About the Author
Author

stoff

SharePoint 2016 Installation Errors

SCENARIO
You’re trying to install SharePoint 2016 on a Windows 2016 server and thinks just aren’t going well.

PROBLEM
To be honest I don’t know how else to explain the problem in any other way than Microsoft’s Windows Server 2016 team was in a feud over lunchboxes with the SharePoint 2016 devs because there is no other way to describe the complete incompatibility between the two!

SOLUTION
I’d say “Google it!” but that’s probably what got you here in the first place!
The first problem is the prerequisite installer that can’t configure Windows IIS role or download things. Fret not for there is plenty of help to find. When first running the prereq you’ll probably get this error: “Web Server (IIