#SCCM 2012R2 - Determine SCCM 2012 CU version

1. Launch registry, navigate HKLM\Software\Microsoft\SMS\Setup
2. On right panel, check on CULevel.

or Power Shell 

• Get-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\SMS\Setup -Name "CULevel"

CULevel value is (0). Mean no CU installed.

#SCCM 2012R2 - Software Update Point unable to connect WSUS

Error: System.Net.WebException: The request failed with HTTP status 404: Not Found.~~   at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~   at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber)

Event ID: 6703

1. Verify the WsusPool is Started. (Under Application Pools)

2. Verify WSUS port number correct. 

Default port for WSUS Windows 2012, 8530

Default port for WSUS Windows 2008, 80

  

#SCCM 2012R2 - Software Update Manager unable to update

Event Error: 6703

Configuration Manager Trace Log:

Sync failed: WSUS update source not found on site XX. Please refer to WCM.log for configuration error details.

Solution:

1. Verify WSUS Server Connection Account with correct credential.

2. To verify, open Configuration Manager, Administration > Servers and Site System Roles, select the site server with SUP role, right click on SUP role, select properties.

3. Launch Widows Server Update Services, under options select WSUS Server Configuration Wizard.

4. Reconfigure and start connecting as below. This may take few minutes to hours. Be patient. If this screen stop for long time, you may restart the server and re-launch the WSUS Wizard again.  

#Exchange 2013 - Exchange server exist in AD schema

Error: The Exchange Server is in an inconsistent state. Only disaster recovery mode is available. Please use Setup /,:RecoveryServer to recover this Exchange server.

Solution:

1. Log in to AD. Open ADSI Edit, connect AD with configuration.

2. Navigate to Configuration[Domain name] --> CN=Configuration,DC=Domain name,DC=Domain name --> CN=services --> CN=Microsoft Exchange --> CN=Domain name --> CN=Administrative Groups --> CN=Exchange Administrative Group --> CN=Servers.

3. Delete the exchange server with the error above. (example: CN=DO-EXCH)

#Web application proxy - ADFS Proxy unable to connect second ADFS Proxy server

Enter credential adfs proxy fail.

Ensure that remote management is enabled on the selected server, and then enter the name and password of an account that has administrator rights on that server. For example, user@example.contoso.com or domain\user name.  

Solution:

1. Add 2nd proxy server to 1st proxy server in server manager.

Follow here 

#O365 - Mailbox can't create on portal

Warning - This user's on-premises mailbox hasn't been migrated to Exchange Online. The Exchange Online mailbox will be available after migration is completed. 

Cause: This is because the user have on-premise Exchange mailbox or/and haven't migrate the mailbox to cloud.

Solution:

Hybrid mode migration

1. Migrate the mailbox from on premise to cloud.

Direct cut over mode (greenfield)

Delete the user from O365.

1. Move the user out from the sync OU to non-sync OU on AD users and computers.

2. Resync the DirSync.

3. Make sure the user show under deleted users.

7. Force to clear the deleted users on O365.

    Refer to this link.

8. Make the user under Deleted Users was deleted.

Remove the Synchronization of the user attribute to Office 365

1. Open Synchronization Service Manager (miisclient.exe)

2. Click on Management Agents tab, right click Windows Azure Active Directory Connector, select properties.

3. Click on Configure Attribute Flow, 

4. Expend Object Type: User and Object Type: Group, search and locate for msExchMailboxGuid.

5. Select the mapping and delete.

6. Select Select Attributes, search and uncheck the msExchMailboxGuid.

7. Click OK to save the changes.

8. Repeat the step 3-7 for Active Directory Connector Agent. (for step 4, expand Object Type: User, Object Type: Group and Object Type: inetOrgPerson, search and locate for msExchMailboxGuid.)

9. Move back the user from non-sync OU to Sync OU.

10. Resync the dirsync.

If all users cannot create the mailbox, you might need to remove all the users from deleted users, and then reysnc all the user again from on-premise AD.

