Mohammed Wasay

Blog

  • Delete the Lync or Skype for Business SIP profile from a Windows computer

    When a Lync 2010/2013 desktop client for Windows signs-in, to minimize the bandwidth consumption the Lync client retrieves a lot of information from cache.  This cached information is stored in the users SIP Profile in a folder named sip_(SipURI of the user) located on a Windows computer in the following folder:

    Lync 2010: %UserProfile%\AppData\Local\Microsoft\Communicator\

    Lync 2013: %UserProfile%\AppData\Local\Microsoft\Office\15.0\Lync

    Skype for Business: %UserProfile%\AppData\Local\Microsoft\Office\16.0\Lync

    If there are any issue with the files in the SIP profile, users might experience issue with Lync client such as:

    • Contacts appear to be offline
    • Unable to search the Global Address List
    • Contacts are missing from the contact list
    • Contacts display Presence Unknown
    • Presence is not displayed in Outlook or SharePoint
    • “User is not SIP enabled” errors
    • “Lync Server is Temporarily Unavailable” errors

    Additionally, it is a good practice to delete the SIP profile when switching to a new Lync platform as connection information can be cached.

    To resolve the issues listed above, use the following guidance to delete the SIP profile for the affected user.  NOTE: Depending on the Windows Explorer settings, the SIP profile folder may be hidden, if you are unable to navigate to the path listed for your version of the Lync client you will need to set Windows Explorer to Show Hidden Files and Directories prior to completing the steps below.

    Deleting the SIP Profile

    1. Close Lync completely by right-clicking the Lync icon in the Windows System Tray and selecting Exit.
    2. Open Windows Explorer and navigate to the folder that corresponds to the Lync client version that is installed
    • Lync 2010: %UserProfile%\AppData\Local\Microsoft\Communicator
    • Lync 2013: %UserProfile%\AppData\Local\Microsoft\Office\15.0\Lync
    • Skype for Business: %UserProfile%\AppData\Local\Microsoft\Office\16.0\Lync
    1. Delete the sip_username directory that matches the sip address of the user experiencing the issues.  This directory will be rebuilt when the Lync client is restarted the next time.
    2. Restart the computer
    3. Restart the Lync client

    The SIP profile folder and cached information will be rebuilt and the issues above should be resolved.

  • Exchange 2010: Moving Messages to Another Working Queue on another CAS Server

    One of my CAS Hub servers was acting up and started queuing email. I needed to move the message to another working server while I needed time to troubleshoot what was causing the queuing.

    This is what I had to do.

    On the non working server:

    • Create a Folder on C: called MailsExport
    • Open Exchange Management Shell and type the following:
    $array = @(Get-Message -Queue "QueueName" -ResultSize unlimited)
    $array | ForEach-Object {$i++;Export-Message $_.Identity | AssembleMessage -Path ("c:\MailsExport\"+ $i +".eml")}
    • Mail should start exporting.
    • Once completed Move the *.eml files to the “Exchange Server\V14\TransportRoles\Pickup” folder on the working server.
    • The new server should immediately start processing the messages.

  • Updating the system time on Server 2008R2 & 2012R2 using NTP Servers

      1. To update, use the command below (2008 and 2012 server compatible) 
        w32tm /config /manualpeerlist:"ntp_server" /syncfromflags:manual /reliable:yes /update

        change the ntp_server with your source. Check http://tf.nist.gov/tf-cgi/servers.cgi for servers

      2. Restart the time service 
        net stop w32time
net start w32time
      3. Resync the time 
        w32tm /resync
      4. Verify your sync status 
        w32tm /query /status

    Commands above should be fine if your sources are working correctly and/or your connection is OK (firewall or Microsoft Forefront can be an issue also).

    The commands below can help with troubleshooting

    To list out peers

    w32tm /query /peers

    To list out NTP Sources:

    w32tm /query /source

  • Cannot migrate user from Exchange 2010 to Exchange Online

    So I came across this error while migrating some accounts from On-Premise Exchange 2010 Server to Exchange Online.

    Error: The subscription for the migration user [email protected] couldn’t be loaded. The following error was encountered: A subscription wasn’t found for this user.

    migrationbatch

    In short, there is an address conflict between the user properties of the exchange server and the synced object on Office365. Lets go back to the basics to get this fixed.

    Environment: Exchange 2010 in Hybrid Mode with Exchange Online. Migrating accounts using a staged migration approach. The problematic user in Exchange Online is properly licensed.

    Setup for Staged Migration.

    • Exchange Online: Stop the problematic migration batch and delete it
    • Exchange 2010: Even though the user account may show that it is a Remote mailbox or just a User Mailbox. Right click and hit Disable. (This will remove the exchange properties for the user.)
      option1
    •  option2
    • Exchange 2010: Search your Exchange database and find the user’s on-premise mailbox. This is easier if you have just 1 or 2 databases. In an enterprise environment this may be a task by itself. Open EMS and type the following: 
      Get-MailboxStatistics -Database <your exchange database name>

      If the result set it too long, you may want to save the contents to a file.

