Tag: en

Office 365 – Deleting users with the same UPN and Display Name [EN]

wroot 2 Comments

Hello visitor. Can you leave a comment and tell me what you were looking for? This article gets so much traffic and probably is not what you were looking for. I wonder what that is.

This is not a usual issue and in my case happened only once during some experimentation. But it still can happen. We have our AD objects synchronized into Azure AD via Azure AD Connect service. When you delete a user in your local AD, after a synchronization it is moved into Deleted users container in Azure AD (Admin center > Users > Deleted users). You can even restore a user via graphical interface in Office 365 admin center. Though i haven’t tried this, as this might not play well with our setup. But you can’t delete users from Deleted users in there. They will disappear after a 30 days period. If you still need to remove a deleted user right away, there is a PowerShell command for that. To do this you have to install Azure AD PowerShell Module, which i have mentioned here.

Read More

Office 365 – PowerShell Zoo [EN]

wroot Leave a comment

When i started digging deeper into some aspects of Office 365 i have discovered an interesting and a bit weird (in my opinion) thing. It wasn’t a surprise that some advanced changes are only possible via PowerShell (Microsoft is pushing its shell for many years). But there is no unified, single PowerShell module to manage all the services. You almost have to install and use a separate module for every service. Some of them have different procedures to login. That’s a jarring experience. I will try to describe a few of them that might be useful. Especially when dealing with support, which often asks for an output for some PShell commands on your tenant. Personally i install them all on the same server running Azure AD Connect, as none of my workstations were running 64-bit OS at the moment (and many of these modules, if not all, require x64) and i decided to keep everything related to Office 365 in one place. Read More

Office 365 – Dealing with spam [EN]

wroot Leave a comment

Microsoft and its partners advertise Exchange Online and Outlook.com as having one of the best spam filtering. Well, every email service brags about it. But in reality things are not so good. Prior to switching our incoming and outgoing email traffic to Exchange Online we were using a local hosted solution. Well, we are still kind of using it as not all mailboxes have been migrated yet. But all the filtering is done on the cloud side now. Hosted solution consists of Exchange 2013 server and IronPort firewall/anti-spam. This is managed by a service provider and we do not have control of it (aside of creating mailboxes and tweaking some minor stuff). We had a number of filtering rules created for us by our providers. It wasn’t perfect. IronPort seems to not be that flexible. But as we have switched to Exchange Online the hell broke loose.. Well, not that bad actually. But we certainly saw the increase of spam. And sometimes it allowed emails with just a link to “learn how to please your girlfriend” to come through. Well, i wouldn’t call SUCH filtering as a first class service 🙂 Read More

WSUS – updating Windows 10 to Creators Update [EN]

wroot 1 Comment

Based on the previous post about dealing with Windows 10 updates our WSUS is already prepared to serve Feature Updates. To enable this you have to open your WSUS console, go to Options, Products & Classifications and enable the Upgrades category (not the Updates). This will automatically create the Upgrades view on the left in the Updates branch. Then you have to go to the home page and run the synchronization. After this the Upgrades view should be populated with all the possible upgrade options. Among them the Creators Update for Windows 10. You will also see upgrade options for Windows 7 and 8.1 (we will not cover them in this article). Be sure not to approve them, if you are not planning to upgrade your existing older installations to Windows 10. To be sure, you can even decline them, so your clients won’t be showing in the list as if they are missing some update. There is also a distinction by the language used to install Windows 10. We currently have only two laptops with Windows 10. They came with a retail UK version of Windows 10 on DVDs (laptops came with pre-installed Ubuntu on them, so no OEM Windows). I had to approve Feature Update to Windows 10 Pro, versijon 1703, en-gb, Retail update option for them. There is also Feature Update to Windows 10 Pro, versijon 1703, en-us, which should cover regular OEM US installations. Enabling this upgrade wasn’t enough though.  Read More

Office 365 – moving mail aliases in the synchronized environment [EN]

wroot Leave a comment

If you have used an on-premises Exchange server before, then moving aliases is a trivial task. But, if you are synchronizing your AD information into Azure AD (e.g. with Azure AD Connect service), so you could assign Office 365 licenses and services to your users, then things become a little bit trickier. As mail aliases and main addresses are the attributes of your internal AD users and the information is only synced in one direction (from your on-premises AD to Azure AD). So, you can’t add or change aliases in the Exchange Online administration center for the existing mailboxes. This change has to be applied in your AD environment and then synced to Azure AD. This can be achieved by opening the AD user properties window and going into Attribute Editor tab (if it is not there, you have to first enable View > Advanced Features in your Active Directory Users and Computers snap-in). In that tab you have to find the ProxyAddresses entry, mark it and press the Edit button. Then you can add or remove aliases. Alias is added in the form of smtp:address@domain.tld. User’s main address starts with a capitalized SMTP part. When you add an alias address in here, it won’t automatically appear in Exchange Online. You have to wait for the synchronization with Azure AD to occur. When using Azure AD Connect automatic synchronization occurs every 30 minutes. You can also do a manual sync with this PowerShell command:

