Apply Group Policy To a Security Group
KB ID 0001653 Problem On EE this morning someone asked how to map a drive to only two users, so that wherever they logged in, they got their mapped drive. Seemed like a good Idea for a post so here you go; Solution If you do not already have one, create a group for your users. Add the users, (as appropriate). On a Domain Controller > Administrative Groups > Locate the OU that contains your users (Note: if your users are in...
Outlook: ADFS Error 0xCAA70010
KB ID 0001652 Problem While trying to connect Outlook (2016) to an Office 365 email account; We can’t connect you It looks like we can’t connect you to one of our services the moment. Please try again later, or contact your helpdesk if the issue persists. 0xCAA70010 {ADFS-URL} Solution This was happening because my ADFS server was using a ‘self-signed’ certificate (i.e. not a purchased one). This should NEVER...
DHCP Scope: Full of BAD_ADDRESS Entries
KB ID 0001651 Problem I had a client machine struggling to get an DHCP address, and when I looked in DHCP the scope it was full of this; BAD_ADDRESS This address Is Already in Use Solution A tour of Google and forums is full of posts by people with this problem, and other than, ‘Oh I looked in the logs and fixed it’ (with no mention of what log, or where this log was), or ‘Yeah I used Wireshark and located a problem...
Unable to Connect to the Synchronisation Service
KB ID 0001649 Problem I’m doing some work for a client that has Azure AD Sync running, and we keep kicking each other off the server, so I thought I’d login with another account. However, when I tried to open the Synchronisation Service Manager; Unable to connect to the Synchronisation Service Some possible reasons are: 1) The service is not started. 2) Your account is not a member of the requires security group. See the...
Duo: ADSync and Enroll Users via SMS
KB ID 0001648 Problem Before you can use Duo 2FA/MFA you need to have your users enrolled. Theres a number of ways to enrol them, you can bulk email them, or manually add them. Below I’m going to Sync Duo with my Active Directory, so that if users are members of a specific AD group, they will ‘appear’ in the Duo Admin Portal. Then I’m going to enter a users mobile phone number and send them an SMS to enrol....
Duo: Migrate from LDAP to LDAPS
KB ID 0001647 Problem With the impending ‘turning off’ of cleartext LDAP queries to Windows Server, I wanted to make sure my new Duo deployments were already using LDAPS. I got LDAP deployed very quickly and easily, but making the ‘swap’ to LDAPS proved to be massively problematic. Normally I find Duo a pleasure to deploy, but their technical documentation just confused me for this and I went running up some...