Diagnostic information for administrators: #550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found

Or, Diagnostic information for administrators: #550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##

NDR Error: Delivery has failed to these recipients or distribution lists

The recipient's e-mail address was not found in the recipient's e-mail system. Microsoft Exchange will not try to redeliver this message for you. Please check the e-mail address and try resending this message, or provide the following diagnostic text to your system administrator.

Possible Reason 1: - The user does not exist

Resolution: - Please check if the user email ID your typing is correct or not. Generally, this happens, if the user mailbox has been deleted or you are typing a wrong email ID

Possible Reason 2: - The user which have been deleted from your AD/Exchange, may still exist/added in some Transport Rules.

Resolution: - Please check all your Transport rules and delete the user email address from any transport rules that you have created under EMC > Organization Configuration > Hub Transport> Transport Rule

Cheers, please write me back if you have any query or feedback on this.

How to bypass clutter for all users in O365?

Or, Disabling clutter for all users in O365

Or, Creating ‘Bypass Clutter’ transport rule in MS O365

Descriptions: If you are looking for disabling clutter function for all currently active mailboxes in your O365 domain just for one time, you can disable clutter by following the KB http://www.techiessphere.com/2016/06/command-to-disable-clutter-for-single.html

But, If you want this clutter function to be bypassed for all current as well as upcoming users, you should create a transport rule for this.

Solution/Steps: Creating ‘Bypass Clutter’ transport rule in MS O365

Login to O365 Admin Portal > Go to Mail Flow > Create a New Trasport Rule as per the reference details are given in below screenshot

IMP Notes:

1. Set the message header 'X-MS-Exchange-Organization-BypassClutter' to the value 'true'

2. You may or may not need an exception in this rule, so you can skip that option if not required

Cheers, Please write me back if you have any query or feedback...

Deleting a single email from all mailboxes in GSuite using GAM tool

Or, How to delete a single email using GAM tool in GSuite?

Or, Delete a single email from all mailboxes in GSuite

Or, Email sent by mistake to all users, want to delete the specific email from everyone’s mailboxes

Descriptions: This is a very common scenario where someone in your organization sent an email by mistake to a ‘Distribution List’ which may contain 100-1000 or even more users. Now the role of administrator starts here.

The requirement here is to delete this particular email from every user’s mailbox without letting them know about this or without their intervention.

Take it easy, you can use below GAM command to get it done.

Prerequisite: You should have the Message ID of the email that you want to delete

Steps:

Open GAM CMD with administrative privilege, and Run below command to delete the specific email

gam all users delete messages query rfc822msgid:<Message_ID> doit

Example:-

gam all users delete messages query rfc822msgid:CAhshdghs79jo_J6XZimV_tywxjhshgQh2cZV-mQ@mail.gmail.com doit

Result:

-----------------------------------------------------------------------------------------------------------------------

Got 1 messages for user tsadmin@techiessphere.com

delete 1 messages

Got 0 messages for user tsuser@techiessphere.com

would try to delete 0 messages for user tsuser@techiessphere.com (max 1)

----------------------------------------------------------------------------------------------------------------------

Here in the above result section, you can see that the email was deleted from one affected user where it was found matched, and the command skipped the second user where there was no matched content/email found.

Cheers, please write me back if you have any query or feedback on this.

How to check computer’s Group Name in WSUS?

Or, In WSUS instead of going to each computer groups, is there a way to search a computer and see in which computer group its part of?

Descriptions: Yes, you can check it by reviewing the membership information of the machine you are referring to.

Steps:

Search the computer > Right Click on the computer name > Click on Change Membership

See the check mark appearing in front of the group name, this is the Group from which the searched computer belongs to.

If the Checkmark is appearing on two or more Groups, means this machine belongs to multiple groups.

Hope it Helps...

Cheers, please write me back if you have any query or feedback on this.

How to perform Metadata cleanup of decommissioned Active Directory server?

Or, Metadata cleanup of deleted domian controller server

Or, Metadata cleanup of force-decomissioned domain controller server

Descriptions: If you are looking for the step by step help to clean up Active Directory Metadata after force decommissioning your ADC server, this article is for you. Friends, it's always better to decommission ADC server gently and by fixing all issues popping up while performing decommission, but sometimes you end up with taking quick decision to go ahead and force decommission the non-production or outdated ADC server.

