Migrated a client to a new domain for reasons that are beyond the scope of this blog post. After the migration and proper setup of Folder Redirection to the file server, several clients were reporting that their files were not the latest version. Researched the issue and found that their was no trace of the latest versions of these files on the workstation or server via Windows Search, but did find shortcuts that pointed to a server that has not been in production for over a year. Powering on that server found none of the latest files and there was nothing at the old IP of that server that was housing them currently. Then it hits me on the way to church – Offline Files on the workstation. It turns out that during the era of the previous domain controller the Folder Redirection was not done properly and when there was a migration to a new File Server these few clients had kept a pointer to the old file server with Offline Files. All file changes and new files were stored in the local Offline Files cache up to the size limit of that cache. I had to do the following to gain access to the cache to copy all data to the newer file server:
Recovering Offline Files Cache Due to Bad Folder Redirection Link
Go through a long process of changing folder ownership one sub-folder at a time to drill down to the user’s data in a path similar to the one below. There will be several subdirectories to look through before finding the files needed. Please refer to this Microsoft TechNet Article for details on how.
Once access is gained into the folder, copied the contents to an alternate location.
Opened a Command Prompt and drilled down into that new folder.
Typed in the following command:
*.* /T /G firstname.lastname@example.org:F
then confirming the change to apply Full Permissions to all files and folders that were copied there.
Copied the newly changed files into the appropriate place on the new file server and verified with user that their files were there as expected.
This won’t save everything but is the last option for this particular peculiar issue on the clients server.
If your company is using Folder Redirection or Offline files, then contact us for assistance.
There is often the case that a female user will have a name change due to change in marital status. Here is the basics of how to change their name in both Active Directory and Office 365.
Active Directory User Changes Name objects
Open Active Directory Users and Computers
Find the user needing the changed name, right click on them and choose the “Rename” option.
Change the user’s name as needed then press Enter then in the window that opens make all the further changes needed and click the “OK” button.
Click on the View menu at the top and check the “Advanced Features” option.
Double click on the users new name to open their Properties. Change the email address if needed in the General tab.
Choose the “Attribute Editor” tab, scroll down the list to “proxyAddress” attribute and double click it. Click on the current SMTP:email@example.com and click the “Remove” button then change it to a smtp:firstname.lastname@example.org then click the “Add” button.
Type in SMTP:email@example.com for the user and then click the “Add” button. Click the “OK” button on this window and the one beneath it.
Make sure to also rename the users Redirected Folder if there is one created via Group Policy
Run a manual sync of the DirSync tool via the Microsoft Forefront Identity Manager console.
Changes to Office 365
Make sure the Windows Azure Active Directory Module for Windows PowerShell is installed properly
Open Windows Azure Active Directory Module for Windows PowerShell as administrator
Type in the following to run signed scripts for Exchange Online:
Type in the following to enter the administrative credentials for Office 365:
$creds = Get-Credential
Enter the Office 365 Administrator credentials then click “OK” button.
Type in the following to connect to Office 365 via PowerShell:
Connect-MsolService -Credential $creds
Type in the following to connect to Exchange Online via Powershell:
Had a workstation that would regularly lose connection with connected printers, so checked the Windows services. Found that the Print Spooler terminated and would repeatedly do so even when restarted. Checked the Event Logs and found that there were several instances of Event ID 7031 – Print Spooler Terminated Unexpectedly corresponding with the Services stopping.
Fix Print Spooler terminated via the registry:
Open regedit (e.g. click Start, type regedit and press Enter)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers
depending on your OS
Under this key, there will either be the keys Version-2 and Version-3 or both
The sub-keys under these contain the printer driver configuration information, so delete all the sub-keys under Version-2 and Version-3, but not these keys themselves
Restart the Print Spooler service and test printing
If your company is having issues with Print Spooler terminated events or needs help troubleshooting network printers, then contact us for assistance.
Found the amazingly easy to use Quickbooks Install Tool that fixed common installation errors after I ran into this issue with a client on two of their new workstations, same model, when trying to install Quickbooks 2014 Premier. The client had previously contacted Quickbooks for remote installation support but the technician was unable to fix it. I tried the installation from scratch using administrative credentials and got an:
Error 1904. Module “C:\Program files\Intuit\Quickbooks 2010\ICWrapper.dll” failed to register.
Which led me to the Quickbooks Support Forums that revealed a new tool in the Quickbooks support arsenal – the Quickbooks Install Tool. This handy tool does a repair of several key components for installing software, reboots the computer, and then restarts the installation before Windows finishes booting completely to avoid any conflicts. It works like a charm.
If your company is using Quickbooks for your accounting or customer database and need help getting Quickbooks Install Tool to fix your installation issues, then contact us for assistance.
This was one of the most exasperating things that I have worked on in some time. The client got a bonded ADSL PPPoE connection from CenturyLink with 40Mbps Up by 2Mbps Down. The PPPoE was to authenticate the connection to CenturyLink.