#Hyper-V - Windows 7/8/10 unable remove Hyper-V

Cannot uninstall Hyper-V from Windows 7/8/10
Cannot uninstall Hyper-V services

Symptom

1. Remove Hyper-V from program and feature, when restart computer, Windows roll back.

Solution:

1. Reinstall and repair the windows.
2. Select Upgrade Install Windows and keep file, settings and application.
3. This step won't lose any data, application or settings.

4. Follow the instruction. Different Windows, different step.

5. Usually step will ask you login to windows and run the windows setup CD.

6. After completed reinstall/repair Windows, remove the Hyper-V services.

#O365 - Change User Primary SMTP Email Address with Dirsync

Error: The operation on mailbox "Username" failed because it's out of the current user's write scope. The action 'Set-Mailbox', 'EmailAddresses', can't be performed on this oject "Username" because teh object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.

Solution 1:
(PowerShell)

1. Run Windows Azure Active Directory Module for Windows PowerShell as administrator.
2. To enable execution policy remotesigned, type

• Set-ExecutionPolicy RemoteSigned

3. To assign credential right, type

• $MSCred = Get-Credential

(Enter O365 admin user and password when prompt)

4. To open a connection to O365 server, type

• $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $MSCred -Authentication Basic -AllowRedirection

5. To enter the Exchange powershell session, type

• Import-PSSession $Session

6. To change user primary smtp email address, type

•  Set-Mailbox -identity user@current.com -WindowsEmailAddress user@new.com

7. To exit the Exchange powershell session, type

• Remove-PSSession $Session

Reference: link

Solution 2:
(Eidt AD user attribute)

1, Open Active Directory Users and Computers. Search for the user you want to change the primary smtp email address.
2. Open user properties, select Attribute Editor. (If Attribute Editor not exist, enable advanced features under AD users and computers view or/and open user properties from the actual directory, don't open from the search box)
3. Look for ProxyAddresses, and edit.

4. If no SMTP exist, enter the value as: (with SMTP upper case)

For example:

    

    SMTP:darren@domain.com

    If SMTP exist, remove the existing SMTP value, and enter the value as: (with SMTP lower case)

For example:

    

    smtp:darren@domain.com

5. Click add, and the apply the setting.

6. Resync the Dirsync server.

#GPO - Missing "Internet Explorer Maintenance" Windows Server 2012/2012 R2

Missing GPO IE Maintenance after restart.
Missing GPO IE Maintenance after upgrade IE8
Missing GPO IE Maintenance after upgrade AD
Missing GPO IE Maintenance 2012/ 2012 R2

Solution 1

1. If AD Windows server 2008/ 2008 R2, uninstall IE (9,10,11) back to IE 8.

Solution 2

Use another server 2008 R2 with IE8 or Windows 7 with IE8 to manage GPO.

Server 2008 R2

1. Add server features, Group Policy Management.
   
2. Launch the Group Policy Management, connect to domain with domain admin right.
   
   
   
3. Enter your domain name.
   
4. Now Internet Explorer Maintenance is back.
   
    

Windows 7 

Refer to this

#Exchange 2010 - Export User Mailbox to PST via Exchange Management Shell

1. Create a share folder for save the PST file. (In my case, my share folder named PST).

2. Launch Exchange Management Shell with administrator.

3. Add the user that run the export mailbox with Mail Import Export role. (In my case, i use administrator).

• New-ManagementRoleAssignment -Role "Mailbox Import Export" -User "administrator" 

To Export a user mailbox

• New-MailboxExportRequest -Mailbox user FilePath \\Server1\PST\ user.pst

To check the export status

• Get-MailboxExportRequest

#O365 - Set up Microsoft Azure Rights Management for Office 365 Message Encryption

1. Activate Azure Right Management

** You can activate via portal or powershell

1.1 Activate via Portal 

a) Login to Office 365 Portal.
b) Go to Admin, expand Service Settings, click on Rights Management.

c) Click on Manage.

d) Click on Activate.

