Pepuri Server world Eng Version

Previously, I created a flow that sent alerts to Teams when specific messages were received.

2024.10.15 - [Copilot Studio] - Copilot Studio. Setting up message delivery to Teams via Power Automate for specific input.

After reviewing that video, viewers requested a guide on how to configure alerts via Email. In this session, I will demonstrate how to create that flow. Recently, chatbots generated in Copilot Studio have been referred to as Agents. Unless there are changes, I will continue to define them as Agents. The environment is set to USA (Early), the browser language is set to English, and the work is being done using the Preview URL.

https://youtu.be/hcBss1wT5dY

Library -> + Add New

Flow

Create flow in Power Automate

New designer

Rename the Flow to a desired name.

Add an action

Office 365 Outlook

Send an email

Sign in

Compose the email template.

Publish

Navigate to the Topics menu in the Agent where the email flow will be linked.

Select Escalate

In Call an action, add the Flow as shown below.

Save -> Publish

In Test Chat, type Escalate.

Connect

Connect

Submit

Verify that the status is Connected.

Confirm that the email is received as shown below.

Previous Post:

2024.12.17 - [Exchange] - Exchange Server 2019 Deployment (1): Installation (CU14, Nov24SU / Based on Windows Server 2022)

This time, following the installation, we will cover the basic configuration steps.

https://youtu.be/q0pk7JZlKlI

Step 1: Configure Send Connector (Must)

While receiving emails is possible without additional configuration, sending emails requires the Send Connector to be set up.

Mail flow -> send connectors -> New (+)

Specify the Connector Name -> Select Type: Internet -> Click Next.

Next

Add

Specify the FQDN (*)-> Save

Next

Click Add -> Specify the Source Server -> Click Finish.

Verify that the Send Connector has been successfully created.

Access https://localhost/owa, log in, and send a test email.

(As of the date written, emails can be sent to Outlook.com without registering an SPF record.) -> Verify the receipt of the email.

Step 2: Configure Virtual Directories (Recommended)

To enable connections from various clients like Outlook, proceed with configuring the virtual directories.

Run the Exchange Management Shell.

#Enter the URL to be used commonly across the virtual directories.
$url = "https://mail.wingtiptoys.kr"
$autodiscover = "https://autodiscover.wingtiptoys.kr"
 
#Set the Virtual Directory internal and external URLs to be identical.
#ECP
Get-EcpVirtualDirectory | Set-EcpVirtualDirectory -InternalUrl "$url/ecp"  -ExternalUrl "$url/ecp" 
#EWS
Get-WebservicesVirtualDirectory | Set-WebservicesVirtualDirectory -InternalUrl "$url/ews/Exchange.asmx"  -ExternalUrl "$url/ews/Exchange.asmx" 
#MAPI
Get-MapiVirtualDirectory | Set-MapiVirtualDirectory -InternalUrl "$url/mapi"  -ExternalUrl "$url/mapi"
#EAS
Get-ActiveSyncVirtualDirectory | Set-ActiveSyncVirtualDirectory -InternalUrl "$url/Microsoft-Server-ActiveSync"  -ExternalUrl "$url/Microsoft-Server-ActiveSync"
#OAB
Get-OabVirtualDirectory | Set-OabVirtualDirectory -InternalUrl "$url/oab"  -ExternalUrl "$url/oab"
#OWA
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -InternalUrl "$url/owa"  -ExternalUrl "$url/owa"

#Autodiscover
Get-ClientAccessService | Set-ClientAccessService -AutodiscoverServiceInternalUri "$autodiscover/autodiscover/autodiscover.xml"

#Run the following commands on each server.
IISReset

Step 3. Accepted Domain

If you create a domain like Corp. or .local in a test environment, you must add an accepted domain for the actual receiving address.

Go to Mail flow -> Accepted domains -> Click + (Add).

Add the domain.

