Kevin Oppihle's Tech Notes

Open Powershell as Administrator Run the following: Connect-MSOLservice Get last password change time: get-msoluser |fl displayname,lastpasswordchangetimestamp You can export it to a file as well: get-msoluser |fl displayname,lastpasswordchangetimestamp > c:\passchange.txt

Copy and Past the following into notepad and revise the “ yourdomain ” fields and Save the file as c:\PassSync.PS1 Import-Module ADSync $adConnector  = " yourdomain .local" $aadConnector = " YourDomain .onmicrosoft.com - AAD" $c = Get-ADSyncConnector -Name $adConnector $p = New-Object Microsoft.IdentityManagement.PowerShell.ObjectModel.ConfigurationParameter "Microsoft.Synchronize.ForceFullPasswordSync", String, ConnectorGlobal, $null, $null, $null $p.Value = 1 $c.GlobalParameters.Remove($p.Name) $c.GlobalParameters.Add($p) $c = Add-ADSyncConnector -Connector $c Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $aadConnector -Enable $false Set-ADSyncAADPasswordSyncConfiguration -SourceConnector $adConnector -TargetConnector $aadConnector -Enable $true Open Powershell as Administrator Run the following: Connect-MSOLservice Then either run the PassSync.PS1: or cut and paste the contents of t...

Problem: Processing configuration Error: Job failed (''_replica' failed to remove resources. (Virtual machine ID 2A4925C2CD25) The Virtual Machines configuration -2A4925C2CD25 at 'E:\HyperV\Replicas\a4a4fe50e973' is no longer accessible: The requested operation cannot be performed on a file with a user-mapped section open. (0x800704C8).'). Error code: '32768'. Solution: Temporarily disable your Anti-Virus and retest the replication. Add Anti-Virus exclusions for Veeam and the Hyper-V Configuration file and virtual disk locations and retest.

Problem : After you install the Windows Management Framework 4.0 which includes the update to Powershell 4. It installs successfully but Powershell 4 is missing? Solution : You probably did not installed the pre-requisite .net 4.5 http://www.microsoft.com/en-us/download/confirmation.aspx?id=30653   Install .net 4.5 on 2012 from the built in installer. On Windows 7 or 2008 R2 use the download link above. Note: 2008 R2 SP1 also is required Once .net 4.5 is installed then rerun the installer for Windows Management Framework 4.0 http://www.microsoft.com/en-us/download/details.aspx?id=40855 Note: you do not have to uninstall and reinstall the package just rerun it. Restart the system and confirm the version of Powershell you have running use the following command within powershell: $PSVersionTable.PSVersion Note: For other version prerequisites see the link below for more details Credit- http://social.technet.microsoft.com/wiki/contents/articles/21016.how-to-install-window...

Warning: Uninstall all previous versions of office, that includes 2013 and 365 demos before proceeding Users must be admins on their systems temporarily for the GPO to work. Create a shared folder on your central server for example \\SRV-UTIL01\OfficeDeploy\ Download the Office Deployment Tool and extract to \\SRV-UTIL01\OfficeDeploy\ http://www.microsoft.com/en-us/download/details.aspx?id=36778 Create 2 XML files with the options The first is Download.XML which sets your path, 32 or 64 bit, and is used for the download process: <Configuration> <Add SourcePath="\\SRV-UTIL01\OfficeDeploy\" OfficeClientEdition="64" > <Product ID="O365ProPlusRetail"> <Language ID="en-us" /> </Product> </Add> </Configuration> The second is RDPConfiguration.xml used to deploy Office 365 ProPlus package Note: The example that is included with the Office Deployment Tool might as well be blank since it is rem’d out with t...

Caution : DO NOT run this on Domain Controller C:\ and only run on roaming profiles folders, or my docs shares day of migration to avoid ownership change issues. Confirm Domain trust is in place and users and groups have been migrated Test ping of olddomain.org from new domain Test ping of newdomain.org from olddomain Add newdomain.org domain controller host records to olddomain.org including reverse DNS records Confirm the user running the app is a domain admin in BOTH domains Download SubinACL here: http://www.microsoft.com/en-us/download/details.aspx?id=23510 /Migratetodomain- command will add the permissions of the new user to the old files and folders for example if jimbob@olddomain.org was migrated to the new domain jimbob@newdomain.org and you run the command below any file or folder in that path that has jimbob@olddomain.org will add Jimbob@newdomain.org with the exact same permissions. This is a safer way to migrate by keeping the old and new permissions intact while a...

