Delete dead DC from domain

March 1, 2018 by

OK so this post is going to be unusual for me cos I’m just going to post some links for now cos lots of other people have created nice guides.  It’s just a matter of trying to find them!

First one for us lazy folks… the GUI option;

Second is more traditional NTDSUTIL;

Third, everyone else;

More as I find them… I might even make a guide myself but right now I don’t have the time.


Windows Server 2016 Security Tab on OU’s

February 28, 2018 by

Why oh why Microsoft? By default, they decided to HIDE the security tab on Organizational Units. Sigh.

So in order to unhide (even though you’re a domain admin) you need to do the following;

  • Open Active Directory Users and Computers
  • Click View > Advanced Features.
  • Now, you will see the security tab when you get properties on an OU.

I really don’t know why this “feature” was added but there you have it.

Meraki VPN using AD

February 27, 2018 by

Key points;

  • Using Meraki VPN and want to use Active Directory.
  • Verified that it works with Meraki authentication.
  • Doesn’t work with Active Directory.

We had this issue with a client that had used an Windows Server 2003 AD server. Worked fine but I forgot how I had set it up and when we got them moved over to a shiny new 2016 server it broke the VPN and sharing.

Here’s the fix on the AD Server;

  • On new server create a self signed certificate.
    • If you don’t know how to do that follows these instructions;
    • Install IIS via Server Manager.
    • Once installed Click on Server Certificates under your IIS Server.
    • Click on Create Self-Signed Certificate.
    • Give it a name (can be anything) and choose Personal.
  • Now that you have a cert you can move to the next step which is Firewall.
  • Create a Firewall rule to open port 3268. This is the Meraki means of communication.

Now on the Meraki;

  • Go to Security Appliance > Client VPN
  • Under Authentication choose Active Directory.
  • Under Short domain, Server IP, “Domain Admin” and Password, fill those in with the relevant info. The Domain admin is the authentication user you’ll need to create to allow the Meraki to verify that the user is allowed.
  • At this point you will want to put the “Domain Admin” (not an actual domain admin! but the VPN authentication user) into a separate OU to wall off these VPN users. Instructions on how to do this will have to wait… I will update.

Should work now 🙂

Outdent (and Indent) in Apple Mail

February 1, 2018 by

An annoyance and Apple is no help with not allowing good text editing tools for Mail.

So if you want to Outdent or Indent you’ll need to know the shortcuts;

  • Outdent
    • Hold Command + [
  • Indent
    • Hold Command + ]

It’s really that simple.

Bitlocker Encryption without TPM

January 18, 2018 by

This happens with older computers that don’t have a built in chip but you can bypass the requirement with a GPEDIT change.

Start > Run > gpedit.msc


  • Local Computer Policy
    • Computer Configuration
      • Administrative Templates
        • Windows Components
          • Bitlocker Drive Encryption
            • Operating System Drives

Double click on the entry Require additional authentication at startup and enable the rule. It will give you some other options in there if you want to fine tune but just enabling this will allow you to start the process of encrypting the whole disk.

Now go back to Control Panel > Bitlocker Drive Encryption (or right click the hard drive) and start the process for the option of Boot password or USB key.

Email folder sharing not working in Office 365?

January 9, 2018 by

So I have had this problem for a while and Microsoft hadn’t been able to figure it out until a Microsoft engineer and I knocked heads together and figured out a work around…

On one of my clients, some users could access a shared email folder and some could not, even though the permissions are exactly the same.

Long story short the fix was to give the “Folder Visible” permission on the root (the sharing users name) to the user that wants to access that folder. Only needs to be “Folder Visible”, nothing else.

Once you have that, then any permissions you have for what is essentially a subfolder of the root, will work!

MS are apparently working on a fix… I won’t hold my breath.

nsurlsessiond uploading data

November 8, 2017 by

I traced this to the Photos App on Mac uploading all photos to an iCloud account.

To go preferences in the Photos app and turned it off.

It’s a shame that Apple don’t have a scheduled option to sync out of business hours for example but it is what it is.

Office 365 emailing invoices

July 6, 2017 by

I had a client that wanted this so I looked into it and found the following;

  • Login as an admin
  • Go to Billing
  • Go to Billing notifications
  • Toggle on or off for emailing ALL admins.

Unfortunately at this time there is no way to select which users will get the notifications. It will email ALL admins regardless of their admin role.

Network problems!

June 30, 2017 by

Had a weird issue where a computer had an IP, DNS was OK, could ping a URL btu could not get a web session nor email. No matter what we tried, everytihng looked OK but still no dice.

Turns out it was a corrupted registry key for TCP/IP! WTH? Anyway here is the fix;

Start –> In run type cmd –> Then “CMD” will be displayed –>
Now enter this command
netsh int ip reset resetlog.txt
Press “Enter”.
Reboot your computer

Credit to Bill for this one…

No pings allow for Windows Server 2016

June 29, 2017 by

Not really sure why this is like this out of the box but Microsoft has decided that even on a domain a new server sold not respond to ping requests.

There are plethora of tools out there that rely upon echo requests to make sure that devices are up and not in the throws of some failure.

The fix is obvious but just in case you’re not sure, search for Firewall or go to Control Panel and then Firewall.

To go Inbound.

Right Click File and Printer Sharing (Echo Request… ICMPv4 or v6) and choose Enable.

That’s it.