Reconfigure the Technicolor C2000T modem into Bridged Mode
Login to the modem and click on the “Wireless” button
Disable the wireless completely and click on the “Apply” button
Click on the “Advanced” button then click on the “DHCP Settings” along the left hand menu
Disable DHCP completely and click the “Apply” button
Click on the “WAN Settings” and change the ISP Protocol to “Transparent Bridging” then click on the “Apply” button
Reboot the modem and move on to configuring the Juniper router
Configure the Juniper SRX 210 for the Bonded ADSL PPPoE connection
Enter the following commands on the router CLI:
Set the underlaying interface encapsulation to be PPP-Over-Ethernet:
set interfaces ge-0/0/0 unit 0 encapsulation ppp-over-ether
Set PPP Options with Authentication method CHAP:
set interfaces pp0 unit 0 ppp-options chap default-chap-secret YOUR-PASSWORD
set interfaces pp0 unit 0 ppp-options chap local-name YOUR-USERNAME
set interfaces pp0 unit 0 ppp-options chap no-rfc2486
set interfaces pp0 unit 0 ppp-options chap passive
Set the PPPoE Options to the underlaying interface along with connection options:
set interfaces pp0 unit 0 pppoe-options underlying-interface ge-0/0/0.0
Set the the pp0 interface to automatically negotiate the IP address:
set interfaces pp0 unit 0 family inet negotiate-address
Set the security zone pp0.0 interface WAN (untrust):
set security zones security-zone WAN interfaces pp0.0
If you are experiencing any fragmentation issue, you may want to adjust the tcp-mss setting as below, this was the part that I left out and had random websites not connecting:
set security flow tcp-mss all-tcp mss 1300
If your company is using a Juniper JunOS router or CenturyLink Bonded ADSL PPPoE connection to the internet, then contact us for assistance.
A huge thanks to Joseph Moody from DeployHappiness for these wonderful guides on how to deploy DFS Folder Redirection in an organization using Distributed File Services as a methodology for file sync between sites. I made some modifications to the DFS Replication to use site link costing and fail back for the remote sites to avoid the multiple data target issues seen in his notes.
Since Microsoft is no longer making Small Business Server (SBS) as the complete package for the SMB client, it is time to migrate email to Office365 and put in a Windows Standard Server in its place. This will explain the details of how to demote Windows Small Business Server from the domain after email has been migrated, the new server should already be in place and it should be running the appropriate server service and Flexible Single Master Operation (FSMO) roles would already be migrated.
One Last Check
Open a Command Prompt
Type in – netdom query fsmo
Make sure that all roles are pointing to the new Domain Controller
Open Control Panel
Double Click on “Programs and Features” icon
Search the list and find the entry named something like “Microsoft Exchange Server…” right click on it and choose “Uninstall”
Click “Next >” button then uncheck all possible boxes then click “Next >” button
Once the prerequisites have cleared successfully, click “Uninstall” button
Finally click “Finish” button
Remove AD Certificate Services
Click Start button, click Administrative Tools, and then click Server Manager.
Click on Roles, then in the Roles Summary section, click Remove Roles.
In the Remove Roles Wizard, click “Next >” button
Clear the “Active Directory Certificate Services” check box, and then click “Next >” button
On the Confirm Removal Options page, review the information, and then click “Remove >” button
Demote Windows Small Business Server and Remove from Active Directory
On the Source Server, click Start button, click Run, type dcpromo, and then click “OK” button
Click “Next >” button twice. (WARNING: Do not select “Delete the domain because this server is the last domain controller in the domain.”)
In the Summary dialog box, you are told that Active Directory Domain Services (AD DS) will be removed from the computer and that the server will become a member of the domain. Click “Next >” button
Click “Finish” button and the Server will restart
After the Server restarts, it can then be removed from the domain into a workgroup and disconnected from the network.
To remove the Source Server from Active Directory Domain Services
On the new Domain Controller Server click Start button, click Administrative Tools, and then select Active Directory Users and Computers.
In the Active Directory Users and Computers navigation pane, expand the domain name, expand MyBusiness, expand Computers, and then expand SBSComputers.
Right-click the old Server name if it still exists in the list of servers, click Delete, and then click Yes.
Verify that the Source Server is not listed, and then close Active Directory Users and Computers.
To update the Software Updates Group Policy Object
On the Management Server, click Start, click Administrative Tools, and then click Group Policy Management.
On the User Account Control dialog box, click Continue.
In the Group Policy Management console, in the navigation pane, expand Forest:DomainName, expand Domains, expand DomainName, and then expand Group Policy Objects (GPO).
Click Update Services Server Computers Policy.
In the results pane, click the Scope tab.
In the Security Filtering section, click the object that begins with “S-1-5…” This is the old Server Security Identifier (SID).
Click Remove, and then click “OK” button
If your company is migrating to Office 365 and needs help to demote Windows Small Business Server, then contact us for assistance.
This has happened to me countless times in the field and it is time to write up the process on my own. Either the client has an older version of the DirSync tool installed or there is some sort of errors that require reinstalling Office 365 DirSync. Special thanks go to Joseph Turley for the original write up on which this is based.