Step 4. Modify Email Address Policies

To ensure that newly created mailboxes are automatically assigned to the added domain, you need to modify the Email Address Policies.

Mail flow -> email address policies -> Default Policy

Go to Email address format -> Make the necessary modifications.

Modify the Email Address Parameters.

Save

Step 5: DNS Configuration (Must)

Add the values for Autodiscover, OWA, SPF, and MX records to both the internal and external DNS servers. (Refer to the video for detailed instructions.)

Example: Internal DNS

Example: External DNS

Step 6: Install Certificates (Must)

Initially, certificate requests were created through the Exchange Server UI, but recently, I’ve been using the Tool provided by Digicert for its simplicity.

In practice, most of the process is typically handled by the certificate provider.

Create CSR

I purchased a Multi SAN (Subject Alternative Name) certificate and have written this guide based on that.

Copy the CSR

Proceed with the issuance process on the certificate provider’s website where you purchased the certificate.

For domain verification, you can either proceed with the DNS verification process or:

Verify the domain by receiving an email and completing the authentication process.

Import the issued certificate into the server.

Specify the certificate file.

Specify a name -> Click Finish.

Verify that the certificate has been successfully installed.

#View the installed certificate.
Get-ExchangeCertificate
#Certificate Binding
Enable-ExchangeCertificate -Thumbprint <Thumbprint> -Services IIS,SMTP -DoNotRequireSsl
#Restart the IIS service (requires running Exchange Management Shell with administrative privileges).
IISReset

Verify that the certificate has been correctly applied by accessing the Exchange Server from both internal and external networks.

Step 7. Manage Database (Optional)

In a company environment, it is uncommon to keep the database location and the installation path the same. Let's move it to the D drive.

First, navigate to Servers -> Databases to check the default database name.

Perform this process on each server.

#Change Database Name
Get-MailboxDatabase -Identity "old DB name"|Set-Mailboxdatabase -Name "New DB name"
#Change the database path
Move-DatabasePath "New DB name" -EdbFilePath "D:\EDB01\EDB01.edb" -LogFolderPath "D:\EDB01\"

You can verify that the .edb and log files have been moved to the specified path.

Check the updated information in the Admin Center.

Since the log files of the database can grow significantly, it is recommended to enable circular logging if you are not using a backup solution.

Servers -> databases -> maintenance -> Enable circular logging

Step 8. Enable and change the path for mail flow logging (Optional).

Only certain areas of logs related to SMTP are enabled by default.

For Mail Flow analysis, it is recommended to activate the relevant logs and manage their paths separately.

(Since most logs will be enabled, you can disable them if they take up too much space or are deemed unnecessary.)

Change it using the following command:

#Change the location of Exchange Mail Flow Logs.
$path= "D:\ExchangeLogs"

#Frontend Transport Service
Get-FrontendTransportService | Set-FrontendTransportService -ConnectivityLogPath "$path\Frontend\Connectivity" -ReceiveProtocolLogPath "$path\Frontend\ProtocolLog\SmtpReceive" -SendProtocolLogPath "$path\Frontend\ProtocolLog\SmtpSend" -AgentLogPath "$path\Frontend\AgentLog" -DnsLogPath "$path\Frontend\DNSLog" -DnsLogEnabled $true
Get-FrontendTransportService | Set-FrontendTransportService -IntraOrgConnectorProtocolLoggingLevel Verbose
 
#Transport Service
Get-Transportservice | Set-TransportService -ConnectivityLogPath "$path\Hub\Connectivity" -MessageTrackingLogPath "$path\MessageTracking" -IrmLogPath "$path\IRMLogs" -ActiveUserStatisticsLogPath "$path\Hub\ActiveUsersStats" -ServerStatisticsLogPath "$path\Hub\ServerStats" -ReceiveProtocolLogPath "$path\Hub\ProtocolLog\SmtpReceive" -SendProtocolLogPath "$path\Hub\ProtocolLog\SmtpSend" -QueueLogPath "$path\Hub\QueueViewer" -WlmLogPath "$path\Hub\WLM" -PipelineTracingPath "$path\Hub\PipelineTracing" -AgentLogPath "$path\Hub\AgentLog" -DNSLogEnabled $true -DnsLogPath "$path\Hub\DNSLog"
Get-TransportService | Set-TransportService -IntraOrgConnectorProtocolLoggingLevel Verbose
 
#Mailbox Transport Service
Get-MailboxTransportService | Set-MailboxTransportService -ConnectivityLogPath "$path\Mailbox\Connectivity" -ReceiveProtocolLogPath "$path\Mailbox\ProtocolLog\SmtpReceive" -SendProtocolLogPath "$path\Mailbox\ProtocolLog\SmtpSend" -MailboxDeliveryThrottlingLogPath "$path\Mailbox\ProtocolLog\Delivery" -MailboxDeliveryAgentLogPath "$path\Mailbox\AgentLog\Delivery" -MailboxSubmissionAgentLogPath "$path\Mailbox\AgentLog\Submission"
Get-MailboxTransportService | Set-MailboxTransportService -MailboxDeliveryConnectorProtocolLoggingLevel Verbose

#Enable Logging about Send & ReceiveConnector 
Get-SendConnector | Set-SendConnector -Protocollog Verbose
Get-ReceiveConnector | Set-ReceiveConnector -Protocollog Verbose

Verify the results.

Step 9. Disable unused Receive Connectors.

If POP3, IMAP, and Outbound Proxy are not being used, disable the connectors listed below.

Step 10. Change IIS Log Path (Optional).

One of the most resource-intensive areas in Exchange is IIS.

If not managed separately, IIS Logs can consume significant space on the C drive, so it is recommended to manage them in a separate path.

IIS Manager - [Server] - Logging

Make the following changes and apply them.

IISReset을 진행한 뒤, 아래와 같이 로그가 저장되는 것을 확인합니다.

Step 11. Configure http to https redirection (Optional)

In most corporate environments, an HTTP (port 80) request is configured to redirect to HTTPS (port 443).

The method for this is detailed in Microsoft’s technical documentation, and the following guide is based on that resource.

Configure http to https redirection for Outlook on the web in Exchange Server | Microsoft Learn

Use IIS Manager to remove the Require SSL setting from the Default Web Site.

%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site" -section:access -sslFlags:None -commit:APPHOST

Use IIS Manager to restore the Require SSL setting for other virtual directories under the Default Web Site.

%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/api" -section:Access -sslFlags:Ssl,Ssl128 -commit:APPHOST
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/aspnet_client" -section:Access -sslFlags:Ssl,Ssl128 -commit:APPHOST
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/Autodiscover" -section:Access -sslFlags:Ssl,Ssl128 -commit:APPHOST
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/ecp" -section:Access -sslFlags:Ssl,Ssl128 -commit:APPHOST
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/EWS" -section:Access -sslFlags:Ssl,Ssl128 -commit:APPHOST
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/mapi" -section:Access -sslFlags:Ssl,Ssl128 -commit:APPHOST
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/OAB" -section:Access -sslFlags:Ssl,Ssl128 -commit:APPHOST
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/owa" -section:Access -sslFlags:Ssl,Ssl128 -commit:APPHOST

Use IIS Manager to configure the Default Web Site to redirect to the /owa virtual directory. (Enter the actual URL you configured in this command)

%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site" -section:httpredirect -enabled:true -destination:"https://mail.wingtiptoys.kr/owa" -childOnly:true

Remove HTTP redirection for the sub-virtual directories.

