• Hi People,

    I'm running Hybrid Exchange 2013 SP1 CU15 (Windows Server 2012R2) and Office 365.
    Azure AD connect is used to sync the On-premise  AD user to the cloud one way up.

    There is no more mailboxes on-premises, all has been migrated to Office 365.

    I need some help and advice in cutting over the existing 2x CAS server that is now running with the namespace owa.domain.com to the new 3x CAS servers running
    Windows Server 2016 and Exchange 2019 CU4.

    What's the steps and the procedure to avoid the email flow and minimize down time for the users?
    do I need to change both Internal and External the Autodiscover.domain.com to https://autodiscover.outlook.com/autodiscover/autodiscover.xml

    Thank you in advance.

  • As per https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/passwordless-strategy

    I have already upgraded the FFL/DFL to Windows Server 2016.
    What's the minimum hardware required to achieve this?

    Thank you in advance.

  • Hi, @mikeJ that Setup OS Deployment is the SOE image?

    What's the steps to implement that.

  • Hi,

    I need your suggestion and tips on what's the hardest thing when implementing Windows Hello?
    I assume it can only benefit Windows 10 tablets & laptops, not just the desktop. Correct me if I'm wrong.


    1. How does the Mac user & non-Windows user can gain benefits from this implementation?
    2. Are there any caveats and pitfalls or gotchas when implementing Windows Hello in Active Directory that is synched to Azure AD (hybrid)?

    Thank you in advance.

  • There are some ways to do it differently:

    1. Logon to the Domain Controllers with the Schema Master role.
    2. Make sure the login account is part of the Enterprise Admins, Organization Management  & Schema Admins AD group.
    3. Right Click, then Run as Administrator on the cmd. prompt.

    Then let us know how it goes.

  • I need some guidance in what is the best way to deploy WDS and MDT servers across two different geographical offices?

    The bandwidth is only 100 MBps between the two office location.

    • Should I create two different WDS & MDT servers (one in each office location)?
      However, the issue here is that I will need to manually copy the image files across the WAN which can be done via Robocopy after business hours. I assume I can use DFS-R for the OS Image replication. But not sure how to configure this.
    • Should I create one main WDS & MDT server in the main office?
      However, the issue here is the bandwidth contention issue which can impact the network performance in between the sites when deploying a new image.

    So what would be the best practice or the suggested action?

    Any help would be greatly appreciated.

  • IT Engineer changed their profile picture 9 months, 1 week ago

  • Leo, many thanks for sharing the great script 🙂
    this is so cool and more than what I need.

    I thank you for the help.

  • That is great, thanks for the sharing and the update guy.

    @Luc: when I execute your script, the OU Location content is always showing as @{CanonicalName=Domain.com/All Corp/Domain Admin Accounts/Global.Admin}

    Isthere any way to fix that result?

  • IT Engineer changed their profile picture 1 year, 4 months ago

  • Hi People

    I'd like to get some assistance in fixing the PowerShell script below to list the member of an AD security group called Domain Admins and export it to .CSV file.

    $ADGroupType = 'security'
    $ADGroupNamePattern = 'Domain Admins'
    $ResultFile = "C:TEMPMyResult.csv"
    function ConvertFrom-DN {
        process {
            foreach ($DN in $DistinguishedName) {
            Write-Verbose $DN
                foreach ( $item in ($DN.replace(',','~').split(","))) {
                    switch ($item.TrimStart().Substring(0,2)) {
                        'CN' {$CN = '/' + $item.Replace("CN=","")}
                        'OU' {$OU += ,$item.Replace("OU=","");$OU += '/'}
                        'DC' {$DC += $item.Replace("DC=","");$DC += '.'}
                $CanonicalName = $DC.Substring(0,$DC.length - 1)
                for ($i = $OU.count;$i -ge 0;$i -- ){$CanonicalName += $OU[$i]}
                if ( $DN.Substring(0,2) -eq 'CN' ) {
                    $CanonicalName += $CN.Replace('~',',')
                $qwer = [PSCustomObject]@{
                    'CanonicalName' = $CanonicalName;
                Write-Output $qwer
    Function Get-ADGroupMemberRecursive {
        Begin {
            $splat = @{}
            If ($Property) {$splat['Property'] = $Property}
        Process {
            Get-ADGroupMember -Identity $Identity | ForEach-Object {
                If ($_.objectClass -eq 'User') {
                    Get-ADUser -Identity $_ @splat | Select-Object -Property @{n='Group'; e={$Identity.Name}}, whenCreated, lastLogon, lastLogonTimeStamp
                } ElseIf ($_.objectClass -eq 'Group') {
                    Get-ADGroupMemberRecursive -Identity $_ @splat
    Get-ADGroup -Filter "(groupCategory -eq '$ADGroupType') -AND (name -like '$($ADGroupNamePattern)')" |
        Get-ADGroupMemberRecursive -Property Mail |
        Select-Object Group, 
            @{n='Last Logon'; e={[datetime]::FromFileTime($_.lastLogon)}},
            @{n='Last Logon TimeStamp'; e={[datetime]::FromFileTime($_.lastLogonTimeStamp)}}, 
            @{n='OU Location'; e={ConvertFrom-DN ($_.DistinguishedName)}}  |
        Export-Csv -Path $ResultFile -NoTypeInformation
    ii $ResultFile

    The problem with the script above is:

    1. The LastLogon date/time stamp is always showing as 1/01/1601 11:00:00 AM.
    2. The column that is filled correctly is just the AD Group Name and the TimeStamp like above?

    Thank you very much in advance.

  • Hi People,

    My predecessor has configured group policy forcing all of my corporate users in one site office (approximately 900+ people) staff to use online mode for Exchange 2013 as opposed to cached exchange mode.

    The Outlook installed version is ranging from 2010 up to 2016.

    Due to that Group policy above, it has caused multiple request to the IT support team frequently to have to configure the users email accounts down to the level of adding proxy server and "msstd:server.domain.com" details manually.


    When I disable the policy hoping to set it back to Cached mode by default, I found out the workstations UNABLE to switch back to cached exchange mode, and errors occurred when the OST files were being created.

    So can anyone here please assist me how to fix this issue to set back the Outlook users to be on Cached mode without visiting more than 100+ workstations daily ?

    Do I have to enable each user as their local administrator on their own desktop or delete the profile manually one by one which cannot be configured through GPO ?
    Any help would be greatly appreciated.
    Thanks in advance.

  • IT Engineer became a registered member 4 years, 2 months ago