Outlook removes line breaks, but Why?

When we type beautiful emails with some (apparently) extra lines (line breaks) to make the message more readable sometimes. And when it reaches the user, Outlook removes the extra lines and make the email real ugly. Then Outlook displays this message on top of the message window: We removed extra line breaks from this message.


You can restore the extra lines by clicking on that message and choose Restore line breaks.


To permanently disable Outlook to remove the line breaks, you have to go to Outlook Options in File/Outlook Options, under Mail section.  Scroll down and find Remove extra line breaks in plain text messages option under Message Format section.


Machine generated alternative text:


Exchange: Members can’t remove themselves from security groups. Please set the group to Closed…

It was interesting to see when I was trying to add a member to a “mail enabled” security group in Exchange Admin Center, I get this:


Oh! I was freaking add a member…what the?

Well, we have two options.

One: Add the member using Active Directory Users and Computer console. It is easy, but we are not fixing the under laying issue.  So the option two is necessary.

Two: Make the group closed so members can’t leave themselves (even freaking though nobody is trying to leave the group) so we don’t get above message. Open PowerShell and connect to your Exchange Server and use the following cmdlet to close the group.

Set-DistributionGroup <Group Name or Alias>  -MemberDepartRestriction Closed

Did it help? Leave me a reply.

List all authorized DHCP servers from Active Directory

Here is PowerShell command to list all authorized DHCP servers from Active Directory. Replace the DOMAIN and COM with your domain name in the command below.

Get-ADObject -SearchBase “cn=configuration,dc=DOMAIN,dc=COM” -Filter { ObjectClass -eq ‘dhcpclass’ } | Select-Object Name  | Format-Table –Wrap

I used format-table with wrap option to display full DHCP server name if it is long name.

If you browser the same location (in SearchBase in Get-ADObject cmdlet) in AD Sites and Services (with services option enabled), you will see the DHCP servers. This command list those DHCP servers, that’s all.

How to install unsigned driver (if you have to) in Windows 10?

If you tried to install a unsigned driver in Windows 10, you would hit the wall. There is no settings to allow unsigned drivers like in old Microsoft Operating Systems. This is the guide to show you how to enable unsigned drivers (& risk making Windows 10 unstable).

Follow the stops to enable the Unsigned Drivers in Startup Options:

1. Reboot the computer with these command

SHUTDOWN.exe /R /O /F /T 00

/R is for Reboot

/O is to reboot to options menu

/F is force the reboot

/T is timer – we set to reboot right away


2. After reboot to Options screen, Choose Troubleshoot.

3. In Troubleshoot screen, Choose Advanced Options

Image result for windows 10 troubleshoot screen -8

4. in Advanced Options screen, choose Startup Settings

5. In Startup Settings, Click Restart.

Image result for windows 10 Startup Settings -8

6. After reboot, click 7 or F7 to disable driver signature enforcement.


7. Selecting option results a reboot  one last time.

Now try installing that unsigned drivers.

Active Directory: Why the protected account permissions cannot be changed? what is AdminSDHolder?

If try anyone of the things below on accounts that is member of Domain Admins or Account Operators or any other protected groups, you know it can’t be done.

  • Changing permissions (add/remove/modify perms in security tab of the account properties window)
  • Enabling Permission Inheritance (to activate a ActiveSync account on the Administrator’s device)
  • Low-level admins (Account Operators) try to modify high-level admin accounts (e.g, Domain Admins, Enterprise Admins)

If you do any one of those actions above, it will be reset in 60 minutes automatically. The third action will be denied right away. Why is that? it’s because to protect the protected accounts from hacked. This feature first introduced in Active Directory in Windows 2000 Server. Here is detailed explanation from Microsoft.

Active Directory Domain Services uses AdminSDHolder, protected groups and Security Descriptor propagator (SD propagator or SDPROP for short) to secure privileged users and groups from unintentional modification. This functionality was introduced in the inaugural release of Active Directory in Windows 2000 Server and it’s fairly well known. However, virtually all IT administrators have been negatively impacted by this functionality, and that will to continue unless they fully understand how AdminSDHolder, protected groups and SDPROP work.
Each Active Directory domain has an object called AdminSDHolder, which resides in the System container of the domain. The AdminSDHolder object has a unique Access Control List (ACL), which is used to control the permissions of security principals that are members of built-in privileged Active Directory groups (what I like to call “protected” groups). Every hour, a background process runs on the domain controller that holds the PDC Emulator operations master role. It compares the ACL on all security principals (users, groups and computer accounts) that belong to protected groups against the ACL on the AdminSDHolder object. If the size or the binary string is different, the security descriptor on the object is overwritten by the security descriptor from the AdminSDHolder object..
As you can see, multiple layers of security are incorporated into this functionality. First, the permissions applied to users belonging to protected groups are more stringent than the default permissions applied onto other user accounts. Next, the default behaviour is that inheritance is disabled on these privileged accounts, ensuring that permissions applied at the parent level aren’t inherited by the protected objects, regardless of where they reside. Finally, the background process running every 60 minutes identifies manual modifications to an ACL and overwrites them so that the ACL matches the ACL on the AdminSDHolder object.

For more information check HERE.

How to bulk add SPAM white and black list in Exchange Online Protection?

I hope you have a text files with SPAM white and black lists. If so, it’s all down to run the PowerShell command after connecting to Exchange Online.

If you created custom SPAM filter policy, replace “default” in Identity property with your custom filter policy name in the commands below.

Create different text files for Allowed and Blocked email addresses. Also create different text files for allowed and blocked email domain names.

The first line should be “Recipients” in all the text files.

Add bulk add SPAM White List (email addresses)

Import-Csv “C:\..\AllowedEmails.csv” | foreach {Set-HostedContentFilterPolicy -Identity Default -AllowedSenders @{add=$_.Recipients}} 

Add bulk add SPAM Block List (email addresses)

Import-Csv “C:\..\BlockedEmails.csv” | foreach {Set-HostedContentFilterPolicy -Identity Default –BlockedSenders @{add=$_.Recipients}} 

Add bulk add SPAM White List (email domains)

Import-Csv “C:\..\AllowedDomains.csv” | foreach {Set-HostedContentFilterPolicy -Identity Default –AllowedSenderDomains @{add=$_.Recipients}} 

Add bulk add SPAM Block List (email addresses)

Import-Csv “C:\..\BlockedEmails.csv” | foreach {Set-HostedContentFilterPolicy -Identity Default –BlockedSenderDomains @{add=$_.Recipients}} 

I hope it saved you sometime on your research.  Leave me a reply if it did.

Exchange: How to mail-enable the security group?

Say you have a AD Security Group, you want to convert to a distribution group. (When do we stop calling Distribution List…I always said DL. Now it’s distribution group..whatever!!)

It’s a very easy task. There is only one requirement.

Security group must be a Universal Group.

if it is not a universal group already, go ahead change in Active Directory (Uses and Computers console).

Open Exchange Admin (Power)Shell and type this:

Enable-DistributionGroup -Identity “Your Security Group Name”

That’s it. You are done. To verify open ADUC and check the group type. It should gained a email address and it will show up in Exchange Admin Center in Groups.

If you really really want to od in a GUI instead of PowerShell, follow the instructions below.

1. Open Exchange Admin Center
2. Go to Recipients ==> Groups
3. Click + to add a new group, choose Existing group
4. Select your AD Security Group and follow the wizard.

Enjoy. Smile