Automate retrieving the Horizon Usage Report for VMware Cloud Providers

For VMware Cloud Providers that are using Horizon, monthly usage collection is not automated or collected by Usage Meter currently. This is a manual process that requires the Provider to retrieve the highwater mark concurrent usage on a monthly basis.

This post will document the automation of reporting of Horizon statistics in a Cloud Provider environment. I have tested this in my environment with vSphere 6.5 with Horizon 7.x.

First off, I did not do this by myself. Winston Blake and Carahsoft provided the initial script and I built off of it from there. Moreover, I received guidance from Luis Ayuso, Ray Heffer, and Wouter Kursten – this is the power of the #vCommunity! This is the first time I’ve created PowerShell code and published it to a git repo.

What does this PowerShell script provide?

  1. Creation of secure string for storing service account password
  2. Collection of Horizon Concurrent Usage data
  3. Outputs this to a file
  4. Emails this to a specified recipient(s)

What does it not provide?

  1. Setup of Windows Scheduled Task
  2. Reset of Highest Count in Horizon – yes, this is a bummer but will explain further on why.

High-Level Steps:

  1. Create a service account for running the usage collection.
  2. Download scripts to a folder on your View Manager server.
  3. Modify scripts and input folder and SMTP parameters.
  4. Run Part 1 of 2 – the securestring/password PS script.
  5. Create a basic task in Task Scheduler
    1. Test Run
  6. Enjoy emailed reports on a monthly basis and a quick link on resetting the highest count.

Create a service account

  1. In my lab environment, I created an account called “horizonsvc” in my domain. This is just a non-privileged account that I will utilize for read-only access to the Horizon environment. While the PowerShell script does convert the password to a securestring, this is just another best practice rather than running it as the default administrator account.
  2. In AD, we can see my Horizon Service Account – 
  3. And we also see that I added this user that’s attached to the Administrators (Read Only) group that provides limited permissions (no modifications available). 

Download scripts to a folder on your View Manager server

My repo is located here –

VCPP Horizon Reporting
0 forks.
0 stars.
0 open issues.
Recent commits:

The first file is the password file that will store the service account password in a secure string.

Next, the second file does the work on collection while creating the file and emailing it out –

While this does automate the collection of the highwater mark of concurrent users, it does NOT reset the usage after collection. This has to be manually done and there is a link inside of the received email to do this operation.

Here’s why –

  1. There’s not a direct API/PowerShell command today that can reset this.
  2. However, one can see this field under the ADSI structure under “OU=Properties, OU=Global, CN=Counters” – we can see pae-NumCCUCountHigh which is the variable we need. 
  3. After my testing of changing this variable (along with Wouter’s help), it seems to be delayed on propagation and I do not know the long term effects of this while View Manager is running. Last of all, I do not know if this would be a production-supported operation – but researching other options and what the BU can do in the future.

Modify scripts and input parameters

Let’s walk through each file and what needs to be modified before running this in your environment:

  1. horizon-password.ps1
    1. On line 8, we need to change the location directory of where you are going to save this file. I suggest putting it in the same location as the two PS scripts along with the two files that will be created
    2. #Replace "C:\directory\" with the target directory for your secure string text file.
      read-host -AsSecureString -prompt "Please enter the password" | ConvertFrom-SecureString | Out-File C:\horizon\$filename.txt
  2. horizon-usage-script.ps1
    1. Line 8/9 –  we need to utilize the same directory location as in 1B –
      1. ##Replace "C:\DIRECTORY\file.txt" with the path to your encrypted service account password
        $password = get-content C:\horizon\file.txt | ConvertTo-SecureString
    2. Line 10/11 – change it to your service account. As an example, I am utilizing “CORP\horizonsvc” as my account.
      1. ##Replace "DOMAIN\username" with service account name previously used in Part 1 of 2
        $credentials = new-object -TypeName System.Management.Automation.PSCredential -argumentlist "CORP\horizonsvc",$password
    3. Line 13/14 – Modify your FQDN of your View Instance. For example, I am using “view-01a.corp.local”
      1. ##Replace FQDN with hostname of your Horizon Manager server.
        $hznode ="view-01a.corp.local"
    4. Line 30 – Another directory change –
      1. $file = "c:\horizon\horizon-usage-$timestamp.txt"
    5. Lines 40 to 43 – this is your SMTP/email information. Update with your SMTP server, recipient, and sender.
      1. ##Change the three variables below for your environment: smtpserver, recipient, and sender. 
        $smtpserver = ""
        $recipient = ""
        $sender = ""