Import-Module ADSync
Start-ADSyncSyncCycle -PolicyType Delta

Read More

Office 365 – Skype for Business and regular Skype [EN]

wroot Leave a comment

Most probably this won’t be important for those who are doing migration to Office 365 services consistently and in full scale. Because DNS records for all services are mentioned when first configuring new Office 365 tenant and creating a special DNS record to prove your ownership of a domain. But as we only needed to assign Office ProPlus licenses at first we have skipped creating additional records. Later, after receiving Skype for Business (SfB) licenses, we have decided to test communication with external SfB and regular Skype contacts. It failed. Although it was enabled in the SfB admin center. But it still was giving an error that some policy is blocking such communication (not a very helpful error message btw). It turned out hat we needed a few special DNS records on our domain to make it work. Examples can be found at Office 365 Admin Center > Settings > Domains > domain.tld. Read More

80073712 error and Windows Servicing corruption fixing [EN]

wroot Leave a comment

Windows Update fails is quite a common issue at my work. Usually it is enough to press Check for Updates one more time (especially when first check for updates is running after a fresh installation of Windows and WU service needs to download a huge amount of updates information). Sometimes a simple Windows reboot is enough. Or various other simple solutions. But recently i had a really nasty issue. Most probably PC was forcefully turned off while installing updates (or downloading them) and the Windows Servicing system got corrupted. While searching for a fix (because reinstalling a machine is always the last choice) i had to try various suggestions and tools. In the end i have stumbled upon this Microsoft article, which helped me to solve the problem and around which i have compiled this short instruction. But first i will provide the quicker and simplier solutions, which work most of the time.

First you can try stopping the Windows Update service and deleting the %Windir%\SoftwareDistribution\ directory. Then run the service again and do a check for updates.

Sometimes it is also helpful to do sfc /scannow and let it fix system files.

You can also try System Restore and restore the system to a point you believe everything was fine.

If nothing from above works, then try this procedure:

  • Download and install the System Update Readiness Tool update (e.g. for Windows 7 64-bit). It will take 10-15 minutes.
  • Then check this tool’s log at %Windir%\Logs\CBS\CheckSUR.persist.log or CheckSUR.log. Look for Unavailable repair files list (usually at the bottom). It should list .manifest, .mum and .cat files.
  • From a healthy PC’s %Windir%\Winsxs\Manifests\ directory copy the healthy .manifest files which are listed in the log and put them into corrupted PC’s %Windir%\Temp\CheckSUR\manifests\ directory.
  • Again, from a healthy PC’s %Windir%\servicing\packages\ directory copy .mum and .cat files into corrupted PC’s %Windir%\Temp\CheckSUR\servicing packages\ directory.
  • Run the System Update Readiness Tool update again and wait till it finishes (it is run by installing it again). Should take 10-15 minutes again.
  • Try to run the update’s installation which was causing 80073712 error again. This time it should install normally.

Board Game Review – Brick Party [EN]

wroot Leave a comment

This game can easily be included among the party games (hence the part Party in the name). Because there is no lack of laughter or emotions during its play (sometimes very strong emotions though). This is my second game from Renegade Game Studios. I’ve seen its review long time ago, but when i saw it on my FLGS website with a discount and a very attractive price, i thought “Why not? It can be handy in my collection”. So far a few plays of it were truly fun. It can be hard though, especially for those having trouble imagining geometric shapes in their minds (like myself). But when using only the easiest level cards and with less strict rules, it can be also used with kids. It will help developing their dexterity skills and analytic vision, and maybe also cooperating skills 🙂 There can be permanent or temporary pairs of players during the game. Each pair must decide who will be the architect (telling what and how to build) and the builder (the one actually building the thing) during each round. The architect must also choose which card among ones he or she has will be built (there are 4 types of cards of varying levels of difficulty). And all this is spiced up with special rules cards, one of which is flipped before every round and dictates how things should work. Maybe the architect must remain silent and only use gestures to give the instructions. Or maybe the builder has to build it blindfolded. It will be hilarious either way 🙂 It can be very difficult to obey the rules sometimes and not put the right brick into builder’s hand or to be silent, when you shouldn’t speak. In time you start to see what works better in different situations, how you can better describe things when one or another rule is in play. When you become the builder, you start to realize how it was for another player, when you was the architect and vice versa. It’s a very simple game with a very few components and all the figures on the cards are fairly similar. So the freshness of it can evaporate quickly. Though, there are a few blank cards for those who want to create their own rules. The game can also be created with a few spare Lego bricks and paper sheets for figures and rules. But it’s a fairly cheap game, so it’s probably not worth it to invest time to build your won copy. Simple, but fun. Strong 7/10.