Uninstall Old AADSync Tool
If the server is running an older version of AADSync then below is a list of applications that are to be removed:
Microsoft Azure AD Sync
Microsoft Online Services Sign-in Assistant [Restart is required]
Forefront Identity Manager Windows Azure Active Directory Connector
There should then be a reboot of the server to finish these uninstallations. Additionally, the Azure AD Sync Scheduler scheduled task needs to be removed from the Task Scheduler to complete the removal of AADSync. There are also several user accounts in Active Directory Users and Computers that will need to be removed either titled something like “AAD…” or “ADSync…” for the reinstall to work properly. Also need to remove the folders named something like “C: > Program Files > Microsoft Azure AD…” before attempting to start the new installer. There might also be some leftovers in the registry that need to be removed as follows:
If the server is running a more current version of DirSync then below is a list of applications that are to be removed:
Windows Azure Active Directory Sync Tool
Microsoft Online Services Sign-in Assistant [Restart is required]
Forefront Identity Manager Synchronization Service
There should then be a reboot of the server to finish these uninstallations. There are several user accounts in Active Directory Users and Computers that will need to be removed either titled something like “AAD…” or “ADSync…” or “FIMSync…” for the reinstall to work properly. Also need to remove the folders named something like “C: > Program Files > Windows Azure…” and the database files located in a folder named something like “C: > Program Files > Microsoft SQL Server > MSSQL**.MSONLINE > MSSQL > DATA > FIMSync…” before attempting to start the installer.
Reinstalling Office 365 DirSync Tool
Log into the customer’s Office365 portal as a global administrator.
Click on the Admin tile
Click on the Users item in the left pane to expand it then click on Active Users
At the top of the main pane next to “Active Directory synchronization:” click on Manage
Make sure the at Active Directory synchronization is activated
Download the Directory Sync tool by clicking on Download button
Double click the installer
Type in your Office365 global administrator credentials then click “Next >” button
Type in your domain administrator credentials then click “Next >” button
Ignore the page on Hybrid and click “Next >” button
Make sure the box next to Active Directory Password Sync is checked and then click “Next >” button
Click on Install then on Finish to complete the install
Another handy thing to do after the installation is complete is to make a shortcut on the desktop for the miisclient software that monitors the sync process. It is located at “c: > Program Files > Windows Azure Active Directory Sync > SYNCBUS > Synchronization Service > UIShell > miisclient.exe” (this also allows for manual syncs when needed).
If your company needs help reinstalling Office 365 DirSync or help setting up Active Directory Password Sync for single sign-on, then contact us for assistance.
There are often times that shortcuts are needed on all users or a specific subset of user’s desktops, which is where Group Policy Preferences Desktop Shortcuts come in. Here is how to create a simple internet shortcut for a particular website:
Create a Group Policy Preferences Desktop Internet Shortcut
Login as an administrator.
Go the the start screen and type “Server Manager”.
In the Tools menu select “Group Policy Management”
Find / Create the Organizational Unit (OU) in the domain containing the target computers
Right click on the OU and select “Create a GPO in this domain, and Link it here…” to create a policy and link in to that OU.
If Control Panel is in Category view, click the Switch to Classic View link on the left and then double-click the Mail control panel. If Control Panel is in Classic view, double-click the Mail control panel.
Click on the “E-mail Accounts…” button.
Select Microsoft Exchange (or whatever is was named). Click on the “Change…” button.
Click on the “More Settings…” button. Click the Connection tab.
In the Outlook Anywhere section, check the “Connect to Microsoft Exchange using HTTP” box.
Click on the “Exchange Proxy Settings…” button.
In the “Use this URL to connect to my proxy server for Exchange” box, type the external URL of the proxy server.
Make sure the “Connect using SSL only” box is checked.
Check the “Only connect to proxy servers that have this principal name in their certificate” box.
In the Principle name for proxy server box, type msstd:[external URL] where [external URL] is the external URL of the proxy server. Note: Be certain that entries from Step 9 and 12 are correct. Do not have a space before or after the entries. In Step 12, after msstd there is a colon ( : ). It is not a semicolon. The text should be in all lower-case as well.
Un-check the “On fast networks, connect using HTTP first, then connect using TCP/IP” box.
Check the “On slow networks, connect using HTTP first, then connect using TCP/IP” box.
At the bottom of the dialog box, in the Use this authentication when connecting to my proxy server for Exchange list, change the setting from NTLM Authentication to Basic Authentication instead.
Click OK. Click Apply. Click OK. Click Next. Click Finish. Note: If you get “stuck” at the above step and can’t go forward, you need to double-check the settings in the settings in the Exchange Proxy Settings dialog box.
Open Outlook. You will be prompted for a User name and password.
In the User name box, type: [domainname]\ where [domainname] is the internal domain name of the network and then username. (i.E. FHN\Administrator)
Enter the password for the account. Click OK. In some cases, you may be prompted for the password a second time, please enter it.
Outlook should open normally. You’re done.
If your company is using internal Microsoft Exchange servers and need help configuring Outlook Anywhere via RPC over HTTP, then contact us for assistance.