Welcome to my blog… Working mostly with Microsoft technologies, many of my posts are around that. But my passion for networking and hardware is frequently demonstrated in the many articles about Juniper, CheckPoint, Dell, etc.

Given the amount of spam I received when commenting was enabled, I’ve closed all comment options on the blog itself. So e-mail is the way to go … 

If you have any feedback (or one of my scripts did not survive an OS, PowerShell or other upgrade), please let me know at work(thatthingusuallyaccessedviaShift2)studiographic(SingleDot)nl.
or on Twitter: @RCZ_Jag

In case you are wondering… Who is this guy writing in his spare time? Here is my resume:

Roelf Zomerman is a Microsoft Cloud Solution Architect, specialized in the architecture of complex solutions in Azure, but also on-premises products such as Active Directory, Exchange, Windows Server products and other Microsoft technologies and solutions including Office 365. As one of very few in the world, he was awarded with the Microsoft Certified Master certification in Active Directory Services.

In in his role he is responsible for translating the business, technical and operational requirements into an Azure based solutions, implementing a proof-of-concept and ensure a smooth deployment. More information can be requested by mail: (work ….studiographic ….  nl)

Microsoft Specific Skills

  • · Active Directory (Azure / ADDS)
  • · Hyper-V (Virtualization)
  • · Idenitity Management (Azure AD Connect)
  • · Azure Infrastructure / Networking / VM
  • · Windows 20xx
  • · Federation Services
  • · Internet Information Services
  • · Exchange 20xx
  • · Windows Clustering
  • · ISA / TMG
  • · PowerShell
  • · Office 365
  • · Microsoft Rights Management Services

Other Skills

  • · Netscreen Firewalls
  • · HP Proliant Servers
  • · Network infrastructures


  • Microsoft Certified Solutions Expert
    • Cloud Platform and Infrastructure
  • Microsoft Certified Master
    • Windows Server 2008, Directory Services
  • Microsoft Specialist
    • Implementing Microsoft Azure Infrastructure Solutions
    • Architecting Microsoft Azure Solutions
  • Microsoft Certified Solutions Associate
    • Cloud Platform
    • Windows Server 2012
    • Windows Server 2008
  • Microsoft Certified Technology Specialist
    • Windows Server 2016 Identity
    • System Center Virtual Machine Manager 2008, Configuration
    • Windows Server Virtualization Configuration
    • Microsoft Windows Vista Configuration
    • Windows Server 2008 Active Directory, Configuration
    • Windows Server 2008 Network Infrastructure, Configuration
    • Windows Server 2008 Applications Infrastructure Configuration
  • Microsoft Certified IT Professional
    • Enterprise Administrator
  • Systems Engineer Microsoft Windows Server
  • Systems Administrator Microsoft Windows Server
  • Professional MCP 2.0 — Certified Professional

Cloud Solution Architect – various customers

The role as Cloud Solution Architect includes maintaining relationships with customers and ensuring a smooth deployment of services to Microsoft Azure. This includes designing proof-of-concepts and implementing those, helping customers with templates and recommended architectures. Translating business and technical requirements into solid cloud ready deployments is one of the key aspects of the CSA role.

Investment Holding

With investments in various companies, the CTO had the vision of bringing each company into cloud services starting with Office 365. However, as some companies where integrated in on-premises mail services while others had their own messaging platform, the challenge here was to plan different tenants that can still cooperate together while being able to have a centralised login. This would allow the holding to diverse companies if required without too much impact.
Roles/responsibilities: Architect
Technologies: Office 365, Identity Management, Exchange


Develop the infrastructural part of an Integrated Marketing Management platform that allows the bank to actively manage campaigns and corresponding data in all countries leading. The platform is created in Azure based on Event hubs, Steam Analytics, Machine Learning and HD Insight amongst other Azure components and is currently being rolled out in three countries.
Roles/responsibilities: Infra Architect
Technologies: Azure Networking, Azure Storage, Authentication Services, Azure IaaS


With the IT strategy of this company focusing on standardization, integration, innovation professionalization and working together it was time to provide a centralized services platform. This platform provides centralized services that bind the organization together through IT services. The backbone for these new services is the implementation of a single account. Each employee received a new ID based on their e-mail address which then gives access to new services that allow people to be more connected, while allowing the business to gain more control for compliancy reasons. New services included Instant Messaging, Instant Meetings, VOIP capability from the desktop and a world-class new mail service. In order to align with the new Cloud Policy (cloud first), this new platform allowed individual operating companies to access, connect and use cloud based services such as CRM Online, Office 365, and SharePoint online but also non Microsoft Cloud services like SalesForce and Amazon Web Services which can easily be integrated. This architecture is referred to as a Hybrid architecture and is chosen to allow the company to comply with (inter)national data laws as well as using the benefits in countries that do support and allow cloud based SaaS offers.

