• Hi Everyone,

    I need some help in creating and enforcing the English language based on Active Directory Country attribute.

    Country: USA
    Default: English (United States)

    Country: Australia
    Default: English (AU)

    Country: UK
    Default: English (United Kingdom)

    How to set the Group Policy like the above for all of the Office 365 desktop applications on Windows 10?

    Thank you in advance.

  • How often would I need to update the image?

    • The image will be updated every time there is Windows Update released by Microsoft.

    How often would I need to push image on the computer ?

    • Only when the Workstation is broken and newly arrived Workstations.
  • People,

    In CentOS v8 sssd: How to allow specific AD security group like Domain Admins with space in the name to log in while denying everything else?

    This is the /etc/sssd/sssd.conf content:

    domains = DOMAIN.com
    config_file_version = 2
    services = nss, pam
    ad_domain = DOMAIN.com
    krb5_realm = DOMAIN.COM
    realmd_tags = manages-system joined-with-adcli
    cache_credentials = True
    id_provider = ad
    krb5_store_password_if_offline = True
    default_shell = /bin/bash
    ldap_id_mapping = True
    use_fully_qualified_names = True
    fallback_homedir = /home/%u@%d
    access_provider = ldap
    ldap_access_filter = (memberOf=CN=Domain Admins,CN=Users,DC=DOMAIN,dc=com)

    I can only type in the username in Putty as Myself.Admin@DOMAIN.com, but then if the password is correct, I get:

    PuTTY Fatal Error
    Remote side unexpectedly closed network connection

    Thank you in advance.

  • Hi People,

    I’m running Hybrid Exchange 2013 SP1 CU15 (Windows Server 2012R2) and Office 365.
    Azure AD connect is used to sync the On-premise  AD user to the cloud one way up.

    There is no more mailboxes on-premises, all has been migrated to Office 365.

    I need some help and advice in cutting over the existing 2x CAS server that is now running with the namespace owa.domain.com to the new 3x CAS servers running
    Windows Server 2016 and Exchange 2019 CU4.

    What’s the steps and the procedure to avoid the email flow and minimize down time for the users?
    do I need to change both Internal and External the Autodiscover.domain.com to https://autodiscover.outlook.com/autodiscover/autodiscover.xml

    Thank you in advance.

  • As per https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/passwordless-strategy

    I have already upgraded the FFL/DFL to Windows Server 2016.
    What’s the minimum hardware required to achieve this?

    Thank you in advance.

  • Hi, @mikeJ that Setup OS Deployment is the SOE image?

    What’s the steps to implement that.

  • Hi,

    I need your suggestion and tips on what’s the hardest thing when implementing Windows Hello?
    I assume it can only benefit Windows 10 tablets & laptops, not just the desktop. Correct me if I’m wrong.


    1. How does the Mac user & non-Windows user can gain benefits from this implementation?
    2. Are there any caveats and pitfalls or gotchas when implementing Windows Hello in Active Directory that is synched to Azure AD (hybrid)?

    Thank you in advance.

  • There are some ways to do it differently:

    1. Logon to the Domain Controllers with the Schema Master role.
    2. Make sure the login account is part of the Enterprise Admins, Organization Management  & Schema Admins AD group.
    3. Right Click, then Run as Administrator on the cmd. prompt.

    Then let us know how it goes.

  • I need some guidance in what is the best way to deploy WDS and MDT servers across two different geographical offices?

    The bandwidth is only 100 MBps between the two office location.

    • Should I create two different WDS & MDT servers (one in each office location)?
      However, the issue here is that I will need to manually copy the image files across the WAN which can be done via Robocopy after business hours. I assume I can use DFS-R for the OS Image replication. But not sure how to configure this.
    • Should I create one main WDS & MDT server in the main office?
      However, the issue here is the bandwidth contention issue which can impact the network performance in between the sites when deploying a new image.

    So what would be the best practice or the suggested action?

    Any help would be greatly appreciated.

  • IT Engineer changed their profile picture 2 years, 6 months ago

  • Leo, many thanks for sharing the great script 🙂
    this is so cool and more than what I need.

    I thank you for the help.

  • That is great, thanks for the sharing and the update guy.

    @Luc: when I execute your script, the OU Location content is always showing as @{CanonicalName=Domain.com/All Corp/Domain Admin Accounts/Global.Admin}

    Isthere any way to fix that result?

  • IT Engineer changed their profile picture 3 years, 2 months ago

  • Hi People

    I’d like to get some assistance in fixing the PowerShell script below to list the member of an AD security group called Domain Admins and export it to .CSV file.

    $ADGroupType = 'security'
    $ADGroupNamePattern = 'Domain Admins'
    $ResultFile = "C:TEMPMyResult.csv"
    function ConvertFrom-DN {
        process {
            foreach ($DN in $DistinguishedName) {
            Write-Verbose $DN
                foreach ( $item in ($DN.replace(',','~').split(","))) {
                    switch ($item.TrimStart().Substring(0,2)) {
                        'CN' {$CN = '/' + $item.Replace("CN=","")}
                        'OU' {$OU += ,$item.Replace("OU=","");$OU += '/'}
                        'DC' {$DC += $item.Replace("DC=","");$DC += '.'}
                $CanonicalName = $DC.Substring(0,$DC.length - 1)
                for ($i = $OU.count;$i -ge 0;$i -- ){$CanonicalName += $OU[$i]}
                if ( $DN.Substring(0,2) -eq 'CN' ) {
                    $CanonicalName += $CN.Replace('~',',')
                $qwer = [PSCustomObject]@{
                    'CanonicalName' = $CanonicalName;
                Write-Output $qwer
    Function Get-ADGroupMemberRecursive {
        Begin {
            $splat = @{}
            If ($Property) {$splat['Property'] = $Property}
        Process {
            Get-ADGroupMember -Identity $Identity | ForEach-Object {
                If ($_.objectClass -eq 'User') {
                    Get-ADUser -Identity $_ @splat | Select-Object -Property @{n='Group'; e={$Identity.Name}}, whenCreated, lastLogon, lastLogonTimeStamp
                } ElseIf ($_.objectClass -eq 'Group') {
                    Get-ADGroupMemberRecursive -Identity $_ @splat
    Get-ADGroup -Filter "(groupCategory -eq '$ADGroupType') -AND (name -like '$($ADGroupNamePattern)')" |
        Get-ADGroupMemberRecursive -Property Mail |
        Select-Object Group, 
            @{n='Last Logon'; e={[datetime]::FromFileTime($_.lastLogon)}},
            @{n='Last Logon TimeStamp'; e={[datetime]::FromFileTime($_.lastLogonTimeStamp)}}, 
            @{n='OU Location'; e={ConvertFrom-DN ($_.DistinguishedName)}}  |
        Export-Csv -Path $ResultFile -NoTypeInformation
    ii $ResultFile

    The problem with the script above is:

    1. The LastLogon date/time stamp is always showing as 1/01/1601 11:00:00 AM.
    2. The column that is filled correctly is just the AD Group Name and the TimeStamp like above?

    Thank you very much in advance.

  • Hi People,

    My predecessor has configured group policy forcing all of my corporate users in one site office (approximately 900+ people) staff to use online mode for Exchange 2013 as opposed to cached exchange mode.

    The Outlook installed version is ranging from 2010 up to 2016.

    Due to that Group policy above, it has caused multiple request to the IT support team frequently to have to configure the users email accounts down to the level of adding proxy server and “msstd:server.domain.com” details manually.


    When I disable the policy hoping to set it back to Cached mode by default, I found out the workstations UNABLE to switch back to cached exchange mode, and errors occurred when the OST files were being created.

    So can anyone here please assist me how to fix this issue to set back the Outlook users to be on Cached mode without visiting more than 100+ workstations daily ?

    Do I have to enable each user as their local administrator on their own desktop or delete the profile manually one by one which cannot be configured through GPO ?
    Any help would be greatly appreciated.
    Thanks in advance.

  • IT Engineer became a registered member 5 years, 11 months ago

© 4sysops 2006 - 2022


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account