According to ADMT 3.2: Interforest Migration – Part 3 – TechNet Articles – United States (English) – TechNet Wiki (microsoft.com) you enable Success and Failure for the policy “Audit account management” in Default Domain Controllers Policy.

Now you are trying to migrate users or groups or computers using ADMT console. You get this freaking error:

011-10-25 14:03:23 ERR2:7430 SID History for <account name> cannot be updated because auditing is not enabled on <target domain>.   rc=8536.\n  This operation requires that auditing be enabled for Success and Failure auditing of account management operations.

2011-10-25 14:03:23 WRN1:7392 SIDHistory could not be updated due to a configuration or permissions problem.  The Active Directory Migration Tool will not attempt to migrate the remaining objects.

2011-10-25 14:03:23 Operation Aborted.

You might be wondering you already enabled auditing in the GPO. Why the HELL are you getting this error?

I believe Microsoft meant to enable auditing in Default Domain Controllers Policy under Computer Configuration >>> Polices >>> Windows Settings >>> Security Settings >>> Advanced Audit Policy Configuration >>> Account Management. and Enable all Auditing policies.

Another Advise is to use SAME ACCOUNT for Source and Target domains during ADMT migration wizard. After you created TRUST between domains, make your (or service) account as administrator to the source domain like this:

• add your (or a service account) to a LOCAL security group (I named it ADMT-Admins) in source domain
• Add the Local Security Group (ADMT-Admins) to Administrators built-in group.

I have been asked to prevent sending Out of Office replies from a DL members to the senders. The context of the request is the DL is published externally to the customers. If the customers send email to get help, we don’t want to send Out of Messages back to the customers.

This is super simple to resolve. The DL property named SendOofMessageToOriginatorEnabled needs to be set to False.

Set the property to false like this:

Set-DistributionGroup <DLName> -SendOofMessageToOriginatorEnabled:$false

Hope you like this quick solution. Leave me a comment.

I am extremely disappointed with Microsoft PowerShell Modules for Exchange, Active Directory, Azure and others that the results of (e.g., Get-ADUser, Get-Mailbox) commands are not sorted by properties. At times I was looking for specific property value that I don’t remember top of my head. I listed all available properties and search for the property.

e.g., Get-Mailbox <username> | Format-List

If you see the results of the above command, Property and values display at random order. Searching for a property that you don’t remember becomes unnecessarily harder.

So I figured out how to display the results in sorted by property name. You may pipe your command results to this command.

| Select-Object * | Out-String -Stream | Sort-Object

Use this command like this:

Get-Mailbox <username> | Select-Object * | Out-String -Stream | Sort-Object

Here is what I did. Select-Object * selects all the properties, Out-String -Stream converts the results to string and lastly Sort-Object sorts the string results.

My Life got little better.

I didn’t stop there I created a function and added the function to PowerShell Profile, so it will loaded every time. Here is the function:

function Sort-Results { Param([Parameter(ValueFromPipeline=$true)] $ResultObject) ; $ResultObject | Select-Object * | Out-String -Stream | Sort-Object }

Use this function like this:

Get-Mailbox <username> | Sort-Results

Feel free to use this function. If you like this idea, leave me a comment below.

This blog explains how to search and delete emails using Microsoft 365 Compliance Center and PowerShell add-in.

First you should know that you can search emails on Exchange Online mailboxes and view the search results in Microsoft 365 Compliance center. BUT you cannot delete the emails from search results. You HAVE to use PowerShell delete (purge) the emails.

Requirements:

• Exchange Online Module (for PowerShell)
  • About the Exchange Online PowerShell V2 module | Microsoft Docs
• Permissions in Exchange Online
  • Mailbox Import/Export
  • Mailbox Search
• Permissions in Office 365 Compliance Center
  • eDiscovery Administrator

Here are the Compliance Center PowerShell Commands used for search and delete.

• New-ComplianceSearch
• New-ComplianceSearchAction

Search emails in the Mailboxes

First connect to Exchange Online and then Compliance Center in PowerShell:

Connect-ExchangeOnline

Next connect to Compliance Center: Replace the UserPrincipalName with yours or Admin account.

Connect-IPPSSession -UserPrincipalName username@company.com

Search email using this command.  You need to specify a mailbox and specific keyword in the search command. Keyword will be searched in Subject, Email body and Attachments.  For help on this New-ComplianceSearch, check it here: Keyword Query Language (KQL) syntax reference | Microsoft Docs

New-ComplianceSearch -Name "Test Content Search" -ExchangeLocation mobius@company.com -ContentMatchQuery "Sample Keyword"

Note: ExchangeLocation parameter can be set to “All” to search all mailboxes if need to. You may also specify a “Distribution List’ to search all mailboxes of members.

