Clik here to view.
ADFS with Exchange OWA & ECP (contd.)
This is a continuation to my post from yesterday. While OWA works fine following my post yesterday, I learnt today that ECP does not work for users in the second domain. (To use correct terminology,...
View ArticleADFS across trusted forests
I don’t know why there aren’t any blog posts on ADFS across trusted forests on the Interwebs. I know people are aware of it (we use it at our firm for instance) but whenever it comes to cross forest...
View Article[Aside] Enable ADFS Logging
See https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/troubleshooting/ad-fs-tshoot-logging. Enable the ADFS Tracing Logs. Enable auditing via Set-AdfsProperties -AuditLevel Verbose....
View Article[Aside] Registry keys for Enabling TLS 1.2 etc.
Came across via this Exchange blog post. Registry keys for enabling TLS 1.2 as default as well as making it available if applications as for it. Also contains keys to enable this for .NET 3.5 and 4.0....
View Article[Aside] Clearning Credential Manager
Very useful blog post. Clearing all entries in credential manager.
View ArticleTIL: Teams User-Agent String
Today I learnt that Teams too has a User-Agent String, and it defaults to that of the default browser of the OS. In my case, macOS with Firefox as the default, it was using the User-Agent String of...
View ArticleClik here to view.
Certificates in the time of Let’s Encrypt
Here’s me generating two certs – one for “edge.raxnet.global” (with a SAN of “mx.raxnet.global”), another for “adfs.raxnet.global”. Both are “public” certificates, using Let’s Encrypt. PS...
View ArticleDemoting a 2012R2 Domain Controller using PowerShell
Such a simple command. But a bit nerve racking coz it doesn’t have much options and you wonder if it will somehow remove your entire domain and not just the DC you are targeting. :)...
View ArticleUnable to install a Windows Update – CBS error 0x800f0831
Note to self for next. Was trying to install a Windows Update on a Server 2012 R2 machine and it kept failing. Checked C:\Windows\WindowsUpdate.log and found the following entry:...
View ArticleClik here to view.
Deploying Office 2016 language packs (using PowerShell Admin Toolkit)
I need to deploy a language pack for one of our offices via ConfigMgr. I have no idea how to do this! What they want is for the language to appear in this section of Office: I don’t know much of...
View ArticleClik here to view.
Useful NPS & certificate stuff (for myself)
Came across an odd problem at work the other day involving NPS and Wireless APs. We have an internal wireless network that is set to authenticate against Microsoft NPS using certificates. The setup is...
View Article[Aside] Demystifying the Windows Firewall
Quick shoutout to this old (but not too old) video by Jessica Payne on the Windows Firewall. The stuff on IPSec was new to me. It’s amazing how you can skip targeting source IPs and simply use IPSec to...
View Article[TIL] WMI filtering has separate precedence with GPOs
I knew that when it comes to a bunch of GPOs linked to an OU the one with the lowest number (highest in the list) has the highest priority. What I learnt today is that if in this list you have a GPO...
View ArticleClik here to view.
Some Windows firewall troubleshooting …
Obvious in retrospect, but today I picked up something new with Windows firewall. I have a work laptop and I had been trying to RDP into from one of my home machines. Easier, you know, when I am not...
View ArticleGet-ADDomainController : Directory object not found
No, I don’t have a solution to the above. But I do have a workaround in case it affects any one else. :) ldifde -d "OU=Domain Controllers,DC=contoso,DC=com" -f c:\output.txt -l "sAMAccountName,...
View ArticleHow to check LDAPS certificate and TLS version
Get OpenSSL (a list of 3rd party sites here; I went with this one). The connect to your DC thus: openssl s_client -connect <Domain_Controller>:636 To test a specific version add a switch like...
View ArticleNotes on PSADT
Been a while since I worked with PSADT so here’s a quick reminder to myself. PSADT is a god-send for anyone deploying applications via SCCM. To install just run the script: Deploy-Application.ps1 # if...
View ArticleClik here to view.
More Notes on Teams
Quick shoutout to this excellent blog post by James Rankin on installing Teams (aptly titled installing the damned thing). A few weeks ago I had blogged about Teams and I thought I had it under...
View ArticleNew-ADUser – A referral was returned from the server
This stupid error message stumped me for a bit yesterday. Microsoft.ActiveDirectory.Management.ADReferralException: A referral was returned from the server at...
View ArticleAzure AD connect sync via Remote PowerShell
I wanted to initiate a remote sync of Azure AD connect via Remote PowerShell. The cmdlet is simple – Start-ADSyncSyncCycle -PolicyType Delta – but by default you can’t remove PowerShell unless you are...
View Article