If you are synchronizing an Office 365 account with an on-premises Active Directory, you know that you cannot edit exchange user properties using the Office 365 administrator portal.  In this article, I will show you how to add e-mail aliases using the Active Directory Service Interfaces Editor (adsiedit).

  1. Go to Start > Run and type adsiedit.msc
  2. Now, find the unit where your AD user’s reside
  3. Right click the user you want to edit and click Properties.
  4. Find the variable proxyAddresses – this is the one you want to edit.
    When you add new e-mail aliases, you want to make sure that your primary e-mail address will start with upper-case SMTP. Your aliases, aka, secondary addresses should be lower-case smtp.For example, I want my primary e-mail address to be firstnamelastname@example.com
    In the proxyAddresses attribute, I would put:
    SMTP:firstnamelastname@example.com
    As my alias, I want firstname.lastname@example.com… to do this, I will use lower case smtp:
    smtp:firstname.lastname@example.com

Apply the new settings and wait for your active directory to be synchronised with Office 365 (by default this happens every 3 hours)

winupdate_admincontrolled

 

Open gpedit.msc and browse to the location /Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication Settings and double click “turn off access to all windows update features” and set it to disabled.
Open regedit and back up the key

Remove reg key from regedit
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
and delete WindowsUpdate as it may contain your administrator settings for windows update which  includes a WSUS server address, this entry prevents your windows update from contacting windows update directly.

 

Windows Server Time Sync Configuration

The following steps can be used to configure DCs the default Windows time service hierarchy in an AD forest.  The procedure will also remove any errors in the Event Viewer, if any existed.

Do not use if you are using a third party stratum service and refer to the vendor’s documentation for further instructions

Check and Document the Current Time Configuration on the PDC Emulator
More »

Windows 2012 R2 currently halts with an error (0XC000000F)  when the Windows Deployment Server attempts to Capture an Image.  Run the below commands to mount the capture wim file and then unmount.  This work around will allow WDS to run and capture the image
More »

Cisco Devices are not effected as they are running OpenSSL version 0.9.8 on the newest 9.01 IOS Software. Most Cisco Firewalls have Older IOS versions and therefore have older versions of OpenSSL.

The heartbleed bug was introduced in OpenSSL 1.0.1 and is present in
• 1.0.1
• 1.0.1a
• 1.0.1b
• 1.0.1c
• 1.0.1d
• 1.0.1e
• 1.0.1f
The bug is not present in 1.0.1g, nor is it present in the 1.0.0 branch nor the 0.9.8 branch of OpenSSL.

office

 

Click Start, click Run, type “regedit” in the Open box, and then click OK.
In the left pane, locate and then click the following registry subkey:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstaller

On the Edit menu, click “Permissions”.
In the “Permissions for Installer” dialog box, consider the “Administrators” and the “Users” in the “Group or user names” list.
Make sure that the Full Control permission is set for the “Administrators” and the “Users” group.
If this permission is not set, click to select the Full Control check box under “Allow”.
Click “OK”.

Installing first KMS Server

Below are the steps I used to install the KMS server. We determined that due to the number of client activations, and the capacity of our infrastructure we had no problems installing this server on our secondary domain controller. From here on we will call it DC1.

  1. On the Domain Controller we run CMD with elevation
  2. Type slmgr /ipk xxxxx-xxxxx-xxxxx-xxxxx-xxxxx where the last section is the Key from your volume licensing website.
  3. Open “Windows Firewall with Advanced Security” via Start menu -> Administrative Tools.
  4. Under Inbound Rules scroll down to “Key Management Service (TCP-In)”, right click and select enable.
  5. Reboot the machine – note you can restart the Software Licensing service but I preferred to reboot it (seeing as the server was not in use for anything else)
    More »