%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/API" -section:httpredirect -enabled:false -destination:"" -childOnly:false
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/aspnet_client" -section:httpredirect -enabled:false -destination:"" -childOnly:false
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/ecp" -section:httpredirect -enabled:false -destination:"" -childOnly:false
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/ews" -section:httpredirect -enabled:false -destination:"" -childOnly:false
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/mapi" -section:httpredirect -enabled:false -destination:"" -childOnly:false
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/owa" -section:httpredirect -enabled:false -destination:"" -childOnly:false
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/powershell" -section:httpredirect -enabled:false -destination:"" -childOnly:false
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/rpc" -section:httpredirect -enabled:false -destination:"" -childOnly:false

Restart IIS

IISRESET

If there are multiple production servers, repeat the same process on all servers.

How to Verify Functionality:

1. On a client computer, open a web browser and enter the URL:
   http://<ServerName>
2. Verify that the request is redirected to Outlook on the Web (HTTPS) and confirm that you can log in.
3. Open the following URL in the browser:
   http://<ServerName>/owa
4. Check again that the request is redirected to Outlook on the Web (HTTPS) and ensure you can log in successfully.

Make sure the port 80 forwarding is set to point to the Exchange server.

When you input the following command and press Enter,

It will be redirected as shown below.

Step 12. Change Queue Database Location (Optional)

Change the location of the queue database | Microsoft Learn

Typically, the Queue Database (Queue DB) is located in the following path:

C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\data\Queue

When emails accumulate in the queue, the Mail.que file increases in size. If it reaches a level where disk space becomes insufficient, the Transport Service will stop. To prevent such service disruptions in advance, the location of the Queue DB is often changed and managed.

Create a new folder for the Queue DB. (In the test environment, it was set to the D drive, but in a production environment, it is recommended to use a location separate from the database.)

Run the Command Prompt as an administrator.

Execute the following command:

Notepad %ExchangeInstallPath%Bin\EdgeTransport.exe.config

Locate the following path:

<add key="QueueDatabasePath" value="<LocalPath>" />

<add key="QueueDatabaseLoggingPath" value="<LocalPath>" />

Make the following changes -> Save:

<add key="QueueDatabasePath" value="D:\Queue" />

<add key="QueueDatabaseLoggingPath" value="D:\Queue" />

Restart the Microsoft Exchange Transport Service.

You can verify the changes as shown below.

Step 13. Specify the Offline Address Book (OAB) (Optional)

Assign the Offline Address Book (OAB) to each database.

This concludes this post. When delving into details, each item has its own prerequisites. If the opportunity arises, I will cover each topic in greater detail.

Previous Post: 

2024.12.15 - [Windows Server] - Windows Server 2025. Configure Active Directory(AD) Domain Controller(DC)

Following the Domain Controller configuration, this time I will cover configuring Exchange Server 2019 on Windows Server 2022. It appears that Windows Server 2025 will be supported starting with CU15.

The VM environment is as follows:

DC: Windows Server 2025, 4 Core, RAM: 4GB

EX: Windows Server 2022, 8 Core, RAM: 10GB, Exchange Server 2019 CU12

This was written based on the following resources.

Exchange Server prerequisites, Exchange 2019 system requirements, Exchange 2019 requirements | Microsoft Learn

https://youtu.be/OV9L2GOKe2U

[Step 1] Pre-configuration

Create a service account to be used for Exchange Server.

Assign the Enterprise Admins and Schema Admins permissions to the service account.

Join the server to the Active Directory (AD) using the service account.

Run Netplwiz.

Grant Administrator permissions to the service account.

[Step 2] Virtual Memory Configuration

Since virtual memory can impact performance, it is highly recommended to set it to a fixed size.

System -> Advanced system settings -> Advanced -> Settings

Advanced -> Change

Specify the virtual memory size -> Click Set -> Click OK.

According to the 2019 technical documentation, virtual memory is recommended to be set to 25% of the configured RAM, likely because the minimum recommended RAM is 128GB.

(However, in a test environment, it is recommended to set it to RAM + 10MB.)

OK

Restart Now

[Step 3] Install Required Features and Roles

Install the following prerequisite components.

