ADSync error – OnlineIdentityException–0x8023134a–Last name was changed

I recently dealt with an issue with Office 365 and the "Directory Synchronization service manager" where two of the users who had been previously syncing to Office 365 with no problems started to receive the error "OnlineIdentityException "

The Error Description was:

"The cause of the error is not clear. This operation will be retried during the next synchronization. If the issue persists, contact Technical Support.

Tracking Id: 8a1fee60-18d9-4a4c-83d2-b17fbc074b20
ExtraErrorDetails:

image

After looking at all the old and new Attribute of the users under :Pending export" I notice that the last name was changed

image

This environment  is  Exchange online environment -  where all mailboxes are in the cloud.

I removed the old user Using "Windows Azure Active Directory Module for Windows PowerShell":

 

1. Connect to Office 365 via Powershell

2. Download and Install the "Windows Azure Active Directory Module for Windows Powershell" (available here)

3. Run the following commands (make sure you have the credentials for a global administrator for the Office 365 subscription)

Import-Module MSOnline

Connect-MsolService

get-msoluser -UserPrincipalName   "Useroldlastname@domain.com" |Remove-MsolUser

Check that the user is deleted from the cloud

get-msoluser -UserPrincipalName   "Useroldlastname@domain.com"

run the export stage again from the "Synchronization service manager"   and the problem was solved!

image

image

 

* Please notice – The Remove-MsolUser command is used to remove a user from the  cloud This command will delete the user, their licenses, and any other associated data. 

Enjoy סמיילי

Posted in Azure AD Connect, Dirsync, Office365 | Tagged , , , , | Leave a comment

SCCM – Adding driver package to a task sequence

1. First we need to create a folders and copy the Network, Display, Chipset, Audio, Modem, SATA drivers in to it.

For example OptiPlex3020Win7X64

2. Create a driver package in SCCM Console:

Give the package a name matching the folder name

Note: When you create a new driver package you must provide a network share that is not in use by other driver packages.

Distribute your driver package to DP’s

image

 

3. Add the  driver package to a task sequence

First we need to get the model name from the existing machine by Opening CMD on the Machine and type:  WMIC CSProduct Get Name

image

In task sequence “Apply driver package” task

 

image

Choose the Driver package you created

In the options tab, enter a task sequence variable of model equals "model name"

image

you can also use a WMI query instead such as

Select * from Win32_computersystem where model like "%OptiPlex 3020%"

 

Good luck סמיילי

Posted in SCCM 2012, SCCM 2012 R2, SCCM2007, System Center | Tagged , , , | Leave a comment

GPO – Event ID 1058, Group Policy gpt.ini–Solved

"The Processing of Group Policy failed. Windows attempted to read the file \\domain\sysvol\domain\policies\{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}\gpt.ini from a domain controller and was not successful."

 

Under \\domain\sysvol\domain\policies\{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}  – there was no ini file  so I realized that GPO is probably corrupted

In order to determine which group policy is causing this problem .I used PowerShell  to find the friendly name of that specific GPO:

Get-GPO -id 9189e970-5663-4866-92a0-0eb2a22aab0b |select DisplayName

image

After recreating the gpo everything worked fine.

 

More information about  Group Policy Cmdlets in Windows PowerShell:

https://technet.microsoft.com/en-us/library/ee461027.aspx

Posted in GPO | Tagged , , | Leave a comment

Remote desktop connection with 2 or more multiple screens

  • Hit “Winkey + R” to open the “Run” box
  • write mstsc and hit Enter

Run_Mstsc

  • Click the “Show options” button and go to Options tab, mark the “Use all my monitors” checkbox.

RDP_MultipleScreens

  • Enjoy!
Posted in Windows | Leave a comment

Force Vmware VM to boot from CD

  • Edit the machine settings:

VM_EditSettings

  • Go to Options tab, select Boot Options, and then Force BIOS Setup:

VM_BootToBios

  • In the BIOS go to “Boot” tab, Then stand on the “CD-ROM Drive” and hit the “+” in the keyboard to get the CD-ROM to be first, and hit F10 to save and restart

VM_BiosBootOrder

Posted in Vmware | Leave a comment

Resetting windows server 2012 R2 local administrator or any local user passwords

  • Boot the server with the original windows media (You can obtain original media directly from MS for free as a 180 days free Evaluation: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2012-r2 )
  • Click “Next” on the first setup screenwin2012R2_setup_screen
  • Then click “Repair your computer”win2012R2_setup_screen2
  • Then click “Troubleshoot”win2012R2_Troubleshoot
  • And “Command Prompt”win2012R2_Troubleshoot_Screen
  • Then in Command Prompt enter the following commands (In most cases the drive should be C and not D like in the example):win2012R2_CMD
  • Eject the windows media and reboot the server back to the lock screen
  • From the lock screen you can either click WIN + U in the keyboard or just click the “Ease of access” button in the welcome screen, This will try to open the ease of access executable (Utilman.exe) which is actually right now cmd.exe and will run it with highest privlages:win2012R2_Welcom_Screen
  • From that cmd window you can just use: “net user administrator NEWPASSWORD”, but in case the administrator name was changed you can also do what I showed in the screenshot to first find the administrator name:win2012R2_cmd_Reset_Pass
  • Don’t forget to reinsert the media, boot into Troubleshooting again and do the following in CMD (Otherwise you will not have “Ease of access” anymore):win2012R2_CMD_renBack
  • Good Luck!
Posted in Windows, Windows servers | Leave a comment

Updating frozen ILO firmware for a blade through the enclosure using SSH

Today I had a frozen ESXi server that was physically located in a different country so manually resetting it was not an option and when I tried to connect to its ILO using https with my web browser I’ve received an error and could not even get the ILO login screen.

I’ve tried to reset the ILO using SSH which usually worked for me in the past with no sucess, by the way it’s done by:

  1. SSH (using putty for example) to the ILO IP
  2. After you enter username and password you type: cd /map1
  3. Type: reset

That short process resets the ILO and usually is enough to login and update the firmware from the web UI which is a lot simpler.

But in my case two things happend:

  1. Resetting didn’t help
  2. After a few tries i couldn’t even login to the ILO using ssh because it was frozen as well

So, first of all if you have blade servers like in my case you can do many very nice things directly from SSH directly to the enclosure.

One very important thing is to reset the specific blade ILO from the enclosure using:

And now for updating the firmware (Finding the right bin file is at the end of this post):

There are two options that I saw, one is to use http (which didn’t work for me) and the other one is with using TFTP server (very easy once you have a guide like this one).

For the first option:

  1. Connect to the ILO using putty

  2. ***Like I said this option didn’t work for me

The second option have two parts:

First:

  1. Downloading HP Lights-Out XML Scripting Sample for Windows which can be useful for many other things as well
  2. Inside this package you will find “Update_Firmware.xml” which looks like this (Without the comments):

    You need to change only the username, password, and path to the location of the bin file

Second you need to setup the TFTP server:

  1. Download Pumpkin
  2. After the installation in “C:\Program Files\Klever\Nothings” you can just take this folder and copy it to wherever you want (in case you don’t want to install on your servers and can’t access your PC from the ILO)
  3. put the XML file in the same directory as the EXE file of Pumpkin, together with the ILO firmware bin filepumpkin_folder

 

Now you should open Pumpkin and than click Optionspumpkin_main_screen

And make sure that the folder location is right and also push the radio button to “Give all files” (this is not a must but will help you to do not be have to click for confirmation)pumpkin_options

Now for the actual work:

  1. SSH to the enclosure IP

And  that is it, basically what we did is pointed the enclosure to download from the TFTP server an update script that tells it to download a firmware bin from the TFTP server.

in case you don’t know where to download the right bin file:

you just need to know what is your ILO version and than you search google for:

“ILO4 firmware” for example, the first result should bring you to here:

ilo4_firmware_download

Download the version for any windows server and when you run it you can select “Extract”, pick a folder and inside of the extracted content you will find the Bin file.