      Get-MailboxStatistics -Database yourexchangedatabase > C:\my_exchange_users.txt

      Open the file and search for the user you disabled in step 2

    • Now you need to delete the problematic user in Exchange Online. Open up PowerShell ISE and type the following: 
      Import-Module MSOnline
$O365Cred = Get-Credential
$O365Session = New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection
Import-PSSession $O365Session
Connect-MsolService –Credential $O365Cred

      After supplying the Global Admin credentials and successfully logging in, do the following:

      Remove-MsolUser -UserPrincipalName [email protected]
Remove-MsolUser -UserPrincipalName [email protected] -RemoveFromRecycleBin
    • Now the object is not in Exchange 2010 and Exchange Online
    • Attach the user back to Exchange 2010. Open up EMS and type the following: 
      Connect-Mailbox -Identity "John Doe" -Database "YourExchangeDatabase" -User "John Doe"
    • The mailbox should show up in Exchange 2010. Make sure that the SMTP address includes: [email protected] address.
    • In a  few minutes DirSync will sync the object back to Exchange Online (This depends on your DirSync time interval)
    • When the user shows up – make sure you assign the user a license in Exchange Online.
    • Start a new migration batch for the user.
    • Migration will go through as expected.

  • Bulk removal of Password Never Expires checkbox in AD

    No one intends this but it is a problem that sooner or later you will be come across in your system administrator career.

    I’ve see this resolved many different ways, but I like to narrow it down to a particular OU. Depending on your case you may want to clean this across the board in AD.

    Here is command prompt to the rescue:

    dsquery user "OU=Microsoft,DC=Redmond,DC=CORP,DC=LOCAL" -limit 4000 | dsmod user -pwdneverexpires no

    I haven’t tried this, but some have said the following works in Powershell:

    For OU:

    Get-ADUser -Filter {(ObjectClass -eq "user")} -SearchBase "OU=Offices,DC=Contoso,DC=com" | Set-ADUser -PasswordNeverExpires:$FALSE

    For AD:

    Get-ADUser -Filter {(ObjectClass -eq "user")} | Set-ADUser -PasswordNeverExpires:$FALSE

  • Quest AD PowerShell cmdlets

    I had trouble finding the Quest AD Powershell Cmdlets today. I knew Quest got acquired by Dell but I thought that my favorites would have still worked. Anyways, after a little of digging on the internet i was able to find them. It is now called ActiveRoles Management Shell for Active Directory  Here is the link: ActiveRoles Management Shell for Active Directory

    The following zip includes:

    ActiveRoles Management Shell for Active Directory 32-bit Aug. 27, 2014 1.5.1
    ActiveRoles Management Shell for Active Directory 32-bit – Zip Aug. 27, 2014 1.6.0
    ActiveRoles Management Shell for Active Directory 64-bit Aug. 27, 2014 1.5.1
    ActiveRoles Management Shell for Active Directory 64-bit – Zip Aug. 27, 2014 1.6.0

    Release Notes and User Guides
    ActiveRoles Management Shell for Active Directory – User Help Guide Aug. 27, 2014 1.5
    ActiveRoles Management Shell for Active Directory – Administrator’s Guide Aug. 27, 2014 1.6.0

    Download

  • Microsoft IIS: Disabling the SSL v3 Protocol

    Depending on how your Windows servers are configured, you may need to disable SSL v3.

    Note that older versions of Internet Explorer may not have the TLS protocol enabled by default. If you disable SSL versions 2.0 and 3.0, the older versions of Internet Explorer will need to enable the TLS protocol before they can connect to your site.

    For a Simpler Way to Disable the SSL v3 Protocol:

    DigiCert is not responsible for any complications or problems if you decide to use this .zip file to disable the SSL v3 protocol on your server.

    1. Log into your server as a user with Administrator privileges.
    2. Download DisableSSL3.zip, extract the .zip file contents, and then double-click DisableSSL3.reg.
    3. In the Registry Editor caution window, click Yes.
    4. Restart server.

    If you prefer to do it yourself, follow the steps in the instruction below.

