Based on recommendations and best practices from Microsoft, and information I found here, I compiled a FSMO placement scenario for 2 domain controllers:
| DC1 | DC2 |
| PDC Emulator RID Master Infrastructure Master | Schema Master Domain Naming Master Global Catalog |
Also, if your domain is top-level in the AD forest, configure DC1 to sync with external time sources.
To transfer roles, it is recommended to use Powershell's Move-ADDirectoryServerOperationMasterRole.
Here's a list of direct download links to the latest macOS installers. They are all links to Apple's servers, either direct links to the App Store, or, in case of older versions, links to Apple's CDN.
Direct links to App Store:
Older versions are only available as DMG files from Apple's CDN:
If you ever need to perform connectivity troubleshooting and need to see whether a Dell server's iDRAC can reach a certain IP, you can use the iDRAC diagnostics command function to perform a "ping":
In the past, whenever you needed to reset the machine (computer) account password for a computer joined to an Active Directory domain, you could use netdom.exe to perform the task. While this no longer exists in Windows 10, you can also perform the task through Powershell:
Reset-ComputerMachinePassword -Server dc.domain.local -Credential (Get-Credential)
Replace dc.domain.local with the FQDN of a domain controller, or simply type the domain name (domain.local) to automatically select a domain controller. When running the cmdlet, you will also be prompted to enter the credentials of an account which is delegated to reset the computer account password of this particular machine.
If you are annoyed by the Notification Manager for Adobe Creative Cloud and/or are using VDI and want to get rid of it, use this PS one-liner:
Get-AppxPackage -AllUsers *AdobeNotificationClient* | Remove-AppxPackage -AllUsers
With PowerCLI it is very easy to get a list of provisioned storage for a list of VMs:
Get-VM | Select-Object Name,@{n="ProvisionedGB"; e={(Get-HardDisk -VM $_ | Measure-Object -Sum CapacityGB).Sum}}
You can combine this with other cmdlets to limit the search to a specific folder, datastore, etc...
To get a complete sum of all the VMs, add | Measure-Object -Sum ProvisionedGB at the end.
When configuring a provisioning link (e.g. for 3CX) in DHCP server on a Draytek firewall, and are using certain phones (particular Snom), you may run into the issue where the firewall is complaining about illegal characters when attempting to add the link through the web interface.
The solution is to configure the option through the CLI. Log in using either telnet or SSH (whichever is enabled), and type:
read more
srv dhcp option -e 1 -i 1 -c 66 -v http://192.168.1.10:5000/provisioning/ajehdukzidueh/cfg{mac}
Take particular care to the -i option, which defines the LAN subnet to be used: in this case, 1 references LAN 1 on the Draytek.
You can enforce a password change for Office 365 (Azure AD) users without having to reset the password through Powershell.
For a single user:
Set-MsolUserPassword -UserPrincipalName user@domain.com -ForceChangePasswordOnly $true -ForceChangePassword $true
To force all users to change their password:
Get-MsolUser -All | Set-MsolUserPassword -ForceChangePasswordOnly $true -ForceChangePassword $true
You can also use filters ? {} to limit the password change enforcement to specific groups of users.
Note that it is recommended to also use Revoke-AzureADUserAllRefreshToken to end all current open sessions, and immediately enforcing the user(s) to log in again and change their passwords.
