Office 365 : sipAddress vs msRTCSIP-PrimaryUserAddress

As we prepare for the migration from on-premises Skype for Business to Skype for Business Online, there are a few important considerations to bear in mind before you take the leap. I will be covering these in a series of posts (hopefully), today I want to share with you a common scenario we will faceContinue reading “Office 365 : sipAddress vs msRTCSIP-PrimaryUserAddress”

Office 365 – Hybrid Modern authentication

  Hybrid modern authentication and prerequisites: https://docs.microsoft.com/en-us/office365/enterprise/hybrid-modern-auth-overview   How to configure Exchange server to use HMA: https://docs.microsoft.com/en-us/office365/enterprise/configure-exchange-server-for-hybrid-modern-authentication      

Event Logging policy settings in Windows Server/Computer

http://blogs.technet.com/b/askds/archive/2008/08/12/event-logging-policy-settings-in-windows-server-2008-and-vista.aspx

Converting .cer to .pem etc…

How to create and deploy a client certificate for MAC: http://blogs.technet.com/b/configmgrteam/archive/2013/04/05/how-to-create-and-deploy-a-client-cert-for-mac-independently-from-configmgr.aspx Transforming .cer to .pem or vice-versa: https://www.sslshopper.com/ssl-converter.html using openssl to convert a certificate format to another format: https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-them Exporting a private key: https://technet.microsoft.com/en-us/library/cc754329.aspx    

Monitoring Event ID with Powershell or SCOM

Using Powershell: http://msexchange.me/2014/06/05/monitoring-event-id-thru-powershell/ http://community.spiceworks.com/topic/282720-powershell-event-log-monitor-email-alert-script-central-monitor https://vijredblog.wordpress.com/2014/03/21/task-scheduler-event-log-trigger-include-event-data-in-mail/ Using SCOM: http://jimmoldenhauer.blogspot.fr/2013/03/scom-2012-how-to-generate-alerts-from.html http://scomandplus.blogspot.fr/2013/02/creating-rules-to-monitor-security-logs.html http://thoughtsonopsmgr.blogspot.fr/2013/11/windows-event-log-monitoring-how-to-get.html http://opsmgradmin.blogspot.fr/2011/05/scom-monitoring-windows-event-logs.html        

Slow boots and slow logons – How to use Xperf,Xbootmgr, Procmon, WPA?

Troubleshooting slow logons: http://blogs.technet.com/b/askds/archive/2009/09/23/so-you-have-a-slow-logon-part-1.aspx http://blogs.technet.com/b/askds/archive/2009/09/24/so-you-have-a-slow-logon-part-2.aspx Logon process: http://fr.slideshare.net/ControlUp/understanding-troubleshooting-the-windows-logon-process Tools for troubleshooting: http://social.technet.microsoft.com/wiki/contents/articles/10128.tools-for-troubleshooting-slow-boots-and-slow-logons-sbsl.aspx http://social.technet.microsoft.com/wiki/contents/articles/10123.troubleshooting-slow-operating-system-boot-times-and-slow-user-logons-sbsl.aspx And powershell: http://blogs.citrix.com/2015/08/05/troubleshooting-slow-logons-via-powershell/ Analyze GPOs load time: http://www.controlup.com/script-library/Analyze-GPO-Extensions-Load-Time/ee682d01-81c4-4495-85a7-4c03c88d7263/   How to use Xperf, Xbootmgr, Procmon, WPA? xperf;xbootmgr;xperfview comes from Windows ADK (Windows performance toolkit sub part). Procmon is a sysinternal tool. http://superuser.com/questions/594625/how-can-i-analyze-performance-issues-before-during-the-logon-process http://blogs.technet.com/b/askpfeplat/archive/2012/06/09/slow-boot-slow-logon-sbsl-a-tool-called-xperf-and-links-you-need-to-read.aspx http://social.technet.microsoft.com/wiki/contents/articles/10128.tools-for-troubleshooting-slow-boots-and-slow-logons-sbsl.aspx Other interesting articles: http://blogs.technet.com/b/askpfeplat/archive/2014/10/27/becoming-an-wpa-xpert-part-11-troubleshooting-long-group-policy-processing.aspx https://www.autoitconsulting.com/site/performance/windows-performance-toolkit-simple-boot-logging/ https://randomascii.wordpress.com/2012/09/04/windows-slowdown-investigated-and-identified/ https://randomascii.wordpress.com/2013/04/20/xperf-basics-recording-a-trace-the-easy-way/  Continue reading “Slow boots and slow logons – How to use Xperf,Xbootmgr, Procmon, WPA?”

Windows Forensics: WinRM – who is connected to your computer?

Finding remote session connected to your computer? who is running a (hidden) remote PowerShell on your machine? Here’s a simple one-liner: Get-WSManInstance -ConnectionURI (‘http://{0}:5985/wsman’ -f $env:computername) -ResourceURI shell -Enumerate It will return anyone connecting via port 5985 to your machine. However, if you’re not running in a domain environment, you first have to enable non-KerberosContinue reading “Windows Forensics: WinRM – who is connected to your computer?”

Advanced XML filtering in the Windows Event Viewer

http://blogs.technet.com/b/askds/archive/2011/09/26/advanced-xml-filtering-in-the-windows-event-viewer.aspx http://blog.oneboredadmin.com/2013/05/filtering-windows-event-log-using-xpath.html        

How to dump events from Windows event logs ?

From event viewer eventvwr (GUI) you can export events in a log file. EventcombMT as well. You can use eventwatchnt, eventsentry (GUI) from http://www.netikus.com How to store events on SQL table: https://blog.netnerds.net/2013/03/importing-windows-forwarded-events-into-sql-server-using-powershell/ How to export forwarded events using get-winevent: cls write-host “Dump Quest ARS Forwarded Events (only the last hour)” $date = Get-Date -Format ddMMyyyyContinue reading “How to dump events from Windows event logs ?”