Visual C++ Redistributable Package for Visual Studio 2012

Download Visual C++ Redistributable for Visual Studio 2012 Update 4 from Official Microsoft Download Center

Visual C++ Redistributable Package for Visual Studio 2013

Update for Visual C++ 2013 Redistributable Package - Microsoft Support

Unified Communications Managed API 4.0 Runtime

Download Unified Communications Managed API 4.0 Runtime from Official Microsoft Download Center

Right-click on the Start button -> Run PowerShell as Administrator.

Install the required features and roles using the command below:

Install-WindowsFeature Server-Media-Foundation, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS, Failover-Clustering

#Failover-Clustering is required when configuring a Database Availability Group (DAG).

Click the link below to install the IIS URL Rewrite Module.

IIS URL Rewrite Module

[Step 4] Installation Process

Download the latest Cumulative Update (CU) for Exchange Server 2019 from the Build Number page linked below.

(Note: Security Updates (SU) should be applied after installing the CU.)

Exchange Server build numbers and release dates | Microsoft Learn

Run Setup from the installation disk or image.

Don’t' check for updates right now -> next

Next

Check the second option -> Click Next.

Don't user recommended settings -> Next

Mailbox role -> Next

Specify the installation path -> Click Next.

Enter the Organization Name -> Click Next.

Next

Install

Proceed with the installation process.

Installation complete.

[Step 5] Install SU (Security Update)

SU is a Security Update that must be installed after the Cumulative Update (CU).

Download the latest SU from the Build Number Page.

Proceed with the installation -> Click Next.

I accept the License Terms -> Next

The installation is in progress.

Finish

Click Yes -> The system will reboot.

Run the Exchange Admin Center (EAC).

Advanced

Click Continue to localhost (unsafe).

Sign in using the service account.

Verify that the connection is successful.

In the Servers menu, check the Build Number to confirm the version.

In the next post, I will cover the initial configuration steps.

https://youtu.be/TDQl9q3wMk0

Taking advantage of the release of Windows Server 2025, I’m planning to rewrite my previously posted test environment configuration. This time, I’ll pay more attention to creating a YouTube video as well.

Since Windows Server 2016, the methods and UI for configuring a Domain Controller (DC) have remained almost the same. However, engineers who are just starting out often prefer to work with the latest version, and there’s a tendency to assume that if the version numbers differ, the configuration steps might differ too. To address this, I’ve written a configuration guide for Windows Server 2025, even though the content is essentially the same.

This time, I’ll focus on Domain Controller (DC) configuration, and if time permits, I’ll proceed with an Exchange setup as well.

For the virtual machine (VM) specifications, I’ve allocated 4 cores for the CPU and 4GB of RAM. In the past, 2GB used to suffice, but it seems insufficient for recent demands.

Please refer to my previous posts or videos for instructions on installing Windows Server 2025 and performing Sysprep.

Navigate to Server Manager -> Local Server -> Click on Computer Name.

Change

Change the computer name to something that clearly identifies it as a Domain Controller. -> The system will reboot.

Local Server -> Ethernet

Right-click on Network Adapter -> Select Properties.

Select IPv4.

Enter the IP address according to your environment. Set the DNS to point to the IP address of the Domain Controller itself.

Server Manager -> Dashboard -> Add roles and features

Next

Next

Next

Check Active Directory Domain Services.

Add Features

Next

Next

Next

Install

Promote Domain Controller

Add a new forest -> Root domain name 입력 -> Next

For reference, the reason for adding "Corp" before the domain name is based on Microsoft's Best Practices. From a personal perspective, adding "corp" has the following advantages:

1. It allows for separation of internal and external DNS, as the root domain might serve as the homepage in browsers.

2. Using ".local" in domains like "contoso.local" prevents the use of public certificates.

After creating the DSRM Password, proceed to Next. Until Windows Server 2022, the functional level was set to 2016, but it has now been upgraded to 2025 in Windows Server 2025.

Next

Next

Next

Next

Install

DC configuration is complete.

