killyvehy

Glasshouse Crop 2022

Seeds Sown in rockwool trays in electric propagator on 27th march

I grew these on on my windowsill in large 19 litre aluminium catering trays. Terra Aquatica TriPart plant food: 1 ml/litre each of Grow, Micro and Bloom.

Growing Phase

Planted out in my glasshouse on 24th April. Bucket size is 25 litres and the “soil” is perlite.

1.8 ml/litre of Grow, 1.2 ml/litre of Micro and 0.6 ml/litre of Bloom for the growing phase. The drip system is on a timer and runs 3 times a day: 07:00, 14:00 and 19:00. I also run an air pump for 15 minutes before and during the watering to aerate the water in the tank.

The plants grew like crazy. The cucumbers were showing flowers on the 10 May.
Changed the feed mix to pre flowering: 2 ml/Litre of Grow and Micro, and 1.5 ml/litre of Bloom.

Cucumber flower. Leaf showing damage, I removed it.

First cucumber on 26th May.

Flowering and fruiting phase

Food ratio changed again to 0.8 ml/litre of Grow, 1.6 ml/litre of Micro and 2.4 ml/litre of Bloom.

Watermelon Mini Love 9th June. 5 cm diameter.

Tomatoes (Gardener’s Delight) are on their third truss although none have ripened yet. The Padron peppers are just starting to flower

When was a mailbox created

Get-Mailbox <mail address or alias> | select-object WhenCreatedUTC, Name

Search all GPOs for String

$String = “Whatever you want to find”
$Domain = “contoso.internal”
$NearestDC = (Get-ADDomainController -Discover -NextClosestSite).Name
#Get a list of GPOs from the domain
$GPOs = Get-GPO -All -Domain $Domain -Server $NearestDC | sort DisplayName
#Go through each Object and check its XML against $String
Foreach ($GPO in $GPOs) {
Write-Host “Working on $($GPO.DisplayName)”
#Get Current GPO Report (XML)
$CurrentGPOReport = Get-GPOReport -Guid $GPO.Id -ReportType Xml -Domain $Domain -Server $NearestDC
If ($CurrentGPOReport -match $String) {
Write-Host “A Group Policy matching “”$($String)”” has been found:” -Foregroundcolor Green
Write-Host “- GPO Name: $($GPO.DisplayName)” -Foregroundcolor Green
Write-Host “- GPO Id: $($GPO.Id)” -Foregroundcolor Green
Write-Host “- GPO Status: $($GPO.GpoStatus)” -Foregroundcolor Green
}
}

Remove EOL Automapping

Automapping is an Exchange & Exchange Online feature which automatically opens mailboxes with Full Access permissions in a delegate’s Outlook client.

Remove the access permissions. This also removes automapping.

Logon to Azure EOL (with MFA)

Business@contoso.ie is the mailbox being shared.
anna.grimm@contoso.ie is the account that has the access rights.

In EOL PowerShell

Remove-MailboxPermission -Identity “Business@contoso.ie” -User “anna.grimm@contoso.ie” -AccessRights FullAccess

Confirm

Are you sure you want to perform this action?

Removing mailbox permission Identity:”Business@contoso.ie” for user “anna.grimm@contoso.ie” with access rights “‘FullAccess'”.

[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is “Y”): select A

You might get this error
WARNING

Can’t remove the access control entry on the object “User” for the user account because the ACE doesn’t exist on the object.

So use

Remove-MailboxPermission -Identity “Business@contoso.ie” -User “anna.grimm@contoso.ie” -AccessRights FullAccess –Confirm:$false –BypassMasterAccountSid

Re-add the permissions but without Automapping

Add-MailboxPermission -Identity “Business@comtoso.ie” -User “anna.grimm@contoso.ie” -AccessRights FullAccess -AutoMapping:$false

Use EOL PowerShell with MFA

Import-Module -Name ExchangeOnlineManagement
Connect-ExchangeOnline -UserPrincipalName <Azure admin account UPN>

This brings up a small logon web window. Input the password and select the MFA authentication method. On success PowerShell will finishing connecting to EOL.