Run Part 1 of 2 – securestring/password PS script

  1. This is pretty straightforward – we open up PowerShell and .\ the first script and input your service account password – 
  2. We can now see the service account password stored in the file. 

Create a basic task in Task Scheduler

  1. This could be run locally on the View Manager server or some other Windows server that can traverse the network and hit the View instance.
  2. Right click -> Create a Basic Task, provide a name – I am using Horizon Usage Report 
  3. Select Monthly as we will want to run this on the last day of the month before the next calendar month – 
  4. We will have this start at the end of the month but selecting all calendar months and the last day of the month. I have 11:45 PM local time to give us a 15-minute buffer to run the operation (even though this takes a few seconds to run). 
  5. We want to select Start a Program since we will call on PowerShell – 
  6. I just typed in “powershell.exe” since it should be in your path already. Under Add Arguments, put the full path to your usage script. For example, I am using “C:\horizon\horizon-usage-script.ps1” 
  7. Summary page, but make sure you check the box for Open the Properties dialog for this task as we want to make sure this task runs even if there’s not a logged in user – 
  8. Change the radio button to “Run whether user is logged on or not” and press OK – 
  9. It will then prompt your for credentials to save this task – 
  10. Okay, now we are ready to run it!

Test Run and Expected Output

  1. Let’s try to test run our newly created task – 
  2. We can see the task completes pretty quickly, about 2 seconds – 
  3. Ah, we got the email! We can see the body with the URL to reset the highest count along with the attached usage. 
  4. In the file, we can see in my lab environment I had a count of 2 for the NumConnectionsHigh. This is what I’d report under BizPortal/iAsset for my monthly usage. 
  5. While the file was created in my directory – 

As for the reset highest count, I am still evaluating all options and will be discussing this internally. I am hoping this is valuable for our VMware Cloud Providers and alleviating some of the operational reporting burden.

Again, big thanks to the vCommunity for the help. I had quite a bit of fun and continue to learn more from an automation/programming perspective.



Achievement Unlocked: VMware VCAP 6.5 DCV 3v0-624 Exam – Summary and Tips

I wanted to start off my Monday morning with a bang, so decided to schedule my VCAP 3v0-624 exam for the first in the morning. Well, I passed!

Before walking into this exam, I wasn’t sure if I prepared enough, but I felt kind of comfortable once the exam started. I’d like to share what I did to prepare for this exam, although this is my first ever VCAP-Design.

