Azure AD Device Cleanup

Posted on August 1, 2019 by Mohammad Zmaili

When dealing with Azure AD devices, usually we are facing the following challenges:

There is no report in Azure AD that shows the stale devices.
There is no retention policy to delete the stale devices from Azure AD.
There is no way to restore the deleted Azure AD device or its attributes (e.g Bit-Locker recovery key).

In this article, I am providing the following PowerShell script that gives comprehensive options to deal with the above challenges.
Continue reading →

Test Device Registration Connectivity

Posted on April 26, 2019 by Mohammad Zmaili

The Hybrid device is being registered to Azure AD under the system context, the first step is to make sure that the device is able to communicate with Azure AD device registration endpoints under the system account. Here we need to use Test Device Registration Connectivity script.
Continue reading →

Hybrid Azure AD Joined Devices Health Checker

Posted on April 24, 2019 by Mohammad Zmaili

Coming from the fact that it does not mean that the hybrid device is in health state just by checking the output of “dsregcmd /status” command from the device itself. Also, it does not mean that the hybrid device is in health state by checking only the device in Azure AD devices blade.
Continue reading →

Device Registration SCP Tool

Posted on August 10, 2018 by Mohammad Zmaili

I have written this PowerShell script to automate resolving Device Registration Service Connection Point (SCP) creation and configuration issues while configuring Hybrid Azure Active Directory Joined devices. The script verifies all needed prerequisites to install SCP, installs the missing ones, then, it creates SCP. Also, this PowerShell fixes the common issues that may occur when creating SCP.
Continue reading →

Failed To Open or Edit GPO

Posted on February 15, 2017 by Mohammad Zmaili

Group Policy Object cannot be opened or edited with the error: Failed to open Group Policy Object. You might not have the appropriate rights.
Continue reading →

Local Administrator Password Solution (LAPS)

Posted on December 5, 2016 by Mohammad Zmaili

Local Administrator Password Solution (LAPS) is a new tool that gives the power to manage local Administrator accounts passwords (RID-500).
The most important benefit of deploying LAPS is to mitigate Pass-the-Hash (PtH) credential attack.
Continue reading →

Add Database Availability Group Member

Posted on December 4, 2016 by Mohammad Zmaili

This article is aims to describe the detailed steps to add Mailbox server to Database Availability Group (DAG):

1. Adding Database Availability Group Server:

Continue reading →

Upgrading Exchange Server Cumulative Update.

Posted on November 23, 2016 by Mohammad Zmaili

Cumulative updates and Service Packs should be installed in the internet-facing site first, before installing in other sites in the organization.

The first servers to be updated in a site are the Mailbox servers.
The Client Access servers are updated second.
Edge Transport servers can be updated last.

Continue reading →

Event ID 12016, Certificate Error on Microsoft Exchange Transport

Posted on October 13, 2015 by Mohammad Zmaili

Event ID 12016: There is no valid SMTP Transport Layer Security (TLS) certificate for the FQDN of SERVERNAME.DOMAIN.LOCAL. The existing certificate for that FQDN has expired.
The continued use of that FQDN will cause mail flow problems. A new certificate that contains the FQDN of SERVERNAME.DOMAIN.LOCAL should be installed on this server as soon as possible.
You can create a new certificate by using the New-ExchangeCertificate task.
Continue reading →

Replacing HP CSA 4.2 Self-Signed Certificate