Note: You may also search and preview the results at Content Search at https://compliance.microsoft.com/.

Preview the Email Search Results

If you are going to delete the emails, you should check the email search results first to validate emails to be deleted. If you don’t see the email you want to see, you may need to re-do the New-ComplianceSearch command with refined conditions.

To preview the search results, we have to use New-ComplianceSearchAction command with -Preview option. There two steps to preview the search results.

Step-1; Create a Search action.

$SearchAction = New-ComplianceSearchAction -SearchName "Test content Search" -Preview

Here we created new compliance search action with the Preview parameter. Note that Search name is taken from previous New-ComplianceSearch command or copy/paste the Search name from Content Seach at https://compliance.microsoft.com. You should replace the SeachName from your own Seach.

Step-2: Preview the Search Results.

I have wrote this function to format the search results in readble form. You shouild store this function in a PoweShell file I saved as PreviewResults.ps1. This function can be passed parameter using piping the Get-ComplianceSearchAction results.

function PreparePreviewResults
{
    Param (
        [Parameter(ValueFromPipeline=$true)]
        $SearchResults
     )
    $SearchResults = $SearchResults.Results.Replace('{','').Replace('}','')
    $data = "Location,Sender,Subject,Type,Size,Received Time,Data Link`n"
    $SearchResults | ForEach-Object { $t=""; $_.Split(';').foreach({ $t += $_.Split(":")[1].Trim() +","  }) ; $data += $t + "`n"  }
    Return ($data | ConvertFrom-Csv)
}

Now dot source this PreviewResults.ps1 file. Replace the path of the PreviewResults.ps1 file in below dot sourcing.

. c:\scripts\PreviewResults.ps1

Now the PreparePreviewResults function in memory, we are going to use this function with this command format. Note that $SeachAction variable has the result object from New-ComplianceSearchAction command in Step-1.

Get-ComplianceSearchAction -Identity $SearchAction.Name | Select-Object Results | ForEach-Object {$_.Results } | PreparePreviewResults | Out-GridView

Delete the Emails

After you validate the emails from the above section, you may delete those email with this simple command. Note that SearchName is same as New-ComplianceSearch command. You should replace the SeachName from your own Seach.

$SearchAction = New-ComplianceSearchAction -SearchName "Test content Search" -Purge -PurgeType HardDelete -Force

Above command will start deleting the emails from the mailbox(es). You can check the status fo the delete operation with this command. Note we used $SearchAction variable used in above command.

Get-ComplianceSearchAction -Identity $SearchAction.Name | Select-Object SearchName,Results,Errors

I hope this is helpful document for you. You may leave a comment of “Thanks” or ask any questions.

If you lost permissions to a GPO, obviously you cannot edit the GPO in Group Policy Management Console (GPMC). You would get this error: This Group Policy object (GPO) is inaccessible because you do not have the read-level permission on it.

Don’t you worry. There is an easy fix as long as you are a domain admin.

• Open ADSIEdit.msc console
• Right click on ADSI Edit and select “Connect to…”. Choose “Default Naming Context” and click OK.

• Expland to ADSI Edit >>> Default Naming Context (domain.com) >>> DC=company,DC=com >>> System >>> Policies

• Find the GUID of the GPO you lost access in Group Policy Management Console. Select the GUID of the Policy under CN=Polices OU.
• Right click on Policy and choose Properties.
• Select Security Tab and Click Advanced Button.
• Take ownership of the policy by changing the owner to yourself (or better to Domain Admins). Close the properites dialog box.
• Right click on the Policy and open Properties again.
• Go to Security Tab. I would suggest to add permissions by copying the default permissions from other policy.
• You may close the ADSI Edit console.

That’s all. After permissioning try accessing the GPO in GPMC.

I see you end up here because local policy editor (GPEdit.msc) is failed to open and you get this error: Failed to open the Group Policy Object on this computer. You might not have the appropriate rights.

This super easy fix might fix the issue. All you have to do is rename (or delete) the folder named Machine at C:\Windows\System32\GroupPolicy.

I would rename the Machine directory to Machine.old. Then try launching gpedit.msc again.

You have downloaded an Excel document with macros from (known/excepted) website. When you open this Excel file, you get this error: BLOCKED CONTENT Macros in this document have been disabled by your enterprise administrator for security reasons.

There is a possibility System Administrator might have created a GPO to block Macros. If not, there is a easy solution to enable macros in Excel files (that is downloaded or received in Email).

Trust (Unblock) the file and open it in Excel again. Find the Excel file in Explorer, right on the file and open Properties. Check the box for Unblock the file and lick OK to save the setting, like this:

Now, open the Excel document and click on Enable Content button. That’s IT. Enjoy.

