Setting up internet access for Hyper-V with NAT in Windows 8

In my work with development of SharePoint solutions, I heavily rely on virtualized environments on my own laptop computer. Working inside virtualized environments complicates the configuration of your own infrastructure, and to get and acceptable user experience inside the virtual machines a working internet connection is a requirement.

Earlier Hyper-V was only supported on the server OS, but from Windows 8 this has also been added to the client OS as well.  Since I run this on my laptop computer, connected to different networks from time to time, it gives me some other requirements for the internet access than traditional fixed location Hyper-V setups. Setting up an external virtual network switch could give me internet access, but also connects the virtual machine directly to the host network. Exposing the virtual machines on the host network has many disadvantages, so setting up a NAT’ed solution where they are hidden behind the host computer’s network connection would be a better solution to me.

Creating a new virtual switch in Hyper-V

Start by opening the Hyper-V Manager, and locate the  Virtual Switch Manager in the Actions menu.

Create a new virtual network switch by selecting New virtual network switch, give it a name (in this example “Shared”) and select the connection type Internal.

Configure internet access for the new virtual switch

The next step is to share your current internet connection on the host with the newly created virtual network switch in Hyper-V.

Open Control Panel -> Network and Internet -> Network Connections.

Right click on your connection who has access to internet (in this example “Wi-Fi”), and select Properties.

Select Allow other network users… and select the newly created virtual network switch (prefixed with “vEthernet”). The name in this case is the save as entered as name for the virtual network switch, in this example “Shared”.

After selecting OK the virtual network swich will get a static IP of 192.168.137.1, and serve as a DHCP server within that range for the virtual machines.

Enable internet access on virtual machines

In Hyper-V Manager, select a virtual machine and Settings from the menu. Make sure the virtual machine is powered off first.

Choose to add new hardware, network adapter and select the newly created virtual network switch. Power on the virtual machine, and a new network adapter with NAT’ed internet access should appear. The adapter should have been assigned a dynamic IP-address from the 192.168.137.x range.

Summary

In this walk through we have seen how to configuring NAT’ed internet access for virtual machine in Hyper-V. Even if this guide was created for Windows 8, most of the steps can be applied both on Windows Server 2008 R2 and 2012 with the same result.

Exporting profile pictures from SharePoint 2010 to Active Directory

Profile pictures can either be stored in Active Directory or in SharePoint. The main reason for placing the profile pictures in SharePoint is for easier management, self-service and maintaining high quality images. Storing the pictures directory in Active Directory gives some restrictions on both physical file size and pixels.

Set up delegation in Active Directory

Select “Delegate Control” on the top level in Active Directory. Locate the system account performing the synchronization.

Choose “Create a custom task to delegate”.

Choose “Only the following objects in the folder” and “User objects”.

Choose “Property specific” and “Read thumbnailPhoto” and “Write thumbnailPhoto”.

Finish the wizard and the delegation should be fine.

Set up export in SharePoint User Profile Service

Locate the user profile property named “Picture” in the user profile service application in Central Administration.

Edit the property and set up an export to the Active Directory field “thumbnailPhoto”.

This should appear like this after choosing “Add”.

Run a full synchronization of the user profiles.

To verifiy the result we have updated the profile picture of one user, and browsing the status in the MIIS Client show that the picture was successfully exported for the user.

Known issues

This can give an error message “permission issue” when checking the status in the MIIS client (C:\Program Files\Microsoft Office Servers\14.0\Synchronization Service\UIShell\miisclient.exe).

This error can appear when the system user running the synchronization haven’t been delegated the necessary permissions in Active Directory as described in the beginning of this post.

Summary

After successfully setting up a synchronization of profile pictures from SharePoint to Active Directory the images can be used throughout the company in other applications like Lync and Outlook.