most common cause of this error seems to be the one covered by Pinal Dave’s post, concerning version 13 of the ODBC driver. I experimented with that to no avail. This honestly became one of those situations where I became so frustrated that I just had to walk away from it for the day.

The next morning I was idly sipping coffee and just kind of looking over the event logs, and something about how the instance name was listed in the Windows event logs struck me as odd. It wasn’t explicitly specifying the port, and I was using a non-default port with the SQL Browser Service disabled. On a whim I enabled the service and, voila, everything worked. This struck me as odd because it is very common to disable the browser service for security purposes, and I’d never seen it interfere with other SQL Server functionality. I even reached out to #sqlhelp on Twitter (a very useful tip, btw), but no one seemed to have encountered a situation where disabling the browser service caused that type of behavior.

In the end, it was a conversation with my coworker (Todd Libeau) about the issue that sparked the light to resolution. You see, much of the purpose of this sandbox cluster is to see how far it can be locked down. But, as we all know, on that journey you will eventually hit a point where excess security leads to a loss of functionality. So it was in this case. He mentioned that he’d always assumed the Shared Memory protocol was used for that local server communication. Sure enough, I had disabled every protocol other than TCP/IP unless it was proven they were absolutely necessary (turns out it is). I reconfigured the nodes to have Shared Memory enabled and the SQL Browser Service disabled, and all was right with the world.

It makes sense in the end. If the server can’t reach itself by the default Shared Memory locally, it’s going to try and use TCP/IP. But it will not account for the non-default port on its own, instead relying on the SQL Browser Service to handle that. With that service disabled, there’s simply nowhere for it to go.