Summary of Study Material

  1. VMware Education Courses
    1. I took the vSphere: Design Workshop 6.5 course online a few months ago. This was good at providing a fundamental understanding of VMware’s approach to a virtualized design.
    2. However, I’ve taken other design courses (vCloud Director) so I felt that the approach is very similar. While I reflect positively on this class, I think if you’ve taken other design workshop classes and have a firm understanding of the design methodology, you probably can skip (or take another 6.5 class for my next point).
    3. One valuable thing was the instructor was careful to point on what has changed in vSphere 6.5 (or what’s new). This is very important in my opinion for the Design Exam. So again, positive and a good use of time.
  2. Books I read
    1. VMware vSphere 6.x Datacenter Design Cookbook
      1. I thought Hersey Cartwright’s book was solid on giving me a practical understanding of what to expect for a design and items to be thoughtful on.
      2. While Hersey did write this in the vSphere 6.0x days, it’s still very pertinent and covers many of the important business aspects which seem to be overlooked.
    2. IT Architect: Foundation in the Art of Infrastructure Design
    3. While I enjoyed reading this book, I thought there was more VCDX-preparation level material than specific material for this VCAP-Design test. Perhaps it provided me with a well-rounded approach and drove the thought process. Either way, this is one to keep around for any future planning.
  3. Material I used
    1. Print out BOTH the 6.5 Exam Guide AND 6.0 Exam Guide and review both. For my own study method, I ensure I go through EVERY topic and write them out on my whiteboard. I ensure I cover each one to the best of my abilities.
    2. vBrownBag VCAP6-DCV Video Series
      1. This was AWESOME! I spent quite a bit of time going through each video and taking notes.
      2. I felt this material was very pertinent to the 6.5 Design Exam. Although the Visio drawings are not on the test anymore, the design methodologies remain constant and everyone did a great job of walking through each subsection.
    3. VMware Material
      1. Review the VMware Validated Design Material
      2. I downloaded ALL vSphere 6.5 new documents, along with the following:
        1. vSphere 6.5 DRS Performance Whitepaper
        2. Deploying Extremely Latency Sensitive Applications in vSphere Whitepaper
        3. vSphere 6.5 Virtual Machine Encryption Performance Paper
        4. vSphere 6.5 What’s New? Whitepaper vmw-white-paper-vsphr-whats-new-6-5
        5. vSphere 6 Fault Tolerance: Architecture and Performance Whitepaper
        6. Platform Services Controller 6.0 Topology Decision Tree
        7. vSphere Availability – VMware vSphere 6.5 Document 
        8. vSphere Storage – VMware vSphere 6.5 Document
          1. I was pretty comfortable here, so did not review all of this since it’s the standard documentation.
    4. Other Material
      1.   CADs- Constraints, Assumptions (Risk, Requirements) & Dependencies- see attached.
      2. Conceptual_Logical_Physical_It_is_Simple – see attached
      3. Design Example – pretty sure I found this on the VMware Community Forum. design examples – conceptual,logical,physical
    5. vCommunity Material – honestly, this was a huge component as many others have created some great material out there. This is not in any order, all is good and pertinent.
      1. Graham Barker’s VCAP6-DCV Exam Preparation Guide – very detailed for Sections 1 and 2. I loved how he created sample tests to gauge your knowledge of each section.
      2. Matt Callaway’s VCAP6-DCV Design Study Guide – links to many of the videos but other applicable notes he created.
      3. Hersey’s write-up on exam experience and study notes – again, very good and the callout for the books too.
      4. David Stamen’s summary and important notes – I would stress the importance of David’s tips. They are SPOT ON!
      5. Rene van den Bedem’s Availability Explained post – very good and thorough.
      6. VirtualTiers Sample Quiz by Jason Grierson – really cool site that provides a sample design. Again, many of the questions are the Visio-type stitching but drives the thought-process around the design.
      7. vMusketeers VCAP6-DCV Design Quiz – a lot of work was put into this. Again, driving and testing your knowledge

Exam Tips

  1. I think many of the vCommunity members covered a lot of the specific things, but I will point out things that come top of mind.
  2. Know your Requirements, Assumptions, Constraints, and Risks. Practice, practice practice! I had a hard time understanding functional versus non-functional and then it finally clicked for me.
  3. Understand your AMPRS – Availability, Manageability, Performance, Recoverability, and Security. Again, practice these and understand what are the specific metrics and how non-functional requirements can be categorized in each respective role.
  4. Don’t be afraid of reviewing the 5.x and 6.0 VCAP-Design material. Again, all very pertinent.
  5. Be well prepared for anything that has changed in vSphere 6.5. There are many things that may have changed or enhanced so you’ll need to have knowledge of these aspects.
  6. Last of all, make sure you have working knowledge of design scenarios. I think this has to come with experience and dealing with actual customer situations. This does come with time and exposure.

Post-Exam Thoughts

  1. I thought the exam was very challenging, yet fair. Like I said before, this is my first VCAP-Design, so I cannot comment about the Visio-drawings that were required (albeit I heard these were difficult).
  2. Expect a lot of thought process on each question. TAKE YOUR TIME, you will have plenty of time. I had an hour left even after reviewing every question twice.
  3. Expect the multiple choice, select “x”, and drag and drop.
  4. Go with your instinct and ensure you read the questions clearly.

I hope this helps others – cheers!


vCloud Director Extender – Org Admin Permissions Script

On June 11th, there was a new release of vCloud Director (vCD) Extender that included a change in the organization administrator permissions. Big thanks to my peer Tomas Fojta for his collaboration and working with the Business Unit on further enhancing this permissions structure.

I have updated the PowerShell permissions script that will add these to the specified org. Note this is ONLY for version of vCD Extender, so I am leaving my previous revisions alone.

I am probably stating the obvious here, but this can also be added via the vCD API. Here are the right references to add if you so choose:

<RightReference href="{url}/right/105191de-9e29-3495-a917-05fcb5ec1ad0" name="Organization vDC Gateway: View L2 VPN" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/eeb2b2a0-33a1-36d4-a121-6547ad992d59" name="Organization vDC Gateway: Configure L2 VPN" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/66b32e08-1eeb-37ac-9266-ffbd19b39dd8" name="Right: View" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/4886663f-ae31-37fc-9a70-3dbe2f24a8c5" name="Catalog: Add vApp from My Cloud" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/438e45e9-9389-3e29-9073-638b36921a2a" name="Disk: Create" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/1e5ad20d-1023-34d1-b073-1ea30bce3854" name="Disk: Delete" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/7bbee458-b3c5-3252-ba5a-b1781b1c7b92" name="Disk: Edit Properties" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/fd036ae5-b78b-3c9f-8f28-a7f6b33d0d92" name="Disk: View Properties" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/2cd03d47-38e1-337a-907c-8d5b6a5258f2" name="Organization vDC Distributed Firewall: Configure Rules" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/4e61b5b8-0964-36b6-b021-da39aea724fc" name="Organization vDC Distributed Firewall: View Rules" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/9dc33fcb-346d-30e1-8ffa-cf25e05ba801" name="Organization vDC Gateway: Convert to Advanced Networking" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/d1c77fc0-a4b9-3d99-bd4b-d7fab35e4fae" name="Organization vDC Gateway: View" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/2cd2d9d7-262c-34f8-8bee-fd92f422cc2c" name="General: Administrator Control" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/0b8c8cd2-5af9-32ad-a0bd-dc356503a552" name="General: Administrator View" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/b0cfe989-521b-3d7f-9bc2-f23c74a99633" name="Organization vDC Network: Edit Properties" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/2c8d98ef-4acc-3be4-9214-fcb9682b7a19" name="Organization vDC Network: View Properties" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/6cb3596a-15eb-3c2f-a657-5f14f2039719" name="Organization Network: Edit Properties" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/194c71a1-3d68-3156-b789-6a6384028b78" name="Organization Network: View" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/60be4106-1f9f-325c-8ff4-8bf2c6d9bc0a" name="Organization Network: Create or Delete" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/2dc8abec-2e0d-3789-a5f9-ce0453160b53" name="vApp: Create / Reconfigure" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/df05c07f-c537-3777-8d9b-a9cfe8d49014" name="vApp: Delete" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/c2a29357-1b2a-3f9d-9cd6-de3d525d49f3" name="vApp: Edit Properties" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/580860cd-55bc-322d-ac39-4f9d8e3e1cd2" name="vApp: Power Operations" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/4965b0e7-9ed8-371d-8b08-fc716d20bf4b" name="vApp: Copy" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/8832800f-575f-3501-ad84-8e15f3898f11" name="vApp: Change Owner" type="application/vnd.vmware.admin.right+xml"/>
<RightReference href="{url}/right/5250ab79-8f50-33f9-8af5-015cb39c380b" name="vApp: Edit VM Properties" type="application/vnd.vmware.admin.right+xml"/>


Below is the updated PowerShell script. Again, another thanks to Jon Waite for letting me borrow his initial code!

