Moving Certificate Services To Another Server
KB ID 0001473 Problem If you are retiring a CA Server, or there’s a problem with the server and you want to move Microsoft Certificate Services to another server, the procedure is pretty straight forward. BE AWARE: We are moving the CA Server Name , NOT the Server Name (FQDN), the two things are NOT the same, (you might have called them the same thing!) But a Certificate Authority has a name of its own, and that’s what we...
Forcing Azure AD Connect Sync
KB ID 0001590 Problem If you are using Azure AD Connect, (AAD Connect) to sync your on-premise Active Directory with Azure AD (i.e. for Office 365), then there may be times when you need to manually ‘force a replication’ because by default it’s going to take 30 minutes between each normal ‘delta replication’ Solution If you are directly on the server that’s running Azure AD connect, then use the...
PowerShell: Add All Members of an OU to a Security Group
KB ID 0001589 Problem I’ve written in the past about ‘Bulk Adding Users from CSV files, into Groups’. But what if you want to add ALL users in a particular OU into a security group? Solution The syntax is; Get-ADUser -SearchBase ‘OU=Source-OU,OU=PNL,DC=pnl,DC=com’ -Filter * | ForEach-Object {Add-ADGroupMember -Identity ‘SG-Test-Group’ -Members $_ } Here I’ve got 20 users that need adding to a group, in this...
Remote Desktop Services – Securing By Group Policy
KB ID 0001211 Problem Note: This is not an exhaustive list, but it’s what I use when securing Remote Desktop Services, (Terminal Services) servers. Some of these settings are ONLY for Server 2012 R2 and later. If you have any settings you think are omitted, please comment below. Solution User Access To RDS If you want to create a Domain security group for RDS users than please do so. BE AWARE the ‘Remote Desktop...
Exchange: Hide All Contacts From Global Address List
KB ID 0001564 Problem I saw this on EE this evening, so I thought I’d work it out, what if your Global Address List is full of external ‘contacts’, and you want to remove/hide them? Solution First take a look at them, to see you’re not about to cause any damage! Get-MailContact | Where-Object {$_.HiddenFromAddressListsEnabled -eq $false} If you are happy, to remove/hide them from the GAL, simply do the...
Exchange: ‘Can’t find the Organizational Unit that you specified’
KB ID 0001561 Problem I’ve not actually seen this myself, but it was asked on a forum, and I managed to replicate it on the bench. When working on a user or mailbox in Exchange you may see the following error; Error Can’t find the organisational unit that you specified, Make sure that you have typed the OU’s identity correctly Solution This happens because you have a ‘Slash’ ‘/’in the...
ADFS Logon Page: Change Images and Logos
KB ID 0001556 Problem There are a lot of things that can be customised on the ADFS logon page, but most people just want to change the image, and the ‘Company Logo’. Note: By default the company logo is just the Federation Service Display Name but you can replace that with a logo of you own. Replace ADFS Logon Page Main Image As per Microsoft recommendations; “We recommend the dimensions for the illustration to be...
Certsrv: Can Only See User and Basic EFS
KB ID 0001552 Problem When connected to the Web Enrolment portal (Certsrv) for your Certificate Services, you attempt to submit a certificate request. But you only see User and Basic EFS under Certificate Templates, like so; Solution I’ve done this myself many times, usually you are looking for the ‘Web Server’ template and it’s not there, so we will use that as an example. Go to your CA Server. Windows Server...
Cant Copy a Group Policy Object
KB ID 0001543 Problem Was asked this this morning, why couldn’t someone ‘Copy’ a Group Policy Object (GPO)? Solution At first I was confused, (I made the same mistake they had), look at what I’m trying to copy? It’s not a Group Policy Object, its a ‘Link’ to a GPO. (Note: There’s a shortcut arrow!’) Locate the actual GPO and you can copy it! Related Articles, References, Credits,...
You Have Exceeded the Maximum Number of Computer Accounts
KB ID 0001536 Problem A few weeks ago, this was asked in a forum, and while I knew what the problem was, I’d never seen it myself. So I recreated the problem on the test network to look at why it happened, and how to fix / get around the problem. The following error occurred attempting to join the domain {domain-name} You computer could not be joined to the domain, You have exceeded the maximum number of computer accounts you...