Log onto Microsoft Volume License site: https://www.microsoft.com/Licensing/servicecenter/default.aspx At the top of Home select “View Online Service Activations” as shown below Select the license and click Manage Activations as shown below: It is assumed you already have 365 admin account setup so select “I have and account for my organization to use” as shown below: Enter in your 365 Admin account credentials and Sign in: Select which licenses you wish to activate and select Start Activation. Note: You do not have to active them at the same time as in the case above they waited 2 months to activate the E3’s but immediately activated the E4’s. The License Key will be displayed. Select Next: Final Confirmation! And Activate!: Confirm Activation in your 365 console under Billing and Subscriptions :

Log onto the Licensing Management Platform using the following link: https://licensingplatform.trendmicro.com/xLP/EndUserMng/EndUser/Landing?T=4DBC6EAD Top Right Select “Trend Micro Remote Manager”: Left side “Customers”: Select that specific Customer and “WFBS-SVC_WFBS_SaaS_MSP” Select Administration> Manage Co-Administrators: Add administrator: Enter in the username, information, submit and it will send out an email for their approval and allow them to set their own password: Note: They are a FULL administrator at this point so be very cautious and warn them of potential dangers/impact to making any changes.

$UserCredential = Get-Credential Enter in 365 admin and credentials when prompted : $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic –AllowRedirection Import-PSSession $Session Connect-msolservice Enter in 365 admin and credentials when prompted : Username change: Set-MsolUserPrincipalName -newuserprincipalname newname@yourdomain.com -userprincipalname oldname@yourdomain.com Credit- https://technet.microsoft.com/en-us/library/hh974317.aspx

So a client had an old SBS 2011 server that was out of service with Exchange 2010 on it. They have been running Office 365 for about 9 months and did a clean cutover no migration, since most of the data was, as they put it “old junk”. However they wanted a copy of that “old junk” before that server is taken to the recycle center just in case. Which is always a good idea and sounds simple enough. Since it is exchange 2010 you don’t have to use exmerge or some other older tool you can use powershell commands that export each mailbox to its own big .PST to a drive share that will be copied to a copy external hard drives or tapes and put on a shelf and be forgotten about till some needs a drive or tape. So I start out trying to run the basic command to give myself permissions: New-Managementroleassignment –Role “Mailbox Import Export” –User “Administrator” Command does not exist … (Quick Research and I need to add Exchange Service Pack 1) Install SP1 and run the command above again and i...

Problem : Exchange 2010 Store is using too much memory making response times slow for other services. The problem may be related to your Exchange 2010 Cache Sizes. See the chart below: Default mailbox database cache sizes: Server physical memory (RAM) Database cache size: (Mailbox role only) Database cache size: Multiple-role (Mailbox + Hub Transport) 2GB 512 MB Not supported 4GB 1 GB Not supported 8GB 3.6 GB 2 GB 16GB 10.4 GB 8 GB 24GB 17.6 GB 14 GB 32GB 24.4 GB 20 GB 48GB 39.2 GB 32 GB 64GB 53.6 GB 44 GB 96GB 82.4 GB 68 GB 128GB 111.2 GB 92 GB Solution : To revise the size limits you need to open ADSIedit, right click on ADSIEdit and select “Connect to…” as shown below: In Connection Settings > select a well know Naming context “Configuration” and “OK” as shown below: Now we need to drill down to the proper CN=Information Store Configuration>Configuration>Services>Microsoft Exchange> Firs...