# vCloud Director Extender Permissions Setup - initially created by KiwiCloud.Ninja - modified by Daniel Paluszek -
# Creation Date: 2018-June-15
# Version 2.1 - for vCD Extender and vCloud Director 9.1
# Adds specific permissions required for vCD Extender Org Admin to connect successfully to cloud instance.
# NOTE: These are tested on version vCD and vCD Extender
# Note that Organization roles (e.g. Organizational Administrator) still need to be edited to add these rights once is executed
# NOTE: You must be connected to the vCloud API (Connect-CIServer) with a System administrative user prior to running the script for this to work.
# Add your Org name and vCD instance name below
$OrgToUpdate = '&lt;INSERT-ORG-NAME&gt;'
$APIendpoint = '&lt;INSERT-IP-OR-FQDN-OF-VCD&gt;'

Function vCloud-REST(
[string]$Method = 'Get',
[string]$ApiVersion = '27',
[int]$Timeout = 40
$mysessionid = ($global:DefaultCIServers | Where { $_.Name -eq $APIendpoint }).SessionId
$Headers = @{"x-vcloud-authorization" = $mysessionid; "Accept" = 'application/*+xml;version=' + $ApiVersion}
if (!$ContentType) { Remove-Variable ContentType }
if (!$Body) { Remove-Variable Body }
[xml]$response = Invoke-RestMethod -Method $Method -Uri $URI -Headers $headers -Body $Body -ContentType $ContentType -TimeoutSec $Timeout
Write-Host "Exception: " $_.Exception.Message
if ( $_.Exception.ItemName ) { Write-Host "Failed Item: " $_.Exception.ItemName }
Write-Host "Exiting."
return $response
} # Function vCloud-REST End

# Adds required permissions for vCD Extender connectivity - still require to apply permissions in the UI once executed!
$newrights = @{}
$newrights.Add("Organization vDC Gateway: View L2 VPN", "105191de-9e29-3495-a917-05fcb5ec1ad0")
$newrights.Add("Organization vDC Gateway: Configure L2 VPN", "eeb2b2a0-33a1-36d4-a121-6547ad992d59")
$newrights.Add("Right: View", "66b32e08-1eeb-37ac-9266-ffbd19b39dd8")
$newrights.Add("Catalog: Add vApp from My Cloud", "4886663f-ae31-37fc-9a70-3dbe2f24a8c5")
$newrights.Add("Disk: Create", "438e45e9-9389-3e29-9073-638b36921a2a")
$newrights.Add("Disk: Delete", "1e5ad20d-1023-34d1-b073-1ea30bce3854")
$newrights.Add("Disk: Edit Properties", "7bbee458-b3c5-3252-ba5a-b1781b1c7b92")
$newrights.Add("Disk: View Properties", "fd036ae5-b78b-3c9f-8f28-a7f6b33d0d92")
$newrights.Add("Organization vDC Distributed Firewall: Configure Rules", "2cd03d47-38e1-337a-907c-8d5b6a5258f2")
$newrights.Add("Organization vDC Distributed Firewall: View Rules", "4e61b5b8-0964-36b6-b021-da39aea724fc")
$newrights.Add("Organization vDC Gateway: Convert to Advanced Networking", "9dc33fcb-346d-30e1-8ffa-cf25e05ba801")
$newrights.Add("Organization vDC Gateway: View", "d1c77fc0-a4b9-3d99-bd4b-d7fab35e4fae")
$newrights.Add("General: Administrator Control", "2cd2d9d7-262c-34f8-8bee-fd92f422cc2c")
$newrights.Add("General: Administrator View", "0b8c8cd2-5af9-32ad-a0bd-dc356503a552")
$newrights.Add("Organization vDC Network: Edit Properties", "b0cfe989-521b-3d7f-9bc2-f23c74a99633")
$newrights.Add("Organization vDC Network: View Properties", "2c8d98ef-4acc-3be4-9214-fcb9682b7a19")
$newrights.Add("Organization Network: Edit Properties", "6cb3596a-15eb-3c2f-a657-5f14f2039719")
$newrights.Add("Organization Network: View", "194c71a1-3d68-3156-b789-6a6384028b78")
$newrights.Add("Organization Network: Create or Delete", "60be4106-1f9f-325c-8ff4-8bf2c6d9bc0a")
$newrights.Add("vApp: Create / Reconfigure", "2dc8abec-2e0d-3789-a5f9-ce0453160b53")
$newrights.Add("vApp: Delete", "df05c07f-c537-3777-8d9b-a9cfe8d49014")
$newrights.Add("vApp: Edit Properties", "c2a29357-1b2a-3f9d-9cd6-de3d525d49f3")
$newrights.Add("vApp: Power Operations", "580860cd-55bc-322d-ac39-4f9d8e3e1cd2")
$newrights.Add("vApp: Copy", "4965b0e7-9ed8-371d-8b08-fc716d20bf4b")
$newrights.Add("vApp: Change Owner", "8832800f-575f-3501-ad84-8e15f3898f11")
$newrights.Add("vApp: Edit VM Properties", "5250ab79-8f50-33f9-8af5-015cb39c380b")

