Changing UPN suffix for all users in a group
Simple PowerShell one-liner – Get-ADGroupMember "GroupIWantToTarget" | %{ $UserObj = Get-ADUser $_; $OldUPN = $UserObj.UserPrincipalName; $NewUPN =...
View ArticleService SIDs etc.
Just so I don’t forget. The SCOM Agent on a server is called “Microsoft Monitoring Agent”. The short service name is “HealthService” and is set to run as Local System (NT Authority\System). Although...
View ArticleOps Manager – PowerShell script failed – SCOMpercentageCPUTimeCounter.ps1
I was getting PowerShell script failed errors for one of our servers being monitored via SCOM. The error was along these lines: System.Management.Automation.ActionPreferenceStopException: The running...
View Article[Aside] Easily switch between multiple audio outputs using SoundSwitch
Via the always helpful How-To Geek – if you have multiple audio output devices on Windows 10 (e.g. HDMI, regular headphones via the headphone jack, a couple of Bluetooth headphones) like I do, and...
View Article[Aside] Query remote RDP sessions and kill them
If you want to query the remote RDP sessions on a machine: query session /server:<ServerName> And to disconnect: reset session <SessionID> /server:<ServerName>
View ArticleTIL: Network access: Restrict clients allowed to make remote calls to SAM
Today I learnt of this setting. I was seeing messages like the following on a couple of my servers and read the link: 1 remote calls to the SAM database have been denied in the past 900 seconds...
View Article[Aside] Various DPM 2016 links
Reading up on (and trying to work with) DPM 2016 nowdays so here’s some links to myself before I close them from the browser: How does DPM work? Very briefly, and skipping over the details: There’s a...
View Article[Aside] Printer Objects in AD
I knew printer objects were present in AD but had no idea where to go look for them. Today I had a need to, and this post helped.
View ArticleDNS SRV records used by AD
Just thought I’d put these here for my own easy reference. I keep forgetting these records and when there’s an issue I end up Googling and trying to find them! These are DNS records you can query to...
View ArticleHaving both DHCP server and PXE server as IP Helpers
I always thought you don’t specify a PXE server in the list of IP Helpers. Rather, you specify DHCP servers, and the DHCP servers have options 66 (boot server) and 67 (boot file name) which specify the...
View Article[Aside] Offline CRL errors when requesting a certificate
This blog post saved my bacon many times in my home lab. Remember this command: certutil –setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE
View ArticleClik here to view.
New ADFS configuration wizard does not pick up SSL certificate
Was setting up ADFS in my home lab and I encountered the following issue. Even though I had a certificate generated and imported to the personal certificate store of the ADFS server, it was not being...
View ArticleClik here to view.
ADFS 2016 prompts for credentials via a popup (and doesn’t work)
Setup ADFS in my home lab. There’s a single server called rak1adfs01.raxnet.global. The ADFS service is called adfs.raxnet.global and in DNS this is a CNAME to the server. When I go to...
View ArticleRestore-GPO : Value does not fall within the expected range
Once in a while you Google on some error and come across an old blog post of yours … and you smile. :) That’s what happened today. I was trying to Backup-GPO and Restore-GPO between two (trusted)...
View ArticleADFS and CNAME records – HTTP/400 error with WIA
I had heard that it is better to create an A record for ADFS (i.e. you get an IP address as the reply when querying the record) rather than a CNAME record (i.e. you get a name and the IP address of...
View ArticleADFS WIA Support UserAgent strings for Chrome etc.
This is more as a note to myself. Out of the box ADFS does not have WIA enabled for most browsers. You need to add the UserAgent strings of browsers you wish to enable WIA for. Here is the cmdlet with...
View ArticleServerManager crashes on add/ remove roles
Learnt from various forum posts when I experienced it today: If ServerManager crashes on add/ remove roles, or Get-WindowFeature and related cmdlets throw a “The given key was not present in the...
View ArticleClik here to view.
Setting up SimpleSAMLphp on Windows Server with ADFS
Going to be brief here as it’s late at night. SimpleSAMLphp is a PHP application you can setup as a Relying Party in ADFS if you want a test application to play around with it. (It can do more things...
View ArticleFirefox and ADFS WIA
Hat tip to this blog post. You have to add the URL of you ADFS server to the network.automatic-ntlm-auth.trusted-uris setting in about:config. Official documentation from Mozilla is here. Firefox, by...
View ArticleRandom ADFS notes
(Nothing new here. I was taking notes when reading up while troubleshooting an issue). All incoming rules can be thought of as being stored in an input rules set. All the claim rules are in a claim...
View Article