Click Close, and the system will reboot shortly after.

Log in using the Domain account as shown below.

Active Directory Domains and Trusts

Right-click on Active Directory Domains and Trusts -> Select Properties.

Enter the domain to be used for user accounts -> Click Add -> Click OK.

Run Active Directory Users and Computers (ADUC).

Right-click on the Domain -> Select New -> Choose Organizational Unit (OU).

Create an Organizational Unit (OU) for service accounts.

Right-click on the newly created OU -> Select New -> Choose User.

Create an Admin account to be used on the DC as shown below. (It is recommended not to use the default Administrator account for security purposes.)

Enter the password -> Click Next.

Finish

Right-click on the newly created account -> Select Properties.

Go to the Member Of tab -> Click Add -> Search for and add the following groups:

Sign out and verify if you can log in using the newly created account.

Proceed with setting up a Secondary DC. While not mandatory in a test environment, having at least two Domain Controllers is essential in a production environment for redundancy and reliability.

As before, change the Computer Name.

Set the DNS of the Network Adapter to point to the Main DC.

Server Manager -> Local Server -> WORKGROUP

Change

Enter the Domain -> Click OK.

Enter the DC Service Account that was previously created.

Sign in

Add roles and features

Proceed with the installation of Active Directory Domain Services Roles in the same manner as on the Main DC.

Unlike before, select Add a domain controller to an existing domain and proceed with the configuration.

Enter the DSRM Password -> Click Next.

Next

Next

Next

Next

Click Install -> Once the installation is complete, the system will reboot.

For the Secondary DC, update the DNS settings so that the Primary DNS points to itself.

In Active Directory Users and Computers (ADUC), you can verify that both Domain Controllers are listed.

This concludes the post.

Windows Server 2025 has been released.

To take advantage of the new OS, I'll upgrade the AD Domain Controllers DC01 and DC02 to Windows Server 2025.

In a real-world environment, many factors would need to be considered, but since this is a test environment, I will only cover the basic upgrade process.

The Windows Server 2025 installation image created earlier using Sysprep was utilized.

Test Environment

https://youtu.be/YcF0ztnJJ8A

The process was carried out in the following steps:

1. DC02: Windows Server 2022 Demote

2. DC02: Windows Server 2025 Promote

3. Change the Master role to DC02.

4. DC01: Windows Server 2022 Demote

5. DC01: Windows Server 2025 Promote

6. Change the Master role back to DC01.

Step 1. Remove DC02

Add roles and features

Start the Remove Roles and Features Wizard

Next

Next

Active Directory Domain Services

Remove Features

Demote this domain controller

Next

Proceed with removal -> Next

Next

Next

Demote

Close

Close

Verify that the Domain Controller (DC) has been successfully removed.

After rebooting, proceed with removing the roles again.

Switch the machine to WORKGROUP mode.

Remove DC02 from Active Directory Users and Computers (ADUC).

Yes

Step 2. Install the Domain Controller (DC) role on Windows Server 2025.

Proceed with joining the server to the Active Directory (AD).

Server Manager -> Add roles and features

Next

Next

Next

Active Directory Domain Services

Add Features

Next

Next

Next

Install

Promote this server to a domain controller

Add a domain controller to an existing domain -> Next

Enter the Password and click Next.

Next

Next

Next

Next

Next

Install

Once completed, the system will reboot.

Enter the following command to change the DC Master role to DC02:

Move-ADDirectoryServerOperationMasterRole -Identity DC02 -OperationMasterRole SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster, InfrastructureMaster

Netdom query fsmo

Step 3. Remove DC01

Update the DNS Address to point to DC02.

Server Manager -> Add roles and features

Start the Remove Roles and Features Wizard

Next

Active Directory Domain Services

Remove Features

Demote this domain controller

Next

Proceed with removal -> Next

Next

Enter the Password and click Next.

