Saturday, November 10, 2018

How to Configure a Default Login Screen for Windows 10 with Group Policy

1. Create a folder called "Logo" under NETLOGON

2. Add the image to the folder

3. Use %logonserver% to identify multiple domain controllers since if you identify one specific DC and it goes down or there is any other problem with a particular DC, user's won't get the login screen image (the policy won't run on login).

Example: \\%logonserver%\netlogon\Logo\w10-lock-screen.jpg

4. The GPO Setting is under Personalization under Computer Configuration


Share:

Thursday, November 8, 2018

Migration from Exchange 2013 to Office365 Authentication Error

1. Verify that the Administrative user has the permission for "Application Impersonation" in the Exchange Admin Center.

2. Change all users in your local Active Directory over to the UPN for the verified (publicly resolvable Active Directory Domain). Powershell command:

$LocalUsers = Get-ADUser -Filter {UserPrincipalName -like '*domain.local'} -Properties userPrincipalName -ResultSetSize $null

$LocalUsers | foreach {$newUpn = $_.UserPrincipalName.Replace("domain.local","public.com"); $_ | Set-ADUser -UserPrincipalName $newUpn}

3. Sync your Azure Active Directory Tool (Force the Update)

Start-ADSyncSyncCycle
Start-ADSyncSyncCycle -PolicyType initial

4. Verify that your login with "public.com" is working on https://portal.office.com

Username: stewie.griffin@public.com
Password: test0!

You call that a password?

This is a password son!!: %&^*(LUIKG/73&^%HVJB)&*(YIU)(&*^UTY8567irtufgykA&*(^RTUFGYOHPI()$%^^#$%TE
Share:

How to Fix Microsoft Exchange 2013 to Office 365 Error ews/mrsproxy.svc' failed.The HTTP request was forbidden with client authentication scheme ‎’Negotiate‎’

1. The first part of the denial is that the Exchange 2013 server has to be set to "0" instead of "1" in their attributes.

2. Login to your DC and then search for ADSI Edit (Windows 2012/2016/2019 Server):

Change the "adminCount" setting to "1" and then reboot the server (NOTE: I saw that even on reboot, this flag remained. So I doubt it has anything to do with the http authentication.) This is when I then ran the following commands on the Exchange 2013 Server itself in EMS. This is the Microsoft article: https://support.microsoft.com/en-us/help/2975731/access-is-denied-error-when-you-try-to-move-mailboxes-to-exchange-onli but it had no impact at all on the error even after rebooting. It just came back.


3. Login to the CAS or Exchange Server and Open the Exchange Management Shell

4. Run the following command in the EMS:
[PS] c:\Windows\system32\Get-WebServicesVirtualDirectory | select *auth*

5. Look at the output for BasicAuthentication. You will see it set to false:



6. Run the command: Get-WebServicesVirtualDirectory | Set-WebServicesVirtualDirectory –BasicAuthentication $TRUE

NOTE: if it times out in CAS you can also run it on the Exchange Server or do it in the Exchange Admin Center under Servers >> Virtual Directories >> OWA (etc)

7. After this fix. Run the Microsoft Office 365 Hybrid Connection Wizard (You will need your O365 Administrator account and an AD account that is an Exchange organization administrator so that you can complete the wizard.


8. You will need to install the application on the CAS server itself (NOTE: Do not install it on Exchange or your local machine. It will just fail).

9. Run the Data Migration from the Exchange Admin Center after you verify that you have successfully configured the Hybrid tool (also make sure you have already assigned licenses to users and you have the Azure AD Connect tool already configured on your local domain controller.

(NOTE: You have to have a subscription active in Microsoft Azure or if you purchase from Rackspace then your account will have a Tenant account and you will be able to configure the tool).

10. ADFS Configuration using AD Directory Sync:
https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/Configuring-AD-FS-for-user-sign-in-with-Azure-AD-Connect
https://www.youtube.com/watch?v=C4wbyAo2-sA


Lifesaver Credit (Thanks Guys!!!): 
http://bit.ly/2zCiuP0 (Jaap Wesselius)
http://bit.ly/2RLGvuv (Dan Djurasovic)
https://deansuzuki.net/2015/05/20/exchange-online-fixing-an-perplexing-exchange-migration-issue-part-1/

Helpful (Not Used, but relevant and may help others):
http://www.azure365pro.com/the-http-request-was-forbidden-with-client-authentication-scheme-negotiate/
http://blog.djurasovic.com/migrating-to-office-365-exchange-online-tips-and-tricks-from-the-field/
https://www.techieshelp.com/exchange-2013-change-owa-log-on-options/
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-user-signin
Share:

Thursday, November 1, 2018

Transfer FSMO Roles

1. Login with a forest level administrator account

2. Open CMD prompt as an Administrator

3. Run the following commands:

ntdsutil - > roles -- > connections --> connect to server dc-servername -- > quit

Schema Master
transfer schema master
<Enter Key>

RID Master
transfer rid master
<Enter Key>

Domain Naming Master
transfer naming master
<Enter Key>

PDC Emulator
transfer pdc
<Enter Key>

Infrastructure Master
transfer infrastructure master
<Enter Key>

Type q / q and that's it! Shut the box down or do whatever you were going to do!

Share: