Monday, April 10, 2017

Searching For Email Groups Without Members

This is quick one for a reference, searching for AD groups with present email address, but without members using LDAP filter and powershell:
 Get-ADObject -LDAPFilter "(&(objectcategory=group)(!(member=*))(mail=*))" 

Same LDAP filter can be used with Active Directory Users and Computers:

Happy hunting :) 

Friday, April 7, 2017

Exchange 2007 support will end next week

Just in case you've missed the date, Microsoft will end support for Microsoft Exchange 2007 next week. On April 11,2017, Microsoft Exchange 2007 will reach end of life.
This means that Microsoft will no longer provide for Exchange 2007:
  • Free or paid assisted support (including custom support agreements)
  • Bug fixes for issues that are discovered and that may impact the stability and usability of the server
  • Security fixes for vulnerabilities that are discovered and that may make the server vulnerable to security breaches
  • Time zone updates
For more info checkout the Microsoft Exchange Team Blog
For more info about lifecycle policy checkout the official article on .
And for searching the lifecycle product database use the following link .

Tuesday, March 28, 2017

VM saved state during backup from Hyper V host

In this case, Windows Server 2008 R2 was P2V (physical to virtual) converted, and hosted on Windows Server 2012 Hyper V cluster. This VM was having several vhds attached, and latest integration services available from Hyper V cluster were successfully installed and running.VMs running on this Hyper V cluster were backed up from Hyper V hosts. During the backup schedule this "new" VM, was the only one that was going into saved state during the backup, and services hosted on this VM were unavailable for several minutes. Backup of the VMs is VSS based, and there were no VSS errors.
In this situation, I've checked the backup solution documentation and found that this behavior of saving the state of the VMs is under jurisdiction of Hyper V, and not under control of the backup software.
So,  I've started digging the Hyper V logs and found something interesting: during the backup cycles there was warning event 4098 logged into Hyper V Integration event log:

 This event was logged for the VM that was going into saved state during backup. So, I've checked the VM's scheduled volume shadow copies, and found that shadow copies for volumes were stored on separated disk only for storing shadow copies.
After changing the scheduled volume shadow copies to be stored on same disk as data, the VM was successfully live backed up from the Hyper V host without saving state and without losing the VM's offered services during the backup.

Friday, February 24, 2017


It was announced that SHA1 have been broken in practice. On following post, you can learn how dangerous is becoming to still use this cryptographic hash function. Basically, now it's possible to have or create two different documents with same hash SHA1 signature.
For example: on there are two pdf documents (shattered-1.pdf, shattered-2.pdf) with different contents but with same SHA1 hash ! If you don't believe the, you can download the example pdfs locally and generate the SHA1 hash, for example using powershell and
Get-FileHash cmdlet:

If you don't believe your eyes, try it yourself :)

And finally as a simple conclusion, with this publicly available example in mind, I think it would be the best for your data, to start making plans for replacing SHA1 with SHA2 algorithm ASAP.

Wednesday, February 8, 2017

Missing rule in Outlook

In this case, scheduled meetings to a user were mysteriously forwarded to a group of users. Helpdesk engineers have removed all the rules that could be seen for that user mailbox, and again all scheduled meetings for that user were again forwarded to this particular group of users. Helpdesk team escalated this user issue to Exchange admins in order to do same tracking. And from Exchange tracking logs can be seen that scheduled meetings were forwarded by mailbox rule ?!?!? :

But, where is that rule ? Get-InboxRule for this user mailbox returned nothing, because helpdesk engineers have removed all the rules, and still there is a rule in this user mailbox that is forwarding the scheduled meetings. So, obviously there is a rule corruption for this user mailbox, and MFCMAPI is your friend. Latest version of this tool can be downloaded from codeplex .

Please follow this article , to learn how to delete corrupted rules with this very powerful tool.

After deleting this corrupted rule from the user mailbox, no other scheduled meetings were forwarded from this user to the particular group of users.

And again, please be very careful when using MFCMAPI in order to avoid corruption.

Monday, October 31, 2016

The User Profile Service Failed The Logon

In this case, there was a Windows 8.1 workstation with corrupted Default profile. All domain users with or without previously created profile on that machine were unable to logon with following error message:
"The User Profile Service failed the logon. User profile cannot be loaded."
I've logged on to the workstation with local admin account, and opened the Application Event Log, a warning event with id 1509 was logged, from source Microsoft-Windows-User Profiles General with following description:
Windows cannot copy file \\?\C:\Users\Default\AppData\Local\Microsoft\Windows\WER to location \\?\C:\Users\TEMP\AppData\Local\Microsoft\Windows\WER. This error may be caused by network problems or insufficient security rights.

In order to resolve the issue, I've forced permission propagation to all child objects on C:\users\Default:

After successful permission replacement on all child object of C:\Users\Default, domain users were able to successfully log on to the workstation, again.

Wednesday, October 26, 2016

Error message when adding MPIO Devices

In this case, Window Server 2012 Hyper V failover cluster LUNs were scheduled for storage migration from different vendors. Hyper V hosts were using fiber channel for accessing the SAN LUNs. These Hyper V hosts were using PowerPath as their multipathing software. This software was not recommended for use with the new SAN provider. So, after successful VM storage migration, PowerPath had to be removed, and Hyper V server hosts had to be configured with native MPIO.
After successful uninstallation of  PowerPath, I've tried to add MPIO devices using native MPIO tool, but there was error message "The system cannot find the file specified":

Similar error was prompt, when using the new powershell cmdlet for adding MPIO devices

So, currently Hyper V server hosts were using single path for accessing the SAN LUNs, and obviously something went wrong with "successful" uninstallation of Powerpath. In order to create redundancy for SAN LUN access, I've reinstalled the MPIO feature on all Hyper v hosts.
After successful reinstallation of MPIO feature, I was able to add MPIO devices using native MPIO tool and enabled multiple paths for accessing SAN LUNs from Hyper V server hosts.