    Microsoft IIS: How to Disable the SSL v3 Protocol

    1. Open the Registry Editor and run it as administrator.For example, in Windows 2012:
      1. On the Start screen type regedit.exe.
      2. Right-click on regedit.exe and click Run as administrator.
    2. In the Registry Editor window, go to:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\Windows Registry Key
    3. In the navigation tree, right-click on Protocols, and in the pop-up menu, click New > Key.Windows Registry Key
    4. Name the key, SSL 3.0.
    5. In the navigation tree, right-click on the new SSL 3.0 key that you just created, and in the pop-up menu, click New > Key.Windows Registry Key
    6. Name the key, Client.
    7. In the navigation tree, right-click on the new SSL 3.0 key again, and in the pop-up menu, click New > Key.Windows Registry Key
    8. Name the key, Server.
    9. In the navigation tree, under SSL 3.0, right-click on Client, and in the pop-up menu, click New > DWORD (32-bit) Value.Windows Registry Key
    10. Name the value DisabledByDefault.
    11. In the navigation tree, under SSL 3.0, select Client and then, in the right pane, double-click the DisabledByDefault DWORD value.Windows Registry Key
    12. In the Edit DWORD (32-bit) Value window, in the Value Data box change the value to 1 and then, click OK.
    13. In the navigation tree, under SSL 3.0, right-click on Server, and in the pop-up menu, click New > DWORD (32-bit) Value.Windows Registry Key
    14. Name the value Enabled.
    15. In the navigation tree, under SSL 3.0, select Server and then, in the right pane, double-click the Enabled DWORD value.Windows Registry Key

  • Outlook: Removing Copy from all the Calendar entries after importing from PST

    This article applies to Outlook 2007 and 2010. If you are experiencing this issue with other mail clients, please contact Support.

    The “Copy” prefix is usually added to calendar items when items are imported from a PST file or copied from another calendar.

    To avoid this happening move items to the calendar instead of importing:

    1. Open Outlook.
    2. Open the .PST file (one that was imported) as an Outlook Data File.
      File > Open > Outlook Data File (.pst)
    3. Switch to Calendar view and check the boxes next to both calendars to view them side by side.
    4. Right-click and drag the item from the pst file calendar to your current mailbox calendar and select “Move” from the menu.
    5. Repeat for every similar item.

    To get rid of this “Copy” prefix, you can copy the script that is provided below and run it in Outlook. The script will remove the prefix however you could be still unable to edit the calendar items. To run the script that will remove the “Copy” prefix:

    1. In Outlook, select the Calendar.
    2. Press Alt+F11 to open the VBA editor.
    3. Expand Project1, then double-click on ThisOutlookSession to open the code window.
    4. Copy the code below and paste it into the code window, then Save.
    5. Click the Run button.
    Sub RemoveCopy()
Dim myolApp As Outlook.Application
Dim calendar As MAPIFolder
Dim aItem As Object

Set myolApp = CreateObject("Outlook.Application")
Set calendar = myolApp.ActiveExplorer.CurrentFolder

Dim iItemsUpdated As Integer
Dim strTemp As String

iItemsUpdated = 0
For Each aItem In calendar.Items
    If Mid(aItem.Subject, 1, 6) = "Copy: " Then
      strTemp = Mid(aItem.Subject, 7, Len(aItem.Subject) - 6)
      aItem.Subject = strTemp
      iItemsUpdated = iItemsUpdated + 1
    End If
    aItem.Save
Next aItem

MsgBox iItemsUpdated & " of " & calendar.Items.Count & " Meetings Updated"

End Sub

     

  • Enabling ActiveSync for a Security Group using Powershell

    $users = Get-ADGroupMember "AD Group with Users to be Enabled for ActiveSync"
foreach ($line in $users) {
    $user = $line.samaccountname
    Set-CASMailbox $user -ActiveSyncEnabled:$true
    Get-CASMailbox $user | Select-Object Name, ActiveSyncEnabled
}

     

  • Disabling ActiveSync for a Group of Users using Powershell

    I have tested this only in a Hybrid environment.

    • Create a Universal AD Security Group called O365_Disabled_ActiveSync_Users.
    • Add all the members to it.
    • Make sure it has an email address that registers in Office365.

    Connect to Office365 via Powershell ISE:

    Import-Module MSOnline
$O365Cred = Get-Credential
$O365Session = New-PSSession –ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential $O365Cred -Authentication Basic -AllowRedirection
Import-PSSession $O365Session
Connect-MsolService –Credential $O365Cred

    Copy the following code in a file called DisableActiveSync.ps1 and run in powershell. Add the users in the group will have ActiveSync now disabled.

    #Disable ActiveSync for a group of Users
 
# Assign all members of the DG to the dynamic array
$allMembers = Get-DistributionGroupMember -Identity 'O365_Disabled_ActiveSync_Users'
 
 
# Loop through the array
foreach ($member in $allMembers) {
 
       # Disable ActiveSync for each member of the array
       $member | Set-CASMailbox –ActiveSyncEnabled $false
      
       # Remove the # sign in front of the Get-CASMailbox statement for status information
       Get-CASMailbox $member.Name | Select-Object Name, ActiveSyncEnabled
}