Office 365 Convert Regular to Shared Mailbox & Setup Mail Forwarding

Is someone left from your office?

Here is the best practice to do with their mailbox.

With Office 365, we can take advantage of keeping inactive users in the cloud without affecting our quota without any license required.

  1. Go to Admin centers -> Exchange
  2. At the Exchange admin center dashboard, go to recipients -> mailboxes
  3. Click on target user’s mailbox, and select Convert to Shared Mailbox
  4. Go back to Office 365 Admin center, go to Users -> Active users -> click on target user’s mailbox, and remove the license.

Set up email forwarding by going back to Exchange admin center, go to mail flow:
On rules, click + sign to create a new rule, name it: Sent to ‘target.user@saputra.ch’, *Apply this rule if… [The recipient is…] Target user’s name, *Do the following… [Redirect the message to…] Destination user’s name. Let ‘Audit this rule with severity level: Not specified’ ticked, and leave the mode for the role to be ‘Enforce’. Click Save to create the forwarding rule.

If you are managing your own Office 365 licenses, you can decrease the license to minimalise the bill:
Go to Office 365 Admin center -> Click on Billing -> Subscriptions

Migrating a Mac Local User to a Network User

I’ve seen several places where a smaller company has been integrated into a large company, or where the number of Macs in the company has grown, and now you want those users to have their machines and login managed under the network directory system, be that Open Directory or Active Directory. The most frequent issue with this is that a user has an existing home directory that they’ve been working with and want to be able to bring this over to the new environment. This is a walk-through of how to make that process as painless as possible.

Note: These instructions are based around a 10.5.x client OS. 10.5 uses plist files for user records, where 10.4 used Netinfo. The same theory applies to 10.4, but the method is different, in that the user must be removed from Netinfo.

We’re going to start this assuming that we have already successfully bound our client machine to the existing directory authentication structure. What you may notice here, is that even though your user account exists on the directory server, you may not be able to login with it’s credentials. This is probably because the shortname of both your local user account and your network user account are the same. The search policy for Directory Services on the client will always look to the local machine for authentication first.

You may need to create a new administrative user at this point as you will need to be logged into the client as some user other than the user that you are planning to migrate. Using this alternate user, use the Terminal to navigate to /var/db/dslocal/nodes/Default/users

macmini:~ admin$ sudo -s
Password:
bash-3.2# cd /var/db/dslocal/nodes/Default/users/

We had to use sudo before this command as the files within the Default node is only viewable by the root user.

From here we’re going to move the plist file for the user we want to migrate. I’m only moving, rather than removing to preserve the file in case I want to go back to the local user for any reason. Once you’ve tested a successful login at the end of this process you can delete the file we’re moving into /Users/Shared/.

mv andy.plist /Users/Shared/

You’ll notice if you run an “id” command on the user you just moved the local information will still show up.

bash-3.2# id andy
uid=502(andy) gid=20(staff) groups=20(staff),103(com.apple.sharepoint.group.3),98(_lpadmin),101(com.apple.sharepoint.group.1),102(com.apple.sharepoint.group.2)

We need to restart the DirectoryService process before our change takes affect.

bash-3.2# killall DirectoryService
bash-3.2# id andy
uid=1026(andy) gid=20(staff) groups=20(staff),103(com.apple.sharepoint.group.3),98(_lpadmin),101(com.apple.sharepoint.group.1),81(_appserveradm),1030(all),1027(vpn),102(com.apple.sharepoint.group.2),79(_appserverusr),80(admin)

You’ll notice that the information coming back from the “id” is now from the directory server, and not the local user info, however, if we try to log in at this point the ownership of the files in the home directory will be incorrect. To fix this, we’ll run a recursive chown on the user home directory.

bash-3.2# chown -R andy /Users/andy

Your user is now ready to log in with their directory username and password, and their home directory will remain the same.

3CX SSL certificate has expired

Follow these steps to renew your 3CX SSL certificate (assuming that the PBX in question is SP0 as the last contact with 3CX servers has been made from a 15.5 SP0 – In this case the system must be updated to the latest service pack)

To force the update:

  • If version is lower than v15.5 SP2 skip this step:
    • Starting from v15.5 SP2, go in Settings / Parameters:
    • Set or Add TEMPORARY_SELF_SIGNED_CERTIFICATE_GENERATED and give it value of 1.
  • Linux:
    • Log in via SSH.
    • Type: /usr/lib/3cxpbx/PbxConfigTool -renew-certificates
  •  Windows:
    • Go to Command Prompt.
    • Type: “C:\Program Files\3CX Phone System\Bin\PBXWizard\PbxConfigTool.exe” -renew-certificates
    • Press Enter and the result should look something like this:
    • Restart nginx just to be sure and the certificate should have been renewed (service nginx restart)
I got the instruction above official from 3CX Support Helpdesk.

Prevent Windows from Automatically doing Updates

Don’t like your Windows performs automatically download, install updates and restart by itself?

