Office 365 : sipAddress vs msRTCSIP-PrimaryUserAddress

As we prepare for the migration from on-premises Skype for Business to Skype for Business Online, there are a few important considerations to bear in mind before you take the leap. I will be covering these in a series of posts (hopefully), today I want to share with you a common scenario we will faceContinue reading “Office 365 : sipAddress vs msRTCSIP-PrimaryUserAddress”

Office 365 – Hybrid Modern authentication

  Hybrid modern authentication and prerequisites:   How to configure Exchange server to use HMA:      

Event Logging policy settings in Windows Server/Computer

Converting .cer to .pem etc…

How to create and deploy a client certificate for MAC: Transforming .cer to .pem or vice-versa: using openssl to convert a certificate format to another format: Exporting a private key:    

Monitoring Event ID with Powershell or SCOM

Using Powershell: Using SCOM:        

Slow boots and slow logons – How to use Xperf,Xbootmgr, Procmon, WPA?

Troubleshooting slow logons: Logon process: Tools for troubleshooting: And powershell: Analyze GPOs load time:   How to use Xperf, Xbootmgr, Procmon, WPA? xperf;xbootmgr;xperfview comes from Windows ADK (Windows performance toolkit sub part). Procmon is a sysinternal tool. Other interesting articles:  Continue reading “Slow boots and slow logons – How to use Xperf,Xbootmgr, Procmon, WPA?”

Windows Forensics: WinRM – who is connected to your computer?

Finding remote session connected to your computer? who is running a (hidden) remote PowerShell on your machine? Here’s a simple one-liner: Get-WSManInstance -ConnectionURI (‘http://{0}:5985/wsman’ -f $env:computername) -ResourceURI shell -Enumerate It will return anyone connecting via port 5985 to your machine. However, if you’re not running in a domain environment, you first have to enable non-KerberosContinue reading “Windows Forensics: WinRM – who is connected to your computer?”

Advanced XML filtering in the Windows Event Viewer        

How to dump events from Windows event logs ?

From event viewer eventvwr (GUI) you can export events in a log file. EventcombMT as well. You can use eventwatchnt, eventsentry (GUI) from How to store events on SQL table: How to export forwarded events using get-winevent: cls write-host “Dump Quest ARS Forwarded Events (only the last hour)” $date = Get-Date -Format ddMMyyyyContinue reading “How to dump events from Windows event logs ?”