OR

1.2 Activate via Powershell

a) Download RMS module for powershell here.

b) Install the RMS module for powershell. (required Microsoft Online Services Sign-in Assistant 2.1 or greater)

c) Run Windows PowerShell with administrator.

run command as below:

• $user = "<your Office 365 administrator email">

• $cred = Get-Credential -Credential $user

• Import-Module AADRM

• Connect-AadrmService -Credential $cred

• Enable-Aadrm

2. Setup Azure Rights Management for Office 365 Message Encryption

** You can configure Automatic Protection or/and Manual Protection

Automatic Protection - If user send an email match the rule/policy pre-set by admin, rule/policy will automatic apply, and prevent IRM templates available in OWA and Microsoft Outlook.

Manual Protection - User can select which rule/policy when they send an email in OWA and Microsoft Outlook.

2.1 Automatic Protection

a) Connect to Exchange Online with Windows Power Shell (Run as Administrator) and import the session.

• Set-ExecutionPolicy RemoteSigned

• $cred = Get-Credential

• $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic –AllowRedirection

• Import-PSSession $Session

Reference: Connect to Exchange Online

b) Configure the Rights Management Services (RMS) online key-sharing location in Exchange Online. Use the RMS key sharing URL corresponding to your location, as shown in this table:

Location                                 RMS key sharing location

North America                        https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc

European Union                      https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc

Asia                                         https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc

South America                        https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc

Office 365 for Government (Government Community Cloud)

https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc1

• Enable-OrganizationCustomization

• Set-IRMConfiguration -RMSOnlineKeySharingLocation https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc

c) To import the Trusted Publishing Domain (TPD) from RMS Online

• Import-RMSTrustedPublishingDomain -RMSOnline -name "RMS Online"

d) To verify that you successfully configured IRM in Exchange Online to use the Azure Rights Management service.

• Test-IRMConfiguration –sender user@domain.com

e) Run the following commands to disable IRM templates from being available in OWA and Outlook and then enable IRM for your cloud-based email organization to use IRM for Office 365 Message Encryption.

Disable IRM templates from being available in OWA and Outlook

• Set-IRMConfiguration -ClientAccessServerEnabled $false

Enable IRM for your cloud-based email organization

• Set-IRMConfiguration -InternalLicensingEnabled $true

f) To view the IRM Configuration

• $true Get-IRMConfiguration

Reference: https://technet.microsoft.com/en-us/library/dn621036(v=exchg.150).aspx

g) Define rules to encrypt or decrypt email messages

I) Go to Admin, expand Admin, click on Exchange.

II) Go to Mail Flow, rules, click on +, create a new rules..

III) 

reference: https://technet.microsoft.com/en-us/library/dn569289.aspx

OR / AND

2.2 Manual Protection

a) Connect to Exchange Online with Windows Power Shell (Run as Administrator) and import the session.

• $msoExchangeURL = "https://ps.outlook.com/powershell/"

• $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionURI https://ps.outlook.com/powershell/ -Credential $Cred -authentication Basic –Allowredirection
• Import-PSSession $session

• Enable-OrganizationCustomization

• Set-IRMConfiguration -RMSOnlineKeySharingLocation https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc\

(Depend your location)

Location                                 RMS key sharing location

North America                        https://sp-rms.na.aadrm.com/TenantManagement/ServicePartner.svc

European Union                      https://sp-rms.eu.aadrm.com/TenantManagement/ServicePartner.svc

Asia                                         https://sp-rms.ap.aadrm.com/TenantManagement/ServicePartner.svc

South America                        https://sp-rms.sa.aadrm.com/TenantManagement/ServicePartner.svc

Office 365 for Government (Government Community Cloud)

https://sp-rms.govus.aadrm.com/TenantManagement/ServicePartner.svc1

• Set-ExecutionPolicy RemoteSigned

• $cred = Get-Credential

• Import-RMSTrustedPublishingDomain –RMSOnline –Name “RMS Online”

b) To verify that you successfully configured IRM in Exchange Online to use the Azure Rights Management service.