Problem: you run the setup.exe /download download.xml and fails immediately with “Couldn’t install” You make sure all the settings are correct (see other blogs) and find nothing wrong Solution: Change drives and run it as an administrator again. For example above i am in the F:\OfficeDeploy directory which is the same directory I have the download.xml directing the download to. If i Change to the c: and run the same command again it works The Office Data folder was created and updated as shown below:

Problem: You install Trend Worry Free and cannot access the console. When prompted with “There is a problem with this website’s security certificate” warning and you click continue as shown below:   You receive the following error “this page can’t be displayed” res://ieframe.dll/: Solution: Add res://ieframe.dll/ and your Trend Worry Free Site to local intranet. Internet Options> Security> Local intranet>Sites: Advanced: Add> res://ieframe.dll/ and your Trend Console site such as https://srv-util01.corp.example.com:4343 uncheck require https:// and close Restart your browser and test. Credit References : Giampiero Censori

Warning : Uninstall all previous versions of office, that includes 2013 and 365 demos before proceeding Users must be admins on their systems temporarily for the GPO to work. Create a shared folder on your central server for example \\SRV-UTIL01\OfficeDeploy\ Download the Office Deployment Tool and extract to \\SRV-UTIL01\OfficeDeploy\ http://www.microsoft.com/en-us/download/details.aspx?id=36778 Create 2 XML files with the options The first is Download.XML which sets your path, 32 or 64 bit, and is used for the download process: <Configuration> <Add SourcePath="\\SRV-UTIL01\OfficeDeploy\" OfficeClientEdition="64" > <Product ID="O365ProPlusRetail"> <Language ID="en-us" /> </Product> </Add> </Configuration> The second is Configuration.xml used to deploy Office 365 ProPlus package Note: The example that is included with the Office Deployment Tool might as well be blank since it is rem’d out with th...

Log onto the Server as an Administrator 1. open Ntdsutil 2. set dsrm password . 3. reset password on server null . 4. Type the new password when you are prompted and enter 5. Reenter the new password and enter 6. Q to quit 7. Document the change

You setup your new domain imported or added user then realize you left out a field such as mail details. Since all users are different you can’t do a bulk select all and edit you have to set each one individually or via a .csv file and script. Here is a working example: note : If your “user logon name” does not match your “user logon name (Pre-Windows 2000)” it will fail on those users. Create an excel file with the following fields and export to a csv called c:\admailfield.csv name mail kevin.oppihle kevin.oppihle@domainname.com Create a .txt file and input the following $users=import-csv C:\Source\admailfield.csv foreach($user in $users){ $u = Get-ADUser $user.name -Properties mail $u.mail = $user.mail  Set-ADUser -instance $u } Save the file as admailfiled.ps1 Open powershell as an administrator on you local AD server and run   ./admailfield.ps1 You can then use AD users and computers to confirm the changes were added to AD Credit References : DuRand Brya...

You setup Office 365 DirSync and the default domain for the users is domainname.onmicrosoft.com instead of your default defined domain in Office 365. It will not allow even the Office 365 administrator change the email addresses of individual users from the Office 365 console. The reason is with AD synchronization enabled by default it uses the proxy address field of the user sent from AD. If that is blank in AD it will use domainname.onmicrosoft.com. You can either use ADSIedit to modify the proxy address fields individually for each user or you can use a powershell script and csv file such as the one below to do so in bulk. Word of warning it will overwrite any existing proxyaddresses not just SMTP: (primary) it will also remove smtp: (aliases) if you run it as is. Additionally if your “user logon name” does not match your “user logon name (Pre-Windows 2000)” it will fail on those. Create an excel file with the following fields and export to a csv called c:\mailboxlist.csv na...

If you do directory sync from AD to Office 365 users will not be able to change their passwords on the Office 365 portal. Since the AD sync is a one way process the password changes do not come back into AD locally. Thus by default the Office 365 Portal will not allow users to change their passwords as they will just be overwritten by the local AD. The problem this creates is sometimes you have a mix of users some local and some that may not have local domain access to change their passwords. The following is a work around using OU exclusion from DirSync. First we need to put the users in a separate OU such as “Webmail” then we will exclude that OU from DirSync. That will allow them to change from “Directory Synced” to “Cloud”. Which you can confirm in the Office 365 Admin Console. Here are the steps: Caution : Seasoned Domain Admins Only this is Active Directory and email flow will be impacted for users as they are changed “you break it you bought it…” Copy Shortcut to desktop C:\Pr...