Outlook with MFA keeps asking for password following AD password change

Problem

Outlook is disconnected
“Needs Password” shown in lower right side of client
No folders updated
When you click on “Needs Password” M365 sends you a text code. You input it, nothing happens and this loops.

Reason

By default, Microsoft Office 365 ProPlus (2016 version) uses Azure Active Directory Authentication Library (ADAL) framework-based authentication. Starting in build 16.0.7967, Office uses Web Account Manager (WAM) for sign-in workflows on Windows builds that are later than 15000 (Windows 10, version 1703, build 15063.138). There are generally two problems we see WAM causing:

Users unable to authenticate (particularly after a password reset)

WAM introduces new requirements for Identity Providers (IdP) used to federate Microsoft 365 (O365) logins. When a Windows 10 workstation is joined to an on-premise Active Directory, WAM/M365 requires the IdP to support the WS-Trust protocol. Currently this is not supported in the Duo Access Gateway (DAG). When a user’s access/refresh tokens become invalid, such as after a password reset, the WAM framework tries to re-authenticate the user. The expected end-user experience is a popup window showing the login page of the IdP asking the user to re-authenticate. When the IdP is the DAG, this process will fail causing the user to be unable to re-connect to M365 with applications such as Microsoft Outlook. The user will see the authentication window open briefly then immediately close while Outlook continues to show the message “Need Password”.

Solution

Log out of all O365 related web pages
Close Outlook
Open Registry and add the following 2 dwords

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity]
DisableADALatopWAMOverride=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity]
DisableAADWAM=dword:00000001

Cannot install Roles & Features (Windows 2016)

Error
Sometimes when building a Domain Controller The new roles will not install and you’ll get the error below
The referenced assembly could not be found. Error: 0x80073701

Log
Navigate to C:\Windows\Logs\CBS\CBS.log and search for STATUS_SXS_ASSEMBLY_MISSING

Quick fix
Get a new image and start over

Geek Way
Run these commands at elevated cmd

Dism.exe /Online /Cleanup-Image /CheckHealth
Dism.exe /Online /Cleanup-Image /ScanHealth
Dism.exe /online /cleanup-image /analyzecomponentstore
Dism.exe /Online /Cleanup-Image /restoreHealth
sfc.exe /scannow
powershell.exe “Get-TroubleshootingPack -path C:\Windows\diagnostics\system\WindowsUpdate | Invoke-TroubleshootingPack

If that doesn’t work get a new image

Enable Windows Debug Logs

Netlogon Debug Log
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] “DBFlag”=dword:2080ffff (hexadecimal value)
Then open a cmd and type net stop netlogon && net start netlogon to enable the debugging mode. The Debug logging writes to C:\Windows\Debug\netlogon.log

Winlogon.Log
After fresh installation of Windows Server domain controller you could see that you have no winlogon.log file which is useful to debugging AD GPO’s.
For example when you need to troubleshot SceCli events. Event ID 1202 tells you to use: FIND /I “Cannot find” %SYSTEMROOT%\Security\Logs\winlogon.log

To create it, go to regedit and go to following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}
Click the key ExtensionDebugLevel and enter 2 as a Data.

After refreshing AD policies with GPUpdate you should see your winlogon.log file

“User profile was not loaded correctly” – TEMP profile created on logon

Log on as different user. Make sure the different user account is a administrator (added to the Administrators group).
Open Windows Explorer and open C:\Users. Delete the directory of “problematic” user profile and “Temp” directory, it may or may not exist.
Run the registry editor (RedEdit.exe)
Go to the following location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
You need to find the correct SID and delete it. To make sure you are deleting the right one, check the key ProfileImagePath which has the profile path. Delete the .bak key as well.
Reboot the computer and logon on as the user as before.

Get IPv4 DHCP Reservations in a CSV file

Copy code below and save as Get-DHCPReservations.ps1

Get-DHCPServerV4Scope | ForEach {Get-DHCPServerv4Lease -ScopeID $_.ScopeID | where {$_.AddressState -like ‘*Reservation’} | Select-Object ScopeId,IPAddress,HostName,ClientID,AddressState | Export-Csv “C:\temp\DHCPReservations.csv” -NoTypeInformation