delegate control wizard:
create a custom task to delegate
active directory object type – only the following objects in the folder: user objects
permissions, clear “general” checkbox, check “property-specific” checkbox
select read lockouttime and write lockouttime
complete wizard
active directory: delegate unlock account rights
adfs 3.0 customization
logo = Set-AdfsWebTheme -TargetName custom -Logo @{path=”c:\theme\script\logo.png”}
illustration = Set-AdfsWebTheme -TargetName custom -Illustration @{path=”c:\theme\illustration\illustration.png”}
sign-in page description = Set-AdfsGlobalWebContent -SignInPageDescriptionText “HTML”
onload.js = Set-AdfsWebTheme -TargetName custom -AdditionalFileResource @{Uri=’/adfs/portal/script/onload.js’;path=”c:\theme\script\onload.js”}
auto-append @mydomain.com or prepend mydomain\:
i used the following code as a great starting point
https://social.msdn.microsoft.com/Forums/vstudio/en-US/bfde6a72-a522-4d12-907d-3f96577ab3a0/windows-server-2012-r2-adfs-proxy-error-enter-your-user-id-in-the-format-domainuser?forum=Geneva
and
i ended up altering this portion:
var lowerUserName = userName.value.toLowerCase();
//If underscore is not present then prepend mydomain\
if(userName.value.indexOf(‘_’) == -1)
{
userName.value = ‘mydomain\\’ + userName.value;
}
//If underscore is present and @mydomain.com is then append @mydomain.com
if(userName.value.indexOf(‘_’) != -1)
{
var li = lowerUserName.lastIndexOf(‘@mydomain.com’);
if (li == -1)
{
userName.value = userName.value + ‘@mydomain.com’;
}
}
return true;
}
also chrome’s built-in javascript console is very helpful for debugging
changing placeholder text:
https://jasonomar.wordpress.com/2014/05/16/customizing-the-placeholder-on-the-adfs-3-0-login-page/
https://social.msdn.microsoft.com/Forums/vstudio/en-US/2879e51a-5db2-4fad-a2b4-f9ce67f4c021/adfs-30-the-placeholder-text-change-seems-not-working-for-ie89?forum=Geneva
equallogic FS7600: KB3002657 & KB3068457 problems
i recently installed windows updates on a domain controller in late march 2015. the updates included KB3002657 which apparently has been causing problems with a lot of NAS devices. the issue we experienced was users getting asked for credentials when trying to access the FS7600 CIFS shares (even though they already had an active kerberos session). when a user entered their AD credentials the credentials would be rejected. the problem was intermittent since only one DC had the updates applied.
klist
setspn -l [dns name]
the above did not list the fs7600, even though it should have
setspn -l fs7600 (assuming “fs7600” is the computer account name)
this returned info…
we then did the following to resolve the issue:
setspn -S HOST/[hostname] fs7600
setspn -S HOST/[FQDN] fs7600
setspn -S nfs/[hostname] fs7600
setspn -S nfs/[FQDN] fs7600
klist
info: http://support.microsoft.com/en-us/kb/3002657
also to reboot the fs7600 controllers w/ firmware 3.x:
SSH in
native-FluidFS-CLI
CLI/hardware/NAS-appliances/reboot-controller
update 7/24/2015:
update KB3068457 also creates this issue which affects mac users trying to access NAS shares.
https://support.microsoft.com/en-us/kb/3068457
ms sql: change computer name
problem: after successfully renaming a computer that is running sql server, the sql server instance still lists the old computer name. this is especially problematic for logins that are defined as OLD-COMPUTER-NAME\username.
solution:
sp_dropserver [old computer name];
GO
sp_addserver [new computer name], local;
GO
then restart the SQL service or reboot the computer
i also removed the security login with the old computer name listed and then readded it so that it was now listed as NEW-COMPUTER-NAME\username.
source:
https://msdn.microsoft.com/en-us/library/ms143799.aspx
uccx: agent/supervisor desktop agent logs blank
problem: from within one of the uccx desktop apps the logs – “agent logs – state” and “agent logs – call” show as blank. also the desktop app may report “partial service”.