Click Start and type in: ‘gpedit.msc‘.

Go to: Local Computer Policy -» Computer Configuration -» Administrative Templates -» Windows Components -» Windows Update -» Configure Automatic Updates.

Set from ‘Not Configured’ to: ‘Enabled‘.

Configure automatic updating: ‘2 – Notify for download and notify for install‘.

Click ‘Apply‘ then ‘OK‘.

See screenshot below:

Windows Automatic Update Policy

Enable Verbose Service Startup/Shutdown Messages on Windows

Open up regedit.exe and head to the following key, creating it if the key path isn’t there:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Once you are there, create a new 32-bit DWORD on the right-hand side named VerboseStatus, giving it a value of 1.

Now when you start up or shut down, you’ll see more verbose messages telling you what is taking so long.

I have created lazy way to do it, just copy the code below:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"VerboseStatus"=dword:00000001

Save as .reg file and run as administrator as we need to edit the HKLM.

I have tested this on Windows 7 SP 1, Windows 8, Windows 8.1 and Windows 10 version 1607 (Anniversary Update)

Bare Metal Recovery with LOGICnow MAX Backup

LOGICnow MAX Backup can be used to recover a system from scratch.

Bare metal recovery allows you to recover your system directly to bare hardware (or VM) without a prior OS installation and return to its previous state.

Supported operating systems (as of 2016-10-06):

  • Windows Vista
  • Windows 7
  • Windows 8 / 8.1
  • Windows 10
  • Windows Server 2008 / 2008 R2
  • Windows Server 2012 / 2012 R2

Operating system requirement applies to the source computer and to the computer on which the bootable media is created.

To get started:

  1. Go to MAX Backup Additional Tools page, from the ‘BARE METAL RECOVERY’ section, select either .EXE download (for creating bootable USB drive) or .ISO download (for creating bootable DVD drive)
  2. Install or burn the Bare Metal Recovery tool on your USB drive or DVD drive.
  3. Boot the USB drive / DVD drive you just created (Make sure the BIOS/UEFI settings are intact. If you boot in a mode that isn’t compatible with the firmware used on the source computer, the restore session will fail.)
  4. Configure or confirm network settings using the command line options (use number to perform the task)
  5. Backup Manager wizard will open in a chromium-embedded browser, enter the backup device configuration.
  6. Go to Restore » Bare Metal Recovery » adjust the settings as appropriate.
  7. Choose the data to restore.
  8. Finally, click ‘Restore’ to begin the restore process.

How to Repair a .pst file

This solution will usually also fix any Outlook that having stuck issues while on ‘Loading Profile’ screen
Outlook 2016 Loading Profile
Outlook 2016 Loading Profile
  1. Exit Outlook, and browse to <drive>:\Program Files — or, if you see a Program Files (x86) folder on the same drive, browse to that instead. For example, C:\Program Files or C:\Program Files (x86).For Office 2016 use this path: C:\Program Files\Microsoft Office\root\Office16
  2. In the Search box, type Scanpst.exe.

If the search doesn’t find Scanpst.exe, try searching in the alternative folder mentioned in step 2, above — Program Files or Program Files (x86).

  1. Double-click Scanpst.exe.
  2. In the Enter the name of the file you want to scan box, enter the name of the .pst file you want the tool to check, or click Browse to select the file.
  3. By default, a new log file is created during the scan. Or, you can click Options and choose not to have a log created, or to have the results appended to an existing log file.
  4. Click Start.

If the scan finds errors, you’re prompted to start the repair process to fix them.

The scan creates a backup file during the repair process. To change the default name or location of this backup file, in the Enter name of the backup file box, enter a new name, or click Browse to select the file you want to use.

  1. Click Repair. A copy of the log file is saved to the same folder as the .pst file.
  2. Start Outlook with the profile that contains the Outlook Data File that you repaired.
  3. Switch to the Folder List view in the Folder Pane by pressing Ctrl+6.

In the Folder Pane, you might see a folder named Recovered Personal Folders that contains your default Outlook folders or a Lost and Found folder. Although the repair process might recreate some of the folders, they may be empty. The Lost and Found folder contain any folders and items recovered by the repair tool that Outlook can’t place in their original structure.

You can create an Outlook Data File, and drag the items in the Lost and Found folder into the new data file. After you’ve moved all the items, you can remove the Recovered Personal Folders (.pst) file. This includes the Lost and Found folder.

If you can open the original Outlook Data File, you may be able to recover additional items. The Inbox Repair tool creates a backup file with the same name as the original, but with a .bak extension, and saves it in the same folder. You may be able to recover items from the backup file that the Inbox Repair tool couldn’t recover.

To recover items from the backup (.bak) file, make a copy of it and give the copy a new name with a .pst extension, such as bak.pst. Import the bak.pst file into Outlook, and then use the Import and Export Wizard to import any additional recovered items into the newly created .pst file.

Allows Standard User to Run an Application as Administrator

How to Create a Shortcut that allows a Standard User to Run an Application as Administrator

Want to allow a standard user account to run an application as administrator without a UAC or password prompt? You can easily create a shortcut that uses the runas command with the /savecred switch, which saves the password.

Note that using /savecred could be considered a security hole – a standard user will be able to use the runas /savecred command to run any command as administrator without entering a password. However, it’s still useful for situations where this doesn’t matter much – perhaps you want to allow a child’s standard user account to run a game as Administrator without asking you.

Enabling the Administrator Account

First you’ll need to enable the built-in Administrator account, which is disabled by default.

To do so, search for Command Prompt in the Start menu, right-click the Command Prompt shortcut, and select Run as administrator.

Run the following command in the elevated Command Prompt window that appears:

net user administrator /active:yes

The Administrator user account is now enabled, although it has no password.

To set a password, open the Control Panel, select User Accounts and Family Safety, and select User Accounts. Click the Manage another account link in the User Accounts window.

Select the Administrator account, click Create a password, and create a password for the Administrator account.

Creating the Shortcut

Now we’ll create a new shortcut that launches the application with Administrator privileges.

Right-click the desktop (or elsewhere), point to New, and select Shortcut.

Enter a command based on the following one into the box that appears:

runas /user:ComputerName\Administrator /savecred “C:\Path\To\Program.exe

Replace ComputerName with the name of your computer and C:\Path\To\Program.exe with the full path of the program you want to run. For example, if your computer’s name was Laptop and you wanted to run CCleaner, you’d enter the following path:

runas /user:Laptop\Administrator /savecred “C:\Program Files\CCleaner\CCleaner.exe”

Enter a name for the shortcut.

To select an icon for your new shortcut, right-click it and select Properties.

Click the Change Icon button in the Properties window.

Select an icon for your shortcut. For example, you can browser to CCleaner.exe and choose an icon associated with it. If you’re using an other program, browse to its .exe file and select your preferred icon.

The first time you double-click your shortcut, you’ll be prompted to enter the Administrator account’s password, which you created earlier.

This password will be saved – the next time you double-click the shortcut, the application will launch as Administrator without asking you for a password.


As we mentioned above, the standard user account now has the ability to run any application as Administrator without entering a password (using the runas /savecred command to launch any .exe file), so bear that in mind.

The Administrator password is saved in the Windows Credential Manager – if you want to remove the saved password, you can do it from there.

Run the UniFi controller as a Windows service

Readers will learn how to run the UniFi controller software as a Windows service.

Windows services are often useful since they are “background” applications which don’t require any attention on the part of the end-user. In this way, the service will launch upon startup, without any intervention on the part of the user.

The steps to enable this service are outlined below:

Steps


  1. Close any instances of the UniFi software on the controller
  2. Open the command prompt as an Administrator
  3. Locate the java installation directory.
    Java 7 is usually found at “C:\Program Files\Java\jre7\bin”;
    Java 8 has a symbolic link, which is already added to PATH, so you should be able to skip step 4.
  4. Add the dir above to the PATH (as seen under Computer->Properties->Advanced system settings)
  5. Run Command Prompt as an Administrator, then change directory to the location of UniFi in your computer, using the command “cd”
  6. Andy’s tips: if you are following the default installation location, you can use this one line: “cd “%userprofile%\Ubiquiti UniFi”
  7. Type “java -jar lib\ace.jar installsvc

If you are using Windows x64 please install both the x86 AND the x64 version of Java otherwise the service will not properly start. Make sure to define both x86 and x64 paths in environmental variables too. See THIS page for download details.

When upgrading the service first run “java -jar lib\ace.jar uninstallsvc” (may vary depending on where you run command from) to remove the old the service. Update the UniFI controller. After the update is complete, run “java -jar lib\ace.jar installsvc” to install the service for the updated controller instance.

If you simply stop the service, then start the service you will have duplicate services running. 

Video tutorial

Source: https://help.ubnt.com/hc/en-us/articles/205144550-UniFi-Run-the-controller-as-a-Windows-service

Manual Delta & Full Sync between AD & Office 365

How to do manual synchronise between Active Directory DIRSYNC and Office 365 using PowerShell?

Open up Windows PowerShell, and then invoke the following command:

FinishedPS C:\Program Files\Microsoft Azure AD Sync\Bin> .\DirectorySyncClientCmd.exe delta
saputra.local

Initializing
Importing………………
Synchronizing from all Sources.
Synchronizing from Target.
Exporting to Target………………..
Exporting to all Sources
FinishedPS C:\Program Files\Microsoft Azure AD Sync\Bin> .\DirectorySyncClientCmd.exe initial
saputra.local

Initializing
Importing…….
Synchronizing from all Sources
Synchronizing from Target.
Exporting to Target………………….
Exporting to all Sources
FinishedPS C:\Program Files\Microsoft Azure AD Sync\Bin>

‘Delta’ is for delta sync, while ‘Initial’ will do full synchronisation.