Other day Zoom Outlook add-in was trying update itself and keep failing with “The Feature You Are Trying to Use in on a Network Resource That is Unavailable”. It keep asking for downloaded setup/MSI file.

Well…I found the solution that works for me; deleting a Freaking Registry Key. Here it is:

• Open Registry Editor
• Go to HKEY_LOCAL_MACHINE >> SOFTWARE >>  Classes >> Installer
• Find the installing software/program name in the hive under Installer key.(e.g., for software find it under Products, for Microsoft update find it under Patches).
• Once you find the GUID for the failed software install, Select it and Freaking Delete IT.

Try installing the software again.

There are plenty of software on the market to find duplicate files. Almost all of them list the duplicates and have you review and delete them ONE by ONE. So I decided to write my own PowerShell script to
* Find the duplicates by file hash
* move the duplicate files to the given location

With a single click, moving the duplicates to a directory was most easy way to deal with duplicates. (I select the files and delete them at once).

Here is the script (example is in the comment section). ENJOY!

<#
  ___                       ___  
 (o o)                     (o o) 
(  V  ) Duplicate Remover (  V  )
--m-m-----------------------m-m--

This script finds the duplicate files by
file hash and MOVE the duplicate files to
a given location. 

You can late review and delete all 
duplicate files from the given location.

Script written by: Anand, the Awesome

Parameters: 
Path : Directory Path of the files where do you want to check the duplicates
DuplicateFileMoveLocation: Directory Path where to move the duplicate files. If this
directory doesn't exist, it will be created.

Example: 
.\DuplicateFinder.ps1 -Path C:\Temp\Myfiles -DuplicateFileLocation C:\Temp\Myfiles\Duplicates

#>
param(
[Parameter(
Mandatory=$True,
ValueFromPipeline=$True,
ValueFromPipelineByPropertyName=$True
)]
[string[]]$Path,
$DuplicateFileMoveLocation = "")


Write-Host "Calculating number of files in $path..." 
$TotalCount = (Get-ChildItem $Path).Count
Write-Host $Path "have " $TotalCount " files."
Write-Host "Started finding the Duplicates..."
# Get all duplicate files
$DuplicatePaths = 
    Get-ChildItem $Path -File | 
    Get-FileHash |
    Group-Object -Property Hash |
    Where-Object -Property Count -gt 1 |
    ForEach-Object {
        Write-Host "Duplicated File: $($_.Group.path)" -ForegroundColor Yellow
        $_.Group.Path | Select-Object -First ($_.Count -1)
    }

Write-Host ($DuplicatePaths.Count) " Duplicate Files found. `n"
Write-Warning ("The Script found the {0} duplicate files out of {1} total. The duplicates will be moved to {2}." -f $DuplicatePaths.Count, $TotalCount,$DuplicateFileMoveLocation)
$answer = Read-Host -Prompt "Do you want to Proceed (Y or N)?"

if ($answer -eq 'y') {
    if ($DuplicateFileMoveLocation -ne "") { 
        # Create the duplicate file move directory if it does not exist.
        if ((Test-Path -Path $DuplicateFileMoveLocation) -eq $false) {New-Item -Path (Split-Path $DuplicateFileMoveLocation -Parent) -Name (Split-Path $DuplicateFileMoveLocation -Leaf) -ItemType "directory" *> $null}
        # Move the duplicates 
        $DuplicatePaths | ForEach-Object { 
            Write-Host "Moving $($_) to $DuplicateFileMoveLocation..." -ForegroundColor Red
            Move-Item -Path $_ -Destination $DuplicateFileMoveLocation 
        } 
    }
}
Write-Host "* * * Completed * * *" 
<#
End of the Script
#>

I see there where plenty of sites/blogs explains how to convert an Office 365 group to a Teams. Super easy to change it using Teams client. I did not see any reference to other way around. If you find this blog, Good for you.

I see few users created “Teams” in Teams client. They wanted to use the Office 365 group mailbox for that Teams. With Client side settings, there is no options to do that at all. As an Exchange Administrator you can do it in PowerShell.

For every “Teams” created in Teams client, you will see an “Unified Group” aka “Office 365 Group” in Exchange. So all we have to do is change is unhide this Office 365 group for Exchange Outlook users. Here is how you do it (Make sure you connect to Exchange Online first) in PowerShell:

# Replace "TeamsName" with your name of the Teams in double quotes
Set-UnifiedGroup -Identity 'TeamsName' -HiddenFromExchangeClientsEnabled:$false -HiddenFromAddressListsEnabled:$false

After you set to False to both properties, The Teams will show up in Outlook under Groups in Mailbox tree if they are members. Give it plenty of time ( 30 mins ) to take effect of this setting change.

Did it help you? leave me a comment.