There Is No Editor Registered To Handle This Attribute Type

KB ID 0001837

Problem

If you attempt to edit the authOrig attribute of a mail enabled group using ADSIedit you will get the following error.

There is no editor registered to handle this attribute type.

Why would you be doing this? This is done when you want to restrict who can email a group.

Solution

If you are running either on-premises Microsoft Exchange (or are running in Hybrid Exchange mode, and have retained an Exchange server for management,) You can simply use the Exchange Admin Center to add the person or group that you want to restrict access to.

Recipients > Groups > Group-Name > Edit > Delivery Management > Set accordingly.

Note: As I’m in Hybrid mode, and have AAD Sync setup, if I attempt to look at this group in O365  / Exchange online, it simply says.

You can only manage this group in your on premises environment. Use Active Directory users and groups, or Exchange AdminCenter tools to edit or delete this group.

Technical Pedantry: The fact it’s been called ‘Active Directory Users and Computers‘ since Windows 2000 makes my OCD flinch at that comment.

Use PowerShell

You can (if you have no access to Exchange Management tools) simply use PowerShell, the syntax is as follows.

[box]

Set-ADGroup -Identity "The-Group" -Server The-Domain-Controller -Add @{authOrig=@('The User or Group to Grand access to')}

e.g.

Set-ADGroup -Identity "CN=DG-Test-Disty-Group,CN=Users,DC=pnl,DC=com" -Server PNL-MGMT.pnl.com -Add @{authOrig=@('CN=Pete Long,CN=Users,DC=pnl,DC=com')}

[/box]

Then to prove it’s not all ‘smoke and mirrors’ you can go back to ADSIedit and check.

Related Articles, References, Credits, or External Links

NA

Exchange: Object Reference Not Set To An Instance Of An Object

Object Reference Not Set KB ID 0001836

Problem

This has plagued me for a while – but as the server was my test server it’s had to wait. When attempting to open the Exchange Admin Center website I got the following;

Server Error in ‘/ecp’ Application
Object reference not set to an instance of an object.

Object Reference Not Set: Solution

First stop was to make sure all the Exchange services were running.

[box]

Get-Service *Exchange* | Start-Service

[/box]

Then a search told me to check that the bindings for the front and back end Exchange websites, (they were  correct.)

Correct Exchange Certificate Bindings (Object Reference Not Set)

Default Web Site (Front End):  This should be ‘bound’ to your publicly signed certificate like so.

 

Exchange Back End:  This should be ‘bound’ to your a locally signed certificate called Microsoft Exchange certificate like so.

Note: If there’s a problem with that cert, you can generate a new one with a New-ExchangeCertificate command.

Sadly all these did not fix my error, but the error is probably related to certificates, I then came across this article. and it suggested I run the following command, and to make sure it did not error (however as you can see it did error).

[box]

(Get-AuthConfig).CurrentCertificateThumbprint | Get-ExchangeCertificate | Format-List/pre>

[/box]

At this point I made a mistake – I tried to replace the OAuth cert with my normal publicly signed (Let’s Encrypt) certificate and this happened.

The certificate with thumbprint “XXXXXXXXXXXXXXXXXXXXXXXXXXX” has a private key that is not exportable.
+ CategoryInfo : InvalidArgument: (:) [Set-AuthConfig], TaskException
+ FullyQualifiedErrorId : [Server=PNL-MAIL-2019,RequestId=620c92eb-d67d-4b5d-9bc5-63262530b500,TimeStamp=19/09/202
3 07:40:10] [FailureCategory=Cmdlet-TaskException] 9D5A2595,Microsoft.Exchange.Management.SystemConfigurationTasks
.SetAuthConfig
+ PSComputerName : pnl-mail-2019.pnl.com

With the benefit of hidsight,I was probably going in the wrong direction, but what it did do, was make me jump on the internet, buy a new publically signed SSL certificate for SIX DOLLARS, import that, fix the bindings, and, (because I’m in Hybrid mode.) Change the connector certificates to the new one.

And  – everything worked again!

Related Articles, References, Credits, or External Links

NA

Excel: Calculate Cost, Margin, Sell Price

KB ID 0001835

Problem

Occasionally at work I need to work out what the sale price / retail price will be for something would be (given that I know the cost and the % margin). That’s easy to work out. But sometimes I get given the sell / retail price and I know the margin used, and I then must work out what the cost will be.

Ordinarily if it’s a quick question I’ll just use and online margin calculator. But if I have a LOT of items to price – then Excel is the way to go.

Solution: Working out the Sell Price

If you know the cost and the margin to be applied, this is how to work out the retail price.

Solution: Working out the Cost Price

If you know the retail (Sell) price and the that was applied, this is how to work out the cost price.

Related Articles, References, Credits, or External Links

Special thanks to Mr Andrew Dorrian, who worked out the formula for the ‘cost price’ while I swore a lot!

Excel – IP Address Formula for ‘Auto fill’

Excel – Creating a Dropdown Box ‘From data on another sheet’

 

Delegate LAPS Administration

LAPS Administration KB ID 0001834

Problem

I saw this asked on a forum this morning and, went to test the answer (and create an article if successful), to find out the posted answer and most of the info I found online was for Microsoft LAPS and not the newer Windows LAPS.

Windows LAPS

Laps Administration

Let’s say we have an OU called Computers (with my computers in) and I want to grant read permissions to LAPS password to a security group called LAPS-Password-Admins.

The under the older, Microsoft LAPS system we would use the following PowerShell syntax.

[box]

Set-AdmPwdReadPasswordPermission -Identity 'OU=Computers,OU=PNL,DC=pnl,DC=com' -AllowedPrincipals "pnl.com\LDAP-Password-Admins"

[/box]

Try that on a Widows LAPS deployment, and you will get the following error.

Set-AdmPwdReadPasswordPermission : The term ‘Set-AdmPwdReadPasswordPermission’ is not recognized as the name of a
cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify
that the path is correct and try again.

Because if you’re using Windows LAPS then that commandlet has been replaced, you need to use the following syntax instead.

[box]

Set-LapsADReadPasswordPermission -Identity 'OU=Computers,OU=PNL,DC=pnl,DC=com' -AllowedPrincipals "pnl.com\LDAP-Password-Admins"

[/box]

Related Articles, References, Credits, or External Links

NA