Apart from these new services, it brought unity within the previously highly separated company. A standardized method for collaboration throughout the world and equally important; a single way for managing these services. As the vision of this new platform is global, the support of this platform would also be globally implemented. Teams of IT employees located in the three main geographical locations in the USA, Europe and Asia-Pacific/Middle-East will be created to provide 24/7 support. These teams are responsible for the centralized services which allows for a follow-the-sun support model.

The platform was architected and implemented by Roelf leading an Avanade team of consultants.
Roles/responsibilities: Architect, Project Management
Technologies: Azure, Ping Federate, Active Directory, Exchange, Skype for Business, System Center, and many others


This e-University asked Microsoft to conduct a study of the feasibility of hosting a disaster recovery solution in Microsoft’s Azure environment. However, during the engagement, it became clear that Azure could be leveraged not just for DR, but as the primary datacenter to host the entire e-learning system with full geo-redundancy. This effectively meant that the localized datacenter could be scoped down while implementing dynamic capacity, and be able to provide a geo-redundant service.
Roles/responsibilities: Architect
Technologies: Azure Virtual machines, Azure Web Sites, Azure SQL, Identity Solutions, Federation Services

Retail and Automotive

With many luxury car brands and retails brands, operating around 180 stores throughout the Middle East, this company wanted to decrease overall cost and reduce complexity with regards to their messaging system. Microsoft’s Office 365 was chosen as the messaging platform for their 8000 users. Responsible for the co-existence design, migration design and Single-Sign-On design, including the deployment without disruptions. In this case it included the deployment of dedicated Exchange 2010 servers for the migration and full automation of licensing users, activating archives and single sign-on for OWA web access between Office 365, Exchange 2003 and Exchange 2010.
Roles/responsibilities: Architect / Design / Implementation
Technologies: Office 365, Active Directory, Exchange 2003/2010, DirSync, TMG


In order to prepare for new ways of authentication, and to prepare themselves for Office 365, this customer wanted to implement Federation Services. Acting architect for the platform which now supports over 20.000 users and several applications.
Roles/responsibilities: Architect / Design / Implement solution
Technologies: Active Directory Federation Services


Educational Ministry

To shape the future of education, the ministry created a vision together with Microsoft to streamline IT into the classroom. This included tablets and computers for students in the age of 4-16 years. As part of this project, Office 365 was chosen to be the messaging platform for students. However, teacher mailboxes would remain on-site in a separate environment. A highly complex identity solution had to be designed in order for teachers to be able to find students in Office 365, while also automating the student provisioning in Office 365. Additional requirements such as the absolute separation between boys and girls within the messaging platform made the solution even more complex. Responsible for designing the identity solution to control mailbox provisioning, contact provisioning in the teachers messaging platform, technical separation of boys and girls, creating school based address lists and much more.
Roles/responsibilities: Architect
Technologies: Office 365, Active Directory (multi-forest), Forefront Identity Manager

Oil Company

As part of their IT readiness plan for the next phase of their business challenges, this customer wanted to consolidate three Active Directory domains and two Exchange forests into a single globally dispersed IT architecture. Spreading six countries, a uniform platform was to be implemented, in which every site had exactly the same setup to ease a follow-the-sun support structure. Roelf’s responsibility was to create the vision architecture and to guide customer IT employees through the setup and migration processes.
After the single messaging and directory services were created, the next phase was to implement identity management services. This to leverage the responsibility to the HR department, and reduce the manual labor of the IT helpdesk. After the architecture and scenarios were documented, Responsible for the implementation phase executed by a Microsoft partner.
Roles/responsibilities: Architect / Design / Manage solution implementation
Technologies: Active Directory, Exchange, Forefront Identity Manager

Oil Company

As security becomes a major factor in the middle-east now, this customer was particularly interested in how to achieve their security goals with solely Microsoft technologies, such as, Identity Management and Role assignments, Application White/Blacklisting, Drive Encryption and document classification and encryption using AD RMS, File Classification and Exchange. In order to choose the right technology a quick demo environment was created in the customers’ test lab, Roelf was responsible for managing the partner that was tasked to demonstrate the power of these technologies and to ensure the implemented POC would fulfill the customer requirements.
Roles/responsibilities: Architect / Design / Project Management
Technologies: Active Directory, Exchange 2013, Forefront Identity Manager, BitLocker, ADRMS, Group Policies


This investment bank was transforming into a commercial bank, entering a whole new market and customers. In order to help with this transformation, the bank wanted to ensure that their IT systems were up to date prior to deploying their core-banking infrastructure. Being the lead architect, Roelf was responsible for managing several partners and MCS consultants to implement the vision and architecture set, while guiding the customer through the different newly implemented technologies, such as Exchange 2013, RMS services, Virtualization and System Center products.
Roles/responsibilities: Architect / Design / Manage project
Technologies: Active Directory, Exchange 2013, Hyper-V, System Center suite, ADCS, AD RMS, and many more

Retail and Automotive

In order to create a roadmap for the future, this company was looking at the options and possibilities around identity management for all their users and companies. The goal was to create a vision and scope document regarding Identity Management using new technologies such as Windows Azure Active Directory and Federation Services. Currently, the IT roadmap has been aligned to match this future vision and the company is actively developing their in-house applications against it.
Roles/responsibilities: Architect
Technologies: Active Directory, Forefront Identity Manager, ADFS, WAAD


As part of their security initiative, this airline wanted to enhance the security of their wireless networks at airports around the globe. As part of this initiative and to support other initiatives, a Public Key Infrastructure had to be designed and implemented. Responsible for guiding the customer through the different options available, create the design and ultimately implement the infrastructure.
Roles/responsibilities: Architect / Design / Implement solution
Technologies: Active Directory Certificate Services

Telecom Company

Call centers often face the challenge of managing many applications and maintaining the same data in all of them. Microsoft’s Customer Care Framework can be used to link all those applications together and maintain a central database of selected information. During a short project, the design of CCF was validated and adjusted to allow full availability of the service. It involved designing a load balanced web server environment, ADAM replication to all webserver nodes and backend SQL clustering (see blog for more information).

Banking/Insurance company

When implementing a new Active Directory, or extending an existing directory, designs and architecture documents are required. This company decided to extend an international Active Directory to a new data centre. While existing documentation was not available, Roelf Zomerman wrote a full Logical and Physcial Architecture document and a Detailed Level Design for two domain controllers in a two domaintree forest. Existing information was used and retrieved from the forest. While users and services are within two different forests, the implication of the existing trusts was analyzed and proposals were made to enhance cross forest authentication.

Housing company

The informational flow of user data from and to tenants is one of the main struggles for housing companies. Complains about repairs, informational alerts about prices etc. etc. This company decided to create a new portal for tenants and interested people. This new web portal is built on MOSS architecture and uses a front-back office architecture. The entire architecture consists of Active Directory, ISA firewall servers, SQL clusters, Biztalk and CRM along with the required monitoring and patching services like SCOM and WSUS. While the architecture was created by an Avanade architect, the logical design as well as the technical implementation was done in a small three man team, where Roelf Zomerman was lead technical implementer.


The maintenance of Active Directory can have a significant impact on clients and usability for end-users. This government agency was having troubles in this area. Logon’s where slow, and the Active Directory was not maintained in a good way. Roelf Zomerman was hired to reduce the logon time, inspect the overall health of Active Directory, clean up where necessary and create a new delegation plan for future implementation. Group Policy Preferences where introduced to reduce the logon times by as much as 50%, old login scripts where removed and AD was inspected and sanitized.