Demote

Close

After rebooting, navigate back to the Roles and Features removal menu and proceed with the Active Directory Domain Services (AD DS) removal process.

Click Close and proceed with the system reboot.

Switch the machine to Workgroup mode.

Remove DC01 from Active Directory Users and Computers (ADUC).

Step 4.. Install DC01

On the new VM for DC01, configure the IP address and set the DNS server to DC02.

Domain Join

Add Roles and features

Next

Next

Next

Active Directory Domain Services -> Next

Promote this server to a domain controller

Next

Enter the Password and click Next.

Next

Next

Next

Next

Install

Click Close, and the system will reboot.

Set DC01 as the Primary DNS and DC02 as the Alternate DNS.

S and DC02 as the Alternate DNS.

Run the following command to change the Master role back to DC01:

Move-ADDirectoryServerOperationMasterRole -Identity DC01 -OperationMasterRole SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster, InfrastructureMaster

Netdom query fsmo

Step 5. Raise Forest Functional Level

Active Directory Domains and Trusts

In Active Directory Domains and Trusts, right-click and select Raise Forest Functional Level to upgrade the forest functional level.

Raise

OK

Use the following command to verify the current functional level:

Get-ADDomain |fl name, DomainMode
Get-ADForest |fl Name, ForestMode

Windows Server 2025 has been released.

Whenever a new OS is launched, I create a disk image of the installed system using Sysprep to facilitate testing in a Hyper-V environment.

This method is highly convenient because, when creating a new VM, I can simply copy the disk image file to immediately load the OS.

Although I’ve covered this topic before, I’m writing it again as part of a renewal for a YouTube video.

This is based on Windows Server 2025 and Hyper-V.

https://youtu.be/snj74akjzCA

Hyper-V -> New -> Virtual Machine

Name specification -> Set Default Location -> Next

Name specification -> Set Default Location -> Next

Confirm Generation 2 -> Next

(From 2025, Generation 2 is set as the default.)

Set RAM -> Next

Specify Network Adapter -> Next

Confirm Disk Location -> Next

Specify Installation Disk -> Finish

Double-click on the created VM

Start

Enter the key to proceed with the installation process.

Select Language -> Next

Next

Agree -> Next

Enter Product Key -> Next (I entered an AVMA key as I am using it in a Hyper-V environment.)

Accept

Next

Install

Proceed with Installation

The system will automatically reboot.

Once the installation is complete, the screen will appear as shown. At this point, press Shift + Ctrl + F3 simultaneously.

The system will reboot, and the screen will appear as shown. Select OOBE, Generalize, and Shutdown, then click OK.

Sysprep will run, and once completed, the system will shut down.

Back up the created VHDX disk image. This disk can be used to streamline the OS installation process.

You can select the disk image from the menu below to create a new VM.

https://youtu.be/QduayEDT3DY

I tried to create a Custom Connector to link something created in Azure AI Studio with Copilot Studio.

However, the technical documentation suggests navigating to Data -> Custom Connectors as shown on the screen, but I was unable to find it.

Create a custom connector from scratch | Microsoft Learn

I realized that, while this menu was easily visible in many older YouTube videos, it no longer exists now.

At first, I thought it might be because my license wasn't premium, but that wasn't the case.

After searching through some more recent YouTube videos, I was able to find it.

https://youtu.be/X5654jxAatw?t=703

Power Automate -> More -> Discover all

In the Data section, click on Custom connectors or click the Pin icon to pin it for easy access.

You can now see the Custom connectors menu as shown on the screen.

This time, let's create a flow where a specific message entered into the chatbot is sent as a Teams notification to the person in charge.

With some modifications, you can create automated flows from the chatbot, such as sending emails.

In the existing Copilot, you can see that topics have default settings to trigger actions based on specific conditions.

Here, we will create a flow that sends a Teams notification to the person in charge when Escalate is triggered.

https://youtu.be/NyJqE8SJZ7Q

First, click Settings.