$myendpoint = $global:DefaultCIServers | Where { $_.Name -eq $APIendpoint }

if (!$myendpoint.IsConnected) {
Write-Host "Not connected to this vCloud endpoint, use 'Connect-CIServer' before running this script."

$org = Get-Org -Name $OrgToUpdate -Server $APIendpoint

if (!$org) {
Write-Host "Couldn't match organization with name $OrgToUpdate, exiting."

$rightsuri = 'https://' + $APIendpoint + "/api/admin/org/" + $org.Id.Substring($org.Id.LastIndexOf(':')+1) + "/rights"

[xml]$rights = vCloud-REST -URI $rightsuri -ContentType 'application/' -Method 'Get' -ApiVersion '27.0'

# Add the new API v27 'RightsReference' elements to the XML returned:
foreach($newrule in $newrights.Keys) {
$newright = $rights.CreateElement("RightReference", "")

# Update the Organization with the ammended rights:
vCloud-REST -URI $rightsuri -ContentType 'application/' -Body $rights.InnerXml -Method 'Put' -ApiVersion '27.0'

Happy migrating,


vCloud Director Extender Released!

I am happy to announce that vCloud Director Extender was released earlier this week as we can see below –

We can also see the release notes have been posted here:

So, what’s new with this release?

Updated Items

  1. Tested operational scale – a significant amount of testing and evaluation was put into this release to verify the number of deployments, cold or warm migrations, and L2VPN network extensions (or DC Extensions). This allows the Provider to plan accordingly based on these guidelines.
    1. Up to 20 connected on-prem Managers to a single Provider Extender Manager instance.
    2. Migrate up to 50 VM’s via warm migration simultaneously to a Provider
    3. 300 to 1500 cold migrations from a single to multiple on-prem instances to a Provider
    4. Up to 5 L2VPN extensions per on-prem instance, or up to 20 extensions from multiple tenant instances to a Provider.
  2. Support for older vCenter instances – this was a big ask from our Providers where they were working with clients that had 5.5 instances. This allows for a seamless migration to a vCloud environment.
  3. Offline seeding to a target cloud – minimizes the amount of initial sync time before cutover. Very nice addition.
  4. Co-existence with vCloud Availability for DR – another great value point for current Providers that are running vCAv DR2C for DR as a Service (DRaaS) simultaneously. Note that you can only migrate or protect a VM with one of the products, not both.
    1. Another note – I am currently running vCloud Availability for Cloud to Cloud (vCAv-C2C) in my test environment and this seems to co-exist with vCD Extender. However, this has not been certified as of yet!
  5. Testing a cutover in a war migration that does consistency checks to verify functionality.

Last of all, there was a permissions update for the organization administrator role. Please review this blog post for my updated permissions script and the necessary org admin rights.

Thank you!