Nutrician Company

The management of this company decided to consolidate their infrastructure and migrate all branch sites to a single directory. Setting up the delegation model for the dispersed support model was only one of the challenges of the project. Most branch offices had their own Active Directory of NT4 domain and the number of users did not allow for a big-bang migration. In total more than 20 branch offices where migrated into the central Active Directory, including users, workstations and servers. This using the Active Directory Migration Toolkit and various custom scripts for allowing touchless migration.

Nutrician Company

After the merger with a mayor food company users experienced a separated mailing address list. The company wanted a single Global Address list and integration of the mail systems (usage of single domain name space) within a limited timeframe. The project included the creation of resource sharing, email co-existence en a single global address book between a full Domino and Exchange/AD environment using the Microsoft Lotus Notes Transporter Toolkit and various scripts to cope with the different naming conventions of both mail systems. In the end, a single Global Address list replicating 4 times a day and secure mail was established within two months.

Food Manufacturer

Consolidating mail platforms can lead to better interaction between user within a company. Next to cost reduction this was the most convincing argument to consolidate several messaging sites into a single new Exchange 2003 environment. Using scripts for mail migration and outlook reconfiguration, users experienced a seamless migration for their mail environment. This included security settings and delegations within their mailbox also.

Management Consultancy Agency

Perform an audit on the infrastructure. The audit included hardware, software xSDL lines, total performance and security. The audit was closed by a report which offered the customer a roadmap for the next five years.

Water company

Design and implement a Windows 2000 to Windows 2003R2, Exchange 2000 to Exchange 2003 and ISA 2000 to ISA 2004 enterprise migration. Also included in the project was a roadmap for the near- and midterm- and long-term future for mobility, security, consolidation and monitoring.

The company consists of 8 locations all in the Netherlands and has about 800 users active. Since the company manages the water for about 30% of the Netherlands the complete migration had to be done without interruption of services.

Bank Organization

The bank had a custom designed application built for them by Avanade, this application reported the value of assets for wholesale customers. The security for this application had to be very strict, therefore Roelf Zomerman was asked to design and implement the security for the application. At the end, a full Kerberos secured (webbased) application was rolled out within the bank organization.

Civil Engineering Company

Design and build a complete Microsoft infrastructure using Virtual Server 2005. The infrastructure included Exchange 2003, SharePoint Portal Server, Live Communications Server, ISA 2004 all built on Windows 2003.

Water company

Design and build the technical infrastructure for BizTalk server, including Develop/Test, Acceptance and production network. The Develop/Test and Acceptance environments were build on Virtual Server 2005.

On-Line Sales organization

Inspect the current webshop environment for security breaches, missing patches and core networking component security. And create an advice to implement a better security solution for now and the future

Electrical company

Migrated the old Windows NT4 domain to Windows 2003, and designed the new Exchange 2003 infrastructure for +300 users.

global leader in web offset printing solutions

Be local support employee for Avanade USA during the Windows 2003 to Windows 2003 migration. Solve minor problems and maintain contact with Avanade USA for other problems. Create a scripted install for the 170 laptops. And roll these clients out within a limited time period using SMS technologies.

IT specialist

Designing and implementing complete solutions for messaging using Microsoft Exchange, virtualization using VMware ESX, and complete migrations for customers. Selling hardware and supporting HP, Dell, and other A brand servers.

IT department Saxion

Migrating the old Windows 2000 student network to a brand new Windows 20000 network with 6 servers, 120 clients and 1000+ users. This migration included the education for the new system administrators.

Business Department Saxion Hogeschool

Design and build an infrastructure to support webcasts on Mediaplayer 9 and Mediaplayer 8 for broadcasting a political debate. For this webcast a mix of Windows 2000 server and .NET server (beta 2) was used.

College in the Netherlands

Building and supporting the core network for the study Multimedia design and technology. Including the daily support, the focus for security and implementing new technologies as streaming audio and video using Windows Media Services, Clustering using Windows 2000 and Windows 2003 and rendering 3D videos. Technology on the edge of audio, video and computer capabilities.

Hard-& software specialist in Small Business

Advising, designing testing and implementing complete infrastructures for customers with maximum of 30 employees. These solutions were primarily based on Windows Small Business Server and included the focus for security.

Hardware shop

Roelf was responsible for advising building and supporting the PC platforms sold to customers. This included building computers, designing networks and help customers with computer related problems at home or in the office.