Did you ever make the mistake of wanting to create a Domain Local Group but you accidently pressed OK without changing the Group Scope to “Domain Local” (Default is Global). Don’t worry, you can still make this group a Domain Local Group. It just involves an extra step.
First open the group, change it to “ universal”, press apply and then change it to “Domain Local” and apply again.
Global to Universal:
Universal to Global: 
My admin password was recently changed. I had to change it back to the password I used before, because my Directory Synchronization was failing.
You can do this with the help of PowerShell
Set-MSOnlineUserPassword –Identity <user> –Password <password> -ChangePasswordOnNextLogon $false -Credential (Get-Credential) -Verbose
On some servers you might see the following file appearing on you system drive: hiberfil.sys
This file is a system generated file. The system uses this file when it goes into hibernation. For a server, this might not be necessary 
.
You can delete this file by using the command: powercfg –h off.
You can also create a Group Policy (rather a Group Policy Preference) for it.
Open a Group Policy that is applied to all of your servers (or create one). Navigate to:
<Computer Configuration>
<Preferences>
<Registry>
Create a new “ Registry Item” with the following values / parameters:
Action: Update
Hive: HKEY_LOCAL_MACHINE
Key Path: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value name: Disable Hibernation on Servers
Value Type: REG_SZ
Value data: %systemroot%\system32\powercfg.exe -h off
Run gpupdate /force on your server and logoff. When you log back on on to a server it will run this command once and thus will remove the hibernation file.
oh, btw. If you can’t see the hiberfil.sys on your system drive, it might be because it is hidden. Open Folder Options and select “show hidden files and folders” and deselect “ Hide Protected operating systems files”
Super video from msonlineservices explaining MX records and BPOS.
I recently installed a Windows 2003 x64 server. I had to use this machine for running one of our web services we developed.
This webservice was initiated by a custom developed Windows Schedule service, to initiate an import of files.
After installing and configuring IIS6, I could browse the webservices.svc file but whenever the Schedule Service tried to initiate the webservice to do the import of files I received the following error in my IIS logs:
127.0.0.1 POST /WebImportService.svc – 80 – 127.0.0.1 – 500 0 0
A 500 0 0 error indicates application failure. The schedule service could not initiate an import. After some troubleshooting I came to realize that the WebImportService was a 32 bits application and was running with the x64 DLL (i.e. C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll).
Apparently this is no problem on IIS7 (), but it is on IIS6.
The following action resolved my problem:
First I had to enable the possibility to run x86 WebApps on my X64 machine. For this open a command prompt and navigate to C:\inetpub\adminscripts. Execute the following command:
cscript adsutil.vbs SET W3SVC/AppPools/Enable32BitAppOnWin64 TRUE
note:
you can use cscript adsutil.vbs GET W3SVC/AppPools/Enable32BitAppOnWin64 to see if it is already enabled on your machine
After that register .Net v4.0. Navigate to the folder C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 (not the Frameworkx64 folder) and execute the command:
aspnet_regiis –i
In IIS under “web service extensions” you can now enable ASP.NET v4 (32 bit). Just right click it and select Allow
Last thing to do is change your webapplication to use the 32 bits Framework DLL’s instead of the x64 bits.
You can do this by executing the next command from within your Framework folder (C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319 ):
aspnet_regiis -s W3SVC/1/Root/<Web Identifier>
The Web Identifier can be found inside IIS manager or by executing the command: aspnet_regiis –lk
Say you got a wildcard certificate for a domain called *.marcvalk.net.
When you have a couple of IIS sites which host subdomains of marcvalk.net and you want to secure them with SSL, you can do so.
For this you have to use the command prompt.
In IIS6 you have to use the following command (executed from the directory c:\inetpub\adminscripts > this is the default location of adsutil.vbs)
cscript.exe adsutil.vbs set /w3svc/<site identifier>/SecureBindings ":443:<host header>"
Site identifier can be found in IIS Manager:
In IIS7 you have to do the execute the following command (from within C:\Windows\System32\Inetsrv):
appcmd set site /site.name:"<IISSiteName>" /+bindings.[protocol='https',bindingInformation='*:443:<hostHeaderValue>']
In BPOS you can use the Directory Synchronization Tool to synchronize your on-premise AD users to Microsoft Online (BPOS).