Security -> Authentication

Ensure that the authentication settings are configured as shown on the screen.

(If they are not set up, refer to the SSO setup video and complete the configuration.)

Topics -> Escalate -> Add Node

Call an action -> Create a flow

Add an action

Runtime -> Standard -> Microsoft Teams

Post message in a chat or channel

Select and enter the information as shown on the screen.

Change the flow name

Save draft

Test

Manually -> Publish & Test

Receive messages from Workflows.

Return to the Copilot Studio page -> Click Done.

Add Node -> Call an action -> Escalation Case

Publish

Enter Escalate to run the test.

The permission configuration process is required. -> Connect

Connect

Submit

Confirm the status

Retry

The configured message is delivered, and

You can confirm that it has been delivered to Teams.

With this pattern, you can create various connection flows between M365 and other services using Power Automate.

When troubleshooting in M365, it's common for administrators to use PowerShell for the process.

However, it raises the question of whether this really needs to be done within Copilot Studio. Nonetheless, I decided to write about it since there are tasks that occasionally require PowerShell.

This was carried out with reference to the technical documentation below.

PowerShell support for Power Apps and Power Automate - Power Platform | Microsoft Learn

https://youtu.be/q3fEnEcXH0k

The steps were carried out on Windows 11.

Click the Start button -> Right-click -> Select Terminal (Admin).

Execute the following command:

Install-Module -Name Microsoft.PowerApps.Administration.PowerShell
Install-Module -Name Microsoft.PowerApps.PowerShell -AllowClobber
Set-ExecutionPolicy -ExecutionPolicy Unrestricted

If the following message appears, enter Y or A.

Since Power Apps and Power Automate are different areas, each requires a separate login.

Unlike Exchange Online, there is no need to enter separate connection commands. Simply enter the command you wish to use, and it will prompt you to provide your credentials.

Enter the following command to connect to Power Apps:

Get-AdminPowerAppEnvironment

Enter the following command to connect to Power Automate:

Get-AdminFlow

In the future, if a PowerShell connection is needed for Copilot Studio, you can access and utilize it as required.

In the previous post, a new Copilot was published on the site.

2024.10.05 - [Copilot Studio] - Copilot Studio. Deploying Copilot to an IIS Site.

This time, I have written about how to configure Entra ID and SSO in cases where the organization requires that only authenticated users have access.

The following technical documentation was used as a reference.

Configure user authentication with Microsoft Entra ID - Microsoft Copilot Studio | Microsoft Learn

Configure single sign-on with Microsoft Entra ID - Microsoft Copilot Studio | Microsoft Learn

Entra Admin Center -> Applications -> App registrations -> New registration

After entering the App name, click Register (At this stage, the Redirect URI is optional. The URL below was created based on my test page.).

Navigate to Authentication.

Add the following URL mentioned in the technical documentation.

https://token.botframework.com/.auth/web/redirect

https://europe.token.botframework.com/.auth/web/redirect

Check Access tokens and ID Tokens -> Click Save.

Certificates & secrets -> Client secrets -> New client secret

Input Description  -> Add

Save the Value in advance.

Go to Overview and save the Application ID information.

API permissions -> Add a permission -> Delegated permissions

Add the permissions offline_access, openid, and profile. -> Grant admin consent for Contoso

Go to Copilot Studio and navigate to the Settings menu of the Custom Copilot you want to modify the authentication for.

Security -> Authentication -> Authenticate manually

Select Require users to sign in -> Enter Client ID (App ID) and Client secret (Value) -> Click Save -> Click Publish.

A message indicating that a login is required will appear as shown below.

Access the Copilot web page in a separate browser -> Click Login -> Complete the Login process.

Copy the Validation Code provided after logging in.

Enter a message in the chat window to confirm that the authentication was successful.

Since login cannot be implemented directly in the chat, it seems that the authentication process is carried out using a separate validation code.

By configuring it this way, you can set up security so that only users with an account can access the Custom Copilot.