solution: from uccx serviceability restart the cisco desktop recording and statistics service (this is not disruptive)
gabriel knight 1 (pc)
i had this game in 1993 and played it all the way through then (w/ the help of a hint book). i recently replayed the game by doing everything i could think of each day and then using a walkthru to see if i missed anything. i wish i had not done this because it prevented me from experiencing the game naturally. i should have just bumbled along on my own and then referenced a walkthru when i got stuck. regardless, i can’t see anyone beating this game without some kind of outside help. i’d say that about 85% of the game’s puzzles are solvable if you’re perceptive and paying attention. however, the remaining 15% i consider to be very difficult because they make you feel like how would i ever know that i needed to do that? maybe they’re there to help sell hint books.
i finished with 336 out of 342. i probably missed a few minor things. i remember when i was younger that i had a lot of trouble with the africa segment. this time i didn’t so much because i vaguely remembered what to do. i don’t think anyone will get through that segment without dying a few times even with a walkthru.
i really love this game. based on nostalgia alone i’d rate it 5/5 but that aside i would realistically rate it 4.5/5. the set up of a struggling author playing detective seems really cliche but that doesn’t really detract from the overall great story. voodoo topic…research, forboding, etc.
score breakdown: http://www.the-spoiler.com/ADVENTURE/Sierra/gabriel.knight.5.html
exchange 2013: hybrid configuration wizard
pre-reqs:
SSL certs on exchange servers
email domain “mycompany.com” added to office365 tenant and on-prem exchange’s accepted domains
error: “subtask checkprereqs execution failed” after running the wizard.
cause: on-prem exchange does not meet the min. update level for the office 365 tenant. in our case it was CU6.
source: http://support.microsoft.com/kb/2988229
majesty 1 (pc)
i’ve always liked majesty. i played it a lot when it originally came out in 2000. i recall finishing the game back then with the use of cheats. i remember having trouble on 4 or so levels. i’m playing it again now since the HD version was recently released on GOG.
i wish there were more games with this type of game play. it reminds me of a game named stronghold that was put out by SSI years ago (i do not mean stronghold by firefly studios). the game’s difficulty is based on how quickly enemies attack you. in some levels you have to prepare extremely quickly for an onslaught. i always try to get a marketplace with healing potions, two guardhouses, and a warriors guild up as soon as possible. my preference is to use healers and paladins so i pretty much always choose the temples of dauros and agrela. the krytpa priestesses are a must when dealing with lots of dragons (need like 8 of them).
i used to have trouble on the gaining gold in a certain amount of time levels. that’s because i thought i had to earn the gold naturally and i never tried using the gambling house. it’s very easy to get tons of gold at the gambling house. the hero AI at times can be frustrating. sometimes a high level hero will take on nearly impossible odds and either run out of healing potions or choose not to use them. the hero then decides not to run away when their health is low and you end up losing a powerful hero (unless you have resurrection capabilities).
this time around i only cheated on the final level in the southern lands – the day of reckoning. i only used the free gold cheat “fill this bag”. after playing this level 3 times without cheating i felt that it was impossible. but now that i know the flow of the level i can say it’s probably beatable. it’s really important to get wizard towers and guard houses up to handle the spider hordes. after that your success relies completely on how much gold you have and keeping the temple of krolm safe. using the rage of krolm several times during this level is a must.
nslookup command + other dns info
windows nslookup
nslookup -d2 mydomain.com returns extensive DNS info
running in interactive mode:
nslookup
server [DNS server IP]
set type=a (or mx, ns, cname, soa, srv, ptr)
great site for dns health check: http://www.intodns.com
note: NS records should match domain registrar NS records
in windows DNS the command dnscmd /statistics will return useful statistics such as total queries received
ping command
windows ping
C:\WINDOWS\system32>ping 192.168.1.10
Pinging 192.168.1.10 with 32 bytes of data:
Reply from 192.168.1.10: bytes=32 time=2ms TTL=64
Reply from 192.168.1.10: bytes=32 time=6ms TTL=64
Reply from 192.168.1.10: bytes=32 time=2ms TTL=64
Reply from 192.168.1.10: bytes=32 time=2ms TTL=64
Ping statistics for 192.168.1.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 6ms, Average = 3ms
determining max packet size:
ping -f -l 1500 [host]
-f = do not fragment
-l [size] = size of packet
if the response is “Packet needs to be fragmented but DF set” then the packet size is too large for the destination
source: http://www-01.ibm.com/support/docview.wss?uid=swg21086718
display hops/router IP addresses:
ping -i 3 [host]
-i [TTL] = specify TTL value
-n [#] = specify number of ping requests
the various hops can be displayed by manipulating the TTL value
however, it is simpler to retrieve this info from tracert/traceroute
ping loop:
ping -t [host]