-
IT Engineer replied to the topic PowerShell script to download monthly updates from Microsoft Update Catalog in
PowerShell Forum 2 years, 8 months ago
Have you use or explore this software: https://download.wsusoffline.net/ ?
-
IT Engineer started the topic Group Policy settings to standardize English language for Win 10 and Office 365? in IT Administration Forum 2 years, 8 months ago
Hi Everyone,
I need some help in creating and enforcing the English language based on Active Directory Country attribute.
Country: USA
Default: English (United States)Country: Australia
Default: English (AU)Country: UK
Default: English (United Kingdom)How to set the Group Policy like the above for all of the Office 365 desktop applications on Windows 10?
Thank you in advance.
-
IT Engineer replied to the topic Deploying WDS and MDT OS imaging servers across WAN in IT Administration Forum 2 years, 8 months ago
How often would I need to update the image?
- The image will be updated every time there is Windows Update released by Microsoft.
How often would I need to push image on the computer ?
- Only when the Workstation is broken and newly arrived Workstations.
-
IT Engineer started the topic CentOS sssd: How to allow specific AD security group with space as root? in IT Administration Forum 2 years, 9 months ago
People,
In CentOS v8 sssd: How to allow specific AD security group like Domain Admins with space in the name to log in while denying everything else?
This is the /etc/sssd/sssd.conf content:
[sssd] domains = DOMAIN.com config_file_version = 2 services = nss, pam [domain/DOMAIN.com] ad_domain = DOMAIN.com krb5_realm = DOMAIN.COM realmd_tags = manages-system joined-with-adcli cache_credentials = True id_provider = ad krb5_store_password_if_offline = True default_shell = /bin/bash ldap_id_mapping = True use_fully_qualified_names = True fallback_homedir = /home/%u@%d access_provider = ldap ldap_access_filter = (memberOf=CN=Domain Admins,CN=Users,DC=DOMAIN,dc=com)
I can only type in the username in Putty as Myself.Admin@DOMAIN.com, but then if the password is correct, I get:
--------------------------- PuTTY Fatal Error --------------------------- Remote side unexpectedly closed network connection --------------------------- OK ---------------------------
Thank you in advance.
-
IT Engineer started the topic Cutover to Exchange 2019 from hybrid Exchange 2013-Office 365 with no downtime? in IT Administration Forum 3 years, 2 months ago
Hi People,
I’m running Hybrid Exchange 2013 SP1 CU15 (Windows Server 2012R2) and Office 365.
Azure AD connect is used to sync the On-premise AD user to the cloud one way up.There is no more mailboxes on-premises, all has been migrated to Office 365.
I need some help and advice in cutting over the existing 2x CAS server that is now running with the namespace owa.domain.com to the new 3x CAS servers running
Windows Server 2016 and Exchange 2019 CU4.What’s the steps and the procedure to avoid the email flow and minimize down time for the users?
do I need to change both Internal and External the Autodiscover.domain.com to https://autodiscover.outlook.com/autodiscover/autodiscover.xmlThank you in advance.
-
IT Engineer replied to the topic Implementing Windows Hello for business on Hybrid environment? in IT Administration Forum 3 years, 5 months ago
I have already upgraded the FFL/DFL to Windows Server 2016.
What’s the minimum hardware required to achieve this?Thank you in advance.
-
IT Engineer replied to the topic Deploying WDS and MDT OS imaging servers across WAN in IT Administration Forum 3 years, 5 months ago
Hi, @mikeJ that Setup OS Deployment is the SOE image?
What’s the steps to implement that.
-
IT Engineer started the topic Implementing Windows Hello for business on Hybrid environment? in IT Administration Forum 3 years, 6 months ago
Hi,
I need your suggestion and tips on what’s the hardest thing when implementing Windows Hello?
I assume it can only benefit Windows 10 tablets & laptops, not just the desktop. Correct me if I’m wrong.https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-identity-verification
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-deployment-guide1. How does the Mac user & non-Windows user can gain benefits from this implementation?
2. Are there any caveats and pitfalls or gotchas when implementing Windows Hello in Active Directory that is synched to Azure AD (hybrid)?Thank you in advance.
-
IT Engineer replied to the topic /PrepareAD cannot modify AD objects and Exchange 2013 upgrade fails in IT Administration Forum 3 years, 7 months ago
There are some ways to do it differently:
- Logon to the Domain Controllers with the Schema Master role.
- Make sure the login account is part of the Enterprise Admins, Organization Management & Schema Admins AD group.
- Right Click, then Run as Administrator on the cmd. prompt.
Then let us know how it goes.
-
IT Engineer started the topic Deploying WDS and MDT OS imaging servers across WAN in IT Administration Forum 3 years, 7 months ago
I need some guidance in what is the best way to deploy WDS and MDT servers across two different geographical offices?
The bandwidth is only 100 MBps between the two office location.
- Should I create two different WDS & MDT servers (one in each office location)?
However, the issue here is that I will need to manually copy the image files across the WAN which can be done via Robocopy after business hours. I assume I can use DFS-R for the OS Image replication. But not sure how to configure this. - Should I create one main WDS & MDT server in the main office?
However, the issue here is the bandwidth contention issue which can impact the network performance in between the sites when deploying a new image.
So what would be the best practice or the suggested action?
Any help would be greatly appreciated.
- Should I create two different WDS & MDT servers (one in each office location)?
-
IT Engineer changed their profile picture 3 years, 7 months ago
-
IT Engineer replied to the topic Fixing DN from Canonical name and the Timestamp 1/01/1601 11:00:00 in .CSV file? in
PowerShell Forum 4 years, 2 months ago
Leo, many thanks for sharing the great script 🙂
this is so cool and more than what I need.I thank you for the help.
-
IT Engineer replied to the topic Fixing DN from Canonical name and the Timestamp 1/01/1601 11:00:00 in .CSV file? in
PowerShell Forum 4 years, 2 months ago
That is great, thanks for the sharing and the update guy.
@Luc: when I execute your script, the OU Location content is always showing as @{CanonicalName=Domain.com/All Corp/Domain Admin Accounts/Global.Admin}
Isthere any way to fix that result?
-
IT Engineer changed their profile picture 4 years, 2 months ago
-
IT Engineer started the topic Fixing DN from Canonical name and the Timestamp 1/01/1601 11:00:00 in .CSV file? in
PowerShell Forum 4 years, 2 months ago
Hi People
I’d like to get some assistance in fixing the PowerShell script below to list the member of an AD security group called Domain Admins and export it to .CSV file.
$ADGroupType = 'security' $ADGroupNamePattern = 'Domain Admins' $ResultFile = "C:TEMPMyResult.csv" function ConvertFrom-DN { [cmdletbinding()] param( [Parameter(Mandatory,ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True)] [ValidateNotNullOrEmpty()] [string[]]$DistinguishedName ) process { foreach ($DN in $DistinguishedName) { Write-Verbose $DN foreach ( $item in ($DN.replace(',','~').split(","))) { switch ($item.TrimStart().Substring(0,2)) { 'CN' {$CN = '/' + $item.Replace("CN=","")} 'OU' {$OU += ,$item.Replace("OU=","");$OU += '/'} 'DC' {$DC += $item.Replace("DC=","");$DC += '.'} } } $CanonicalName = $DC.Substring(0,$DC.length - 1) for ($i = $OU.count;$i -ge 0;$i -- ){$CanonicalName += $OU[$i]} if ( $DN.Substring(0,2) -eq 'CN' ) { $CanonicalName += $CN.Replace('~',',') } $qwer = [PSCustomObject]@{ 'CanonicalName' = $CanonicalName; } Write-Output $qwer } } } Function Get-ADGroupMemberRecursive { [CmdletBinding()] Param( [Parameter(ValueFromPipeline=$true)] $Identity, [string[]]$Property ) Begin { $splat = @{} If ($Property) {$splat['Property'] = $Property} } Process { Get-ADGroupMember -Identity $Identity | ForEach-Object { If ($_.objectClass -eq 'User') { Get-ADUser -Identity $_ @splat | Select-Object -Property @{n='Group'; e={$Identity.Name}}, whenCreated, lastLogon, lastLogonTimeStamp } ElseIf ($_.objectClass -eq 'Group') { Get-ADGroupMemberRecursive -Identity $_ @splat } } } } Get-ADGroup -Filter "(groupCategory -eq '$ADGroupType') -AND (name -like '$($ADGroupNamePattern)')" | Get-ADGroupMemberRecursive -Property Mail | Select-Object Group, Name, SamAccountName, Mail, whenCreated, @{n='Last Logon'; e={[datetime]::FromFileTime($_.lastLogon)}}, @{n='Last Logon TimeStamp'; e={[datetime]::FromFileTime($_.lastLogonTimeStamp)}}, @{n='OU Location'; e={ConvertFrom-DN ($_.DistinguishedName)}} | Export-Csv -Path $ResultFile -NoTypeInformation ii $ResultFile
The problem with the script above is:
- The LastLogon date/time stamp is always showing as 1/01/1601 11:00:00 AM.
- The column that is filled correctly is just the AD Group Name and the TimeStamp like above?
Thank you very much in advance.
-
-
IT Engineer started the topic Group Policy to set Outlook cached mode not working? in IT Administration Forum 5 years, 9 months ago
Hi People,
My predecessor has configured group policy forcing all of my corporate users in one site office (approximately 900+ people) staff to use online mode for Exchange 2013 as opposed to cached exchange mode.
The Outlook installed version is ranging from 2010 up to 2016.
Due to that Group policy above, it has caused multiple request to the IT support team frequently to have to configure the users email accounts down to the level of adding proxy server and “msstd:server.domain.com” details manually.
When I disable the policy hoping to set it back to Cached mode by default, I found out the workstations UNABLE to switch back to cached exchange mode, and errors occurred when the OST files were being created.
So can anyone here please assist me how to fix this issue to set back the Outlook users to be on Cached mode without visiting more than 100+ workstations daily ?
Do I have to enable each user as their local administrator on their own desktop or delete the profile manually one by one which cannot be configured through GPO ?
Any help would be greatly appreciated.
Thanks in advance. -
IT Engineer commented on Map VMware virtual disks and Windows drive volumes with a PowerShell script 6 years, 11 months ago
Yes, it works great.
Thank you for writing such a great script Alex !
-
IT Engineer became a registered member 6 years, 12 months ago