Hope I was able to help someone.

Posted in General | Leave a comment

Exchange 2010: Get-MailboxDatabase -Status for Whitespace

In exchange 2010, event id 1221 does not exist anymore, and in order for us to find the whitespace, Microsoft has provided an appropriate command shell:
Get-MailboxDatabase -Status |ft name,databasesize,availablenewmailboxspace -auto

image

image

Posted in Exchange 2010 | Tagged , , , , | Leave a comment

Azure AD Connect: In place Upgrade Windows Azure Active Directory sync (DirSync)


clip_image002

Azure AD Connect: In place Upgrade Windows Azure Active Directory sync (DirSync)

*"In-place upgrade" is only relevant if the DB contains less than 50000 objects

Azure AD Connect will analyze your current DirSync settings and recommend an in-place upgrade if the number of objects in your database is less than 50,000

Download Azure AD connect

In-place upgrade Wizard

1. Launch the Azure AD Connect installer (MSI), Review and agree to license terms and privacy notice.

image

3. Click next to begin analysis of your existing DirSync installation.

image

4. When the analysis completes, we will make recommendations on how to proceed.

 clip_image008

  • If you u use SQL Server Express and have less than 50,000 objects, the following screen is shown:

 clip_image010

  • If you use a full SQL Server for DirSync you will see this page instead

The information regarding the existing SQL Server database server being used by DirSync is displayed. Make appropriate adjustments if needed. Click Next to continue the installation

  • If you have more than 50,000 objects, you will see this screen instead:
    To proceed with an in-place upgrade, click the checkbox next to this message: Continue upgrading DirSync on this computer. To do a parallel deployment instead you will export the DirSync configuration settings and move those to the new server.

clip_image012

 
   

5. Provide the password for the account you currently use to connect to Azure AD. This must be the account currently used by DirSync.

 
  clip_image014

If you receive an error and have problems with connectivity, please see Troubleshoot connectivity problems.

6. Provide an enterprise admin account for Active Directory.

 

clip_image016

 

7. You’re now ready to configure. When you click Upgrade, DirSync will be uninstalled and Azure AD Connect will be configured and begin synchronizing.

 

clip_image018

 

8. After the installation has completed, sign out and sign in again to Windows before you use Synchronization Service Manager, Synchronization Rule Editor, or try to make any other configuration changes.

Customize Azure AD Connect sync

After your initial installation of Azure AD Connect, you can always start the wizard again from the Azure AD Connect start page or desktop shortcut. You will notice that going through the wizard again provides some new options in the form of Additional tasks.

The following table provides a summary of these tasks and a brief description on each of them.

Join Ruleimage

Posted in Azure AD Connect, Dirsync, Office365 | Tagged , , , | Leave a comment

Exchange 2010 – SMTP address is generated in the format of username2@domain.com

Symptom:
When a new user is created, in some cases an SMTP address is generated in the format of username2@domain.com instead of username@domain.com although there is no such existing address on the network
Cause
:
Issue is possibly due to the x400 configuration on the e-mail address policy:

When the email address is stamped, x400 finds the 2nd user as duplicated as the user’s First Name and Last Name are same.
So it adds 2 in the X400.

As the X400 found it as duplicate and added 2 , SMTP also follows the same and adds 2 to address.

Solution/Accepted workaround:

Remove x400 configuration from e-mail address policy and restarted the Exchange services.

*Please note that X.400 address function is not necessarily required in pure Exchange 2007/2010 environments.

Posted in Exchange 2003, Exchange 2010, Exchange 2013 | Tagged , , | Leave a comment