You might not know that you can exclude users from synchronizing to your online environment. For this to work you have to create a xml file with the users GUID specified inside.
The xml file has to be in the following format:
<?xml version="1.0" encoding="utf-8"?>
<DirectorySyncFilters>
<ExcludedDN>CN={9030057d-d403-4590-8c3b-a643fc36df3d}</ExcludedDN>
<ExcludedDN>CN={792f1e02-4528-48ba-a2bf-695b3916fc05}</ExcludedDN>
……..(for every user, 1 excludeDN node)
</DirectorySyncFilters>
When you have a lot of users that you don’t want to sync, creating this XML file can be a pain in the ***.
With the following powershell, this xml file will be created for you.
|
Add-Content "C:\test.xml" ‘<?xml version="1.0" encoding="utf-8"?>’
Add-Content "C:\test.xml" ‘<DirectorySyncFilters>’ $users = get-aduser –SearchBase "OU=SomeOU,DC=contoso,DC=com" -filter * foreach ($user in $users) { $String = "<!–"+$user.Name+"–> <ExcludedDN>CN={"+ $user.objectGUID +"}</ExcludedDN>" Add-Content "C:\test.xml" $String } Add-Content "C:\test.xml" ‘</DirectorySyncFilters>’ |
#Open a SQL Connection
$SQLconnection = New-Object system.Data.SqlClient.SqlConnection
$SQLconnection.Connectionstring = "<ConnectionString>"
$SQLconnection.Open()
$SQLCommand = New-Object system.Data.SqlClient.SqlCommand
$SQLadapter = New-bject System.Data.SqlClient.SqlDataAdapter
$SQLCommand.CommandText =
$SqlQuery$SQLadapter
.Fill($SQLdataSet) | Out-Null$SQLconnection.Close(
)The company I work for has some Amazon EC2 Instances. These instances are running all kinds of custom developed software and some databases.
We wanted to create some kind of backup solution for these and sql databases and the software.
Here are my requirements:
Optional requirements:
After some research I came to the conclusion that I am going to be using PowerShell and that I will do my backup to a S3 storage bucket. I found a nice utililty named Cloudberry S3 Explorer which had some PowerShell Snap-in I could use. They even had an example script I could use as the base of my script.
To get the Cloudberry S3 Explorer powershell snap-in working (I did not wanted to install the tool on the server), follow these steps:
After some coding I had the following script (I did not implement the optional requirements just yet):
#load CloudBerryLab PSSnapin
Add-PSSnapin CloudBerryLab.Explorer.PSSnapIn
$s3 = Get-CloudS3Connection -Key $key -Secret
$secret
Execute it, and you will see that all files in the $SourceFolder will be copied to you $destbucket. As we are using the Copy-CloudSyncFolders the next time it runs, it will synchronize the 2 directories.
I can now create a windows task which will execute the powershell with the following parameters:
-command "& ‘<location to your ps1 script>\<filename>.ps1′"
As I still do not have my secondary goals, I will try to work on that. But there is one thing I want to add to the Primary Goals list, that is the fact that the script has the access Key Id and the Secret Access Key in it, in plain text. Off course “not secure”. As more people can access the EC2 server, I don’t want them to see the passwords.
I know the Cloudberry command can’t handle a SecureString object, so I cant use the commands convertfrom-securestring and convertto-securestring to supply the credentials via a plain text file.
So I am thinking of putting this powershell script on one of my on premise servers and using PowerShell Remoting to execute the commands for a backup (I already tested this and it works, but it’s 2 long for now to write down ). So I will come back on that later.
In the mean time if some of the PowerShell Guru’s have a better idea to handle this in a more secure way, I would be most grateful with any advice.
This is a crosspost from office365rocks, a blog formally known as bposrocks. Maintained by Wortell’s CEO mr. D. Burlage.
I think this post is super interesting, that’s why I am crossposting it. It discusses the plans Microsoft will offer.
You can read more about @ the source.
Edit: If found some other sheets (original source)
Also a nice PowerPoint presentation here (Office 365 Partner Overview Deck)
