Kevin Oppihle's Tech Notes

When installing the printer even as an administrator on the PC it fails to complete with error 740  Open up a command prompt as an administrator then run the following command to open up the "add a device" printer installation wizard: rundll32 printui.dll,PrintUIEntry /il Select the printer and the installation should complete properly with elevated credentials.

  In Azure AD Sync you get the following 8344 Insufficient access rights to perform the operation on one or multiple accounts: Go to ADUC and right click on your domain to open Properties. Go the Security Tab and confirm the account that is used for synchronization has the following permissions: If still having the issue, I have found that if your sub OU or users are blocking inheritance that can also block the permissions from applying to the lower OU’s. Here is an example of proper setting in an sub OU. Note it says “Disable Inheritance” indicating inherence is properly enabled: Note: Inheritance may be disabled for another reason so please confirm with your Administrative team before revising. Worse case you can manually add those permissions without enabling inheritence.   The same can happen to an individual user. In this case Inheritance is disabled thus the option displayed to “Enable Inheritance” :

  When you access your 365 Exchange mail trace and run a query it will show the “Go Hunt for this message” option.       However if you don’t have the proper Microsoft Defender Licensing it appears to fail the hunt: For a more manual FREE method of clear those messages out such as the one in the image below we can use the Compliance Features. From Admin Centers Open Compliance: Content Search: Name and Description (Shorter name is easier for script later)   I am only removing from Exchange in this instance:  I selected Query Build so I can customize for my query:  Confirm/Submit: You can monitor it from the Content Search and open it once status is complete:   Double click to open the results: Reminder: If your query legitimate or not contains more than 10 emails per mailbox or more that 50,000 mailboxes this will not work! If you have more than 10 it may only delete the first 10 it finds. If you run it over and over again it still won’t remove any m

  Veeam is now supporting OTP App MFA in their console application with the release of Veeam Backup and Replication v12. There is some preliminary work required. It requires a read through understanding first, but it works.   High level - While you can only do so much with access to the server, you can block RDP to it (best practice) and force MFA on local accounts in Veeam.   The snag is to turn on MFA you cannot use groups, so you need to add your Administrator or anyone else individually, set Veeam permissions and remove the default Administrators group.   To skip/block any account from requiring MFA you click on "this is a service account" and it won’t force MFA.   You then turn on MFA for the system. That enables it for the user that needs MFA and everyone else that is not a "service account". It will prompt them with a scannable app code and one you can cut and paste into an app such as mobile authenticator or ITGlue.   If access to that

If you have a newer domain you can setup failover to the new DHCP and then remove the failover dependency after or you can do a quick file copy if you can have a quick down window. I am a fan of the following process for efficiency: First I would recommend lowering your TTL on DHCP to 30 min to an hour Open command prompt as an administrator from the server you are exporting DHCP from: netsh dhcp server export C:\source\dhcp.dat all Copy the dhcp.dat to the C:\source\ on the new DHCP server Run the following command from command prompt as an administrator: netsh dhcp server import C:\source\dhcp.dat all Confirm settings imported and revise scopes as necessary Disable old DHCP server (disable service to avoid auto start later) Enable/Authorize new DHCP server and scope and test Note: Dont forget to point any DHCP helpers or other network appliances as necessary to the new DHCP server. Another migration method is to run the following:  From current DHCP Server export to c:\source (named

It happens all the time. You have a system you cant reach internally or other remote access software, but you can ping it and know it is alive. You know if it is restarted it will probably allow you access and you don't want to drive across town or worse to press a power button.  From a domain controller logged on as administrator run the following command from the run menu " Shutdown /i " The following shutdown menu will appear: ' Click Add to add the computer name you need to restart or shutdown. If you want it to restart it without delay, change the option from Restart to Shutdown so you can access and uncheck the greyed out "Warn user of the action" Then change dropdown back to restart and you can restart without "warning" You will have to put in a comment as well. before clicking ok. I would recommend you also open up a command prompt and run a constant ping using the Ping -t command to see when it goes offline and comes back for example:

  When attempting to upgrade from Server 2012R2 to 2016 or 2019 I received an error similar to this one. It may even say Windows 7 or Windows 10 going to a server version which makes you scratch your head. Make sure you have a valid backup available if possible snapshot as needed You can review the upgrade logs here: https://support.microsoft.com/en-us/topic/log-files-that-are-created-when-you-upgrade-to-a-new-version-of-windows-9ec8aa31-0cc1-a0b2-2d98-e9c6714349b9 Make sure NO GPO’s are applying to the server that could impact licensing If using KMS you can also drill down into its configuration but that’s a deeper dive than we needed: https://learn.microsoft.com/en-us/windows-server/get-started/activation-troubleshoot-kms-general Create a local Administrator instead of a domain Administrator Install Windows Updates available and reboot Disconnect from network Attempt 1) Logon as local Administrator and attempt Upgrade Attempt 2) Try removal from the domain tem

 If you installed a windows server using evaluation versions you will need to convert it a standard or datacenter version to license it.   Before you start: -Confirm you have a good update -Confirm you have a tested backup available -Dont perform this on a domain controller   To convert open CMD Prompt or PowerShell as an Administrator confirm what version is running: dism /online /get-currentedition see what versions you can change to: dism /online /get-targeteditions To convert and install a license run the following with your license key: dism /online /set-edition:serverstandard /productkey:<Your-Key-Goes-Here> /accepteula If you just need a temporary key till you install your legal keys or you have a KMS server you can use the KMS keys on MS to get your OS converted: https://learn.microsoft.com/en-us/windows-server/get-started/kms-client-activation-keys For example to convert Server 2022 from Evaluation to Standard Server 2022 I used the following

  Quick Checks: -Check and confirm the network browsing is working and it has not changed your firewall to public -Use Event Viewer to get more detail. It is the easiest quick resource but note the timeline of the errors many times you will see errors as the server is booting up and initializing. Ignore those and pay attention to the logs after full boot up completes. (i.e. don’t chase your tail) -Most alerts are generic in their details/description. Make sure you are addressing ones that matter for your current AD forest and domain level. If it doubt escalate to someone that knows. You can melt down your domain by following bad online advice. -Check DNS settings on the network interface and point your DC to another DC first then itself second. There are different views on this but I do so to avoid DNS isolation. -Know your FSMO Role holders. If you don’t know what FSMO role holders are you should not be learning on production. Quickest way to check them is: NETDOM /query F