Scenario: I have recently force-decommissioned my ADC server because it was failing for unknown multiple reasons while performing normal decommission from server manager console.

Environment Details

Server OS: Windows Server 2012 and Windows Server 2012 R2

Server Role: ADC

Status of AD Role: Removed using server manager console

Deleted AD Server Name: DELETEDADSRV01

Live AD Server Name: LIVEADSRV01

Precautions

1. Do not delete computer object, containers, or site and service entries manually

2. Make sure you have basic knowledge of CMD interface and understanding of reading the selection appearing while executing the commands for metadata cleanup

3. Make sure you have enough privileged account to perform metadata cleanup (preferably Enterprise Admin or Domain Admin)

4. Remove the check mark from ‘Protect Object From Accidental Deletion’ on the Deleted AD Computer Object, NTDS Settings, and relevant site’s containers

Steps:

Login to any working available Domain Controller Server > Open CMD (Run as Administrator) > Execute the command in sequence as explained and screenshot given below:

>ntdsutil

>Metadata cleanup

>connections

>connect to server LiveADServer01 (replace ‘LiveADServer’ with your any real live AD server name)

>quit

>select operation target

>list site

>select site 0 (if you have multiple sites, select it carefully, where your deleted AD server exist)

>list domains in site

>select domain 0 (if you have multiple domains, select it carefully, where your deleted AD server exist)

>list servers in site (you would be able to see your deleted AD server name in the list here)

>select server 0 (select your deleted AD server’s number carefully)

>remove selected server

Once you execute the last command ‘Remove Selected Server’, you would be getting a pop-up message like shown below. Read the message carefully and proceed further by clicking on ‘Yes’ only if you agree and sure about the action and result.

Once the deletion process is completed, type quite on the CMD prompt to exist the metadata clean-up interface.

Cheers, Hope it helps you…

If you have any query and feedback, Please write me back.

Can we use DHCP without AD or DNS?

Or, Is there any dependencies of DHCP server on AD or DNS?

DHCP server has no dependencies on DNS or AD servers. It can be used for workgroup environment too.

You should have IP subnets with you to create a DHCP scope...

Cheers…Hope it helps…

Apply Startup script locally on windows machines

Or, How to apply/execute logon script locally for a single user in Windows Machine?

Simply, Go to the start-up folder of the specified user’s profile and past your created script file there. Once the specified user will login next time, the script will be executed.

Go to the below-given folder path:-

C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Past your script file here that you want to be executed at start-up.

Hope it helps, write me back if you have any query or feedback on this.

How to export all groups list in GSuite to a CSV file?

Or, Exporting GSuite Groups Name, and Email address to CSV file

Descriptions: GSuite is not having any feasibility on web GUI to export groups list into a CSV file. To achieve this, you may think of trying GAM tool available GitHub.

If you already have GAM tool installed on your machines, you may try the command given below to export all groups in a CSV file with the name and email addresses.

Steps: Exporting groups list into CSV file

Open CMD and Locate to the directory where GAM tool is installed

Type the command given below and hit enter

gam print groups name > D:\temp\GroupsList.CSV

You can change the destination directory to your own convenient path. In my case it's D:\temp

Cheers, write me back if you have any query or feedback on this.

Windows Patches for Meltdown and Spectre remediation

Or, All you need to know about windows patches for Meltdown and Spectre vulnerabilities

Or, Microsoft Windows Operating Systems Patches for Meltdown and Spectre Vulnerabilities

Descriptions

Microsoft's process for releasing Windows updates addressing Meltdown and Spectre has been a good and well as problematic causing high-profile incompatibility issues with third-party antivirus (AV) software and AMD processors. In some cases, delivery of the latest security update has been restricted or suspended by Microsoft.

Reference MS Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

More details and direct download links to the updates below:  

• Windows 10 Various Versions
• version 1507 — KB4056893 (issued 1/3/18)
• version 1511 — KB4056888 (issued 1/3/18)
• version 1607 — KB4056890 (issued 1/3/18)
• version 1703 — KB4056891 (issued 1/3/18)
• version 1709 — KB4056892 (issued 1/3/18)

• Windows 8 and Windows Server 2012
• Windows 8.1 and Server 2012 R2— KB4056898 (issued 1/3/18)
• No patches available for Windows Server 2012 non-R2 version
• Windows 7 and Windows Server 2008
• Windows 7 SP1 and Server 2008 R2 SP1 — KB4056897 (Security only, issued 1/3/18)
• Windows 7 SP1 and Server 2008 R2 SP1 — KB4056894 (Monthly rollup, issued 1/4/18)
• No patches available for Windows Server 2008 non-R2 version

What they addressed in these fixes

• Spectre variant 1, bounds check bypass (CVE-2017-5753)

• Meltdown, rogue data cache load (CVE-2017-5754)
  
  UPDATE (1/17/18): As readers have pointed out, it appears Windows patches for 32-bit systems (x86-based systems) do not provide Meltdown mitigations.
  Per Microsoft:

The existing 32 bit update packages listed in this advisory fully address CVE-2017-5753 and CVE-2017-5715, but do not provide protections for CVE-2017-5754 at this time. Microsoft is continuing to work with affected chip manufacturers and investigate the best way to provide mitigations for x86 customers, which may be provided in a future update.

What they don't address in these fixes:

• Spectre variant 2, branch target injection (CVE-2017-5715) — firmware updates are required to fully address Spectre variant 2. 

Known issues with AV agents (also explained in MS Advisory):

• AV compatibility issues: During tests, Microsoft discovered that a compatibility issue with "a small number of antivirus software products" was causing system crashes. As a result, the company has made delivery of the Windows security updates linked to above contingent on the presence of a special registry key, which it has instructed all AV vendors to add to customer devices only after they've confirmed their products are compatible.
  
  This deserves reiterating — Microsoft will not deliver the Windows update unless the following registry key exists (more details here):

Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" Value="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD”

Data="0x00000000”

This has created a lot of confusion, especially since the response from AV vendors has varied, with some setting the registry key for their customers and others recommending users set it, themselves, manually. The situation only gets more complicated considering many organizations have more than one AV solution installed. 

Update: Microsoft has clarified that Windows Defender Antivirus, System Center Endpoint Protection, and Microsoft Security Essentials are compatible with the update and do set the required registry key.

That means as long as you have one of these built-in Microsoft protections enabled the registry key should be set automatically — no further, manual action should be necessary. 

Be careful: If you are using third party software that Microsoft offically recognizes as AV, it is important to note that, by default, Windows Defender and Microsoft Security Essentials will turn themselves off. That means the registry key won't be added unless you or your AV actively do it. 

It’s better approach that, you first reach out to your AV vendor and ask for AV update/upgrade patches which ensures the compatibility with these MS updates. After installing AV patches, you should proceed with windows patches installation for smooth deployment. This means not that, you can’t update windows patches without updating AV.

Some Additional References:

ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

Question: I have an AMD-based device and compatible antivirus software, but I am not getting the January 2018 Windows Security Update. Why is that?

Answer: Microsoft has received reports that some devices using certain AMD processors can enter an unbootable state after installing the January Windows security updates. To prevent this, Microsoft has temporarily suspended automatically sending the following Windows security updates to devices with affected AMD processors:

·         KB4056892

·         KB4056891

·         KB4056890

·         KB4056888

·         KB4056893

·         KB4056898

·         KB4056897

·         KB4056894

·         KB4056895

Microsoft is working with AMD to resolve this issue and to resume offering Windows security updates to the affected AMD devices via Windows Update and WSUS as soon as possible. For AMD device-specific information please contact AMD.

Server Operating Systems (Affected Table):

https://support.microsoft.com/en-in/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution

Operating system version	Update KB
Windows Server, version 1709 (Server Core Inst..)	4056892
Windows Server 2016	4056890
Windows Server 2012 R2	4056898
Windows Server 2012	Not available
Windows Server 2008 R2	4056897
Windows Server 2008	Not available

Windows Client:

https://support.microsoft.com/en-in/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

AV Agent Relational Advisory by MS:

https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software

Unbootable state for AMD devices in Windows 8.1 and Windows Server 2012 R2

https://support.microsoft.com/en-us/help/4073576/unbootable-state-for-amd-devices-windows-8-1-windows-server-2012-r2

Reference KBs

https://www.catalog.update.microsoft.com/Search.aspx?q=KB4073576

KB4073576 is not applicable for Intel platform

KB4073576 is applicable for Client machines on Windows 8.1 AMD platform

Cheers, Please write me back if you have any feedback or suggestions..

Update multiple user’s profiles in O365 using PowerShell

Or, Updating bulk user’s job title, phone, title, email ID etc... In O365 using PowerShell

Or, How to update user’s profile in O365 using PowerShell with csv import function?

Descriptions: This is one of the very common task that you may be doing on very frequent intervals. Generally when promotions or appraisal are announced in an organization, the Exchange server administrator and AD administrators are requested to update the user’s profiles as per the current designation, extension, department etc...

If you are looking for PowerShell command to update user’s profiles in bulk, you are at the right place and you may refer the steps below.

Steps:

Connect to Microsoft Azure AD > Open Windows PowerShell (Run as Administrator) > Type the command below and hit Enter

Connect-MsolService

Once you have the sign-in pop, please feed in your O365 credentials

Feed in all the info as per your requirement in a CSV file, as reference shown below.

Run below command now and hit Enter

$users = Import-Csv 'D:\temp\UsersInfoUpdate\profileupdate1.csv'

Now run below command to update all the details you have selected

$users | ForEach-Object { Set-MsolUser -UserPrincipalName $_.Email -Title $_.Jobtitle -PhoneNumber $_.OfficePhone -MobilePhone $_.MobilePhone }

Reference screenshot of PowerShell command execution with all commands in sequence:

Cheers, Please write me back if you have any query or feedback on this…

US-CERT Windows ASLR Vulnerability (registry fix)

Or, How to fix Windows ASLR vulnerability on multiple domain computers

Vulnerability Notification Summary

Original release date: November 20, 2017

The CERT Coordination Center (CERT/CC) has released information on a vulnerability in Windows Address Space Layout Randomization (ASLR) that affects Windows 8, Windows 8.1, and Windows 10. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review CERT/CC VU #817544 and apply the necessary workaround until a patch is released.

How to fix this vulnerability?

Open a Notepad > Copy and Paste the contents given below:

----------------------------------------------------------------------------------------------------------------------

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]

"MitigationOptions"=hex:00,01,01,00,00,00,00,00,00,00,00,00,00,00,00,00

--------------------------------------------------------------------------------------------------------------------------------

Save this notepad file as .reg (In my case, I saved this file with name as ASLAR.reg)

To deploy this registry setting on single computer, just double click on this file and Say Yes if prompted.

You can use the same registry key values in GPO to apply it on multiple domain computers.

GPO registry configurations should appear like below:

Cheers, let me know if you have any query of feedback on this..

Export O365 mailboxes with assigned licenses types

Export O365 mailboxes with licenses types assigned

Or, PowerShell command to export O365 user’s mailboxes with license assignment details

Or, Export mailboxes with assigned license details

Descriptions: If you are looking for a simplest way of exporting all users’ mailboxes with license types assigned to them, this article is for you. You can use Azure Active Directory PowerShell command to export the mailboxes with licenses types assigned to them.

Steps:

Login to O365 server using Azure Active Directory PowerShell Administrative privileges.

Connect O365 Azure Active Directory

connect-msolservice

Run below command to get the report:

Get-MSOLUser -All | select userprincipalname,islicensed,{$_.Licenses.AccountSkuId} | export-csv d:\temp\userslicense.csv

You can change the export folder path if you have a different one.

Cheers, please write me back if you have query of feedback on this.

Export O365 mailboxes with last modified date

Or, PowerShell command to export O365 user’s mailboxes with last modified or last updated date

Or, Export mailboxes with last updated/modified date

Descriptions: If you are looking for a simplest way of exporting all users’ mailboxes with last modified or updated date, this article is for you. You can use Azure PowerShell command to export the mailboxes with last modified date.

Steps:

Login to O365 server using PowerShell Administrative privileges, To know how to connect O365 server PowerShell administrative console you may check below article

http://www.techiessphere.com/2016/10/how-to-connect-office365-server.html

Run below command to get the report:

Get-Mailbox | select displayname,whencreated,whenchanged | export-csv d:\temp\userdetails.csv

You can change the export folder path if you have different one.

Cheers, please write me back if you have query of feedback on this.