Windows 7 – Windows Update check speedup [EN]

wroot 1 Comment

At some point in 2015 computers running Windows 7 or Windows Vista started having an issue with a very long updates check. It is probably affecting Windows 8/8.1 as well. Freshly installed Windows 7 machine can spend many hours or even days to complete a check, when it was just a few minutes normally. Machines with less resources wouldn’t be able to complete a check even when doing this non-stop for days. CPU usage would stay abnormally high during the check.

I have finally found a fix for this and already tried it both at work on hundreds of PCs and on my brothers older PC, which couldn’t check for updates at all.

First, you need to go to Services (services.msc) and stop the Windows Update service.

Then install this update – Windows6.1-KB3172605-x86 (or Windows6.1-KB3172605-x64). If this update is not installing, install this one first – Windows6.1-KB3020369-x86 (ar Windows6.1-KB3020369-x64). Then reboot your PC and run the check for updates. It should now take just a few minutes.

You can download these updates here:
1. Windows6.1-KB3172605
https://support.microsoft.com/en-us/kb/3172605 (update rollup 2016 July)
32-bit https://download.microsoft.com/download/C/D/5/CD5DE7B2-E857-4BD4-AA9C-6B30C3E1735A/Windows6.1-KB3172605-x86.msu
64-bit https://download.microsoft.com/download/5/6/0/560504D4-F91A-4DEB-867F-C713F7821374/Windows6.1-KB3172605-x64.msu

2. Windows6.1-KB3020369
https://support.microsoft.com/en-us/kb/3020369 (servicing update 2015 April)
32-bit https://download.microsoft.com/download/C/0/8/C0823F43-BFE9-4147-9B0A-35769CBBE6B0/Windows6.1-KB3020369-x86.msu
64-bit https://download.microsoft.com/download/5/D/0/5D0821EB-A92D-4CA2-9020-EC41D56B074F/Windows6.1-KB3020369-x64.msu

Expiring Passwords Bane [EN]

wroot Leave a comment

Issues with an expired Windows (AD) password was always a bane of system administrators/helpdesk operators. But Microsoft managed to get things worse by removing the nagging dialog asking you to change your password (present in Windows XP) and changing it to a subtle tooltip popup (since Windows Vista). So subtle, that even i miss it often.. As we are slowly transitioning to more mobile workflow (working from home, from mobile, in your browser) this will generate even more issues and users’ frustration with technology. So we looked into options to more actively remind our users about the eminent expiration of their passwords. I’m still puzzled why nobody at Microsoft thought about adding this option (to send a reminder via email/sms) to Exchange or Office 365. There are a number of paid tools on the web. Most of them do a lots of other stuff and password management and reminders is usually a single module. Same is true for ManageEngine’s ADSelfService Plus suite and it’s standalone freeware Free Password Expiry Reminder Tool (i know, the name is abysmal..). This tool is a web based service running on java (like most ManageEngine’s tools). You can even install it on your own desktop and run it only when you need it. You can also install it as a service. Its management panel can be accessed via a browser from a remote point. As i have recently installed a secondary domain controller in our network i opted to put this tool on that DC locally. Yeah, i know, not the best practice. But this tool lacks https support and i wasn’t keen on accessing it and possibly providing domain credentials to it via a plain text connection. When installing it i have pointed it to use that DC, so it won’t go outside of that machine to pull the users and their passwords expiry dates. All the queries should run inside that DC. One thing to note. It doesn’t work well with IE, so to manage it you have to use some modern browser like Firefox or Chrome. Ideally you would only setup it once and forget, so you can remove the browser later. It has a wide selection of options to setup mail (or even sms) notifications for users. It can do this daily, weekly, on a set number of days until expiry, it can repeat the notifications, can report to managers of users and to its operator. And it works. But.. yesterday, after setting everything up, i’ve decided to give it a try and ran the scheduler. It sent 4 notifications. One of the users was still online at her desk. I have called her and asked if she has received the email notification (her password was expiring next day) and if it was clear to her what to do. She confirmed both. Today i have decided to check the things and.. She hasn’t changed her password after all (facepalm). On Monday she will be calling me or my colleagues not able to access internal resources. So much for the nice tool. The real bane always was and is THE USERS 😀