• Test-IRMConfiguration –sender user@domain.com

c) Enable IRM templates from being available in OWA and Outlook

• Set-IRMConfiguration -ClientAccessServerEnabled $true

d) Enable IRM for your cloud-based email organization

• Set-IRMConfiguration -InternalLicensingEnabled $true

Reference: 

http://blogs.technet.com/b/compilations/archive/2014/04/30/office-365-message-encryption-amp-decryption-steps-for-purchase-configuration-branding-and-use-everything-you-need-to-know.aspx#.VeWx1fSwK4H

http://blog.hametbenoit.info/Lists/Posts/Post.aspx?ID=489

Create Azure RMS template

http://ms.darrenongpt.com/2015/08/azure-create-azure-right-management.html

#Hyper-V 2012 R2 - Virtual Machine unknowns device (Windows 2008 R2 / 7 and below)

If you install Windows 2008R2/2008/7/Vista as virtual machine in Hyper-V 2012 R2, and notice unknown devices show in device manager.

Actually one is Automatic Virtual Machine Activation (AVMA), and another one is Remote Desktop Control Channel/Enhance Session Mode. This two features are new in Windows Server 2012 R2, and required virtual hardware. 

Solution:

1. You can find the driver in Hyper-V 2012 R2 integration service setup disc or download the driver from link below:

    32 bit driver

    64 bit driver

2. Update the driver manually in device manager.

3. Restart Computer.

#O365 - Force delete user with DirSync

Force delete Office 365 active users

1. Run Windows Azure Active Directory Module for Windows PowerShell as administrator

2. To connect Office 365, type

• Connect-MsolService

3. To disable dirsync, type

•   Set-MsolDirSyncEnabled –EnableDirSync $false

(remember enable back the dirsync after delete user completed by type, Set-MsolDirSyncEnabled –EnableDirSync $true)

4. To check dirsync was fully disable, type

• (Get-MSOLCompanyInformation).DirectorySynchronizationEnabled

(Enable and disable might take a while to complete. Please wait until the dirsync fully disable and continue next step)

5. To remove the active users, type

• Remove-MsolUser –UserPrincipalName darren@Contoso.com

6. To remove all the active users, type

•  Get-MsolUser | Remove-MsolUser -Force

Force delete Office 365 user from deleted users

1. Run Windows Azure Active Directory Module for Windows PowerShell as administrator

2. To connect Office 365, type

• Connect-MsolService

3. To remove the deleted users, type

• Remove-MsolUser -UserPrincipalName darren@Contoso.com -RemoveFromRecycleBin

or

• Remove-MsolUser -UserPrincipalName darren@Contoso.com -RemoveFromRecycleBin -force

4. To remove all deleted users, type

• Get-MsolUser -ReturnDeletedUsers | Remove-MsolUser -RemoveFromRecycleBin -Force

#Azure - Create Azure Right Management template

1. Log on to O365 portal with admin.
2. Go to Service Settings, Rights Management, select Manage.

3. Select Advanced Features

3. Go to Active Directory, select Rights Management. (If you haven't activate an Azure account, you can activate now)  

4. Select your domain. (By default,two template will created, and DO NOT FORWARD rule included)

5. Select Create a new rights policy template.

6. Select a language and enter a name.

7. Select groups or users. 

8.Select a rights

9. Publish the template.

#Azure AD Directory Sync - change sync time interval

By default, Azure AD directory sync schedule is sync every 3 hours.

To change the interval,

Go to Windows Azure Active Directory Sync Installation path, look for Microsoft.Online.DirSync.Scheduler.exe (Config file). 

Open the file with notepad.

edit the "SyncTimeInterval" value="hh:mm:ss"

Restart the Windows Azure AD Directory Sync services or restart the server.

#AD FS 3.0 - Customize AD FS 3.0 login page

Customize the login page:

Before

After

Change Company Name:

Change Logo:

Change illustration:

Change Sign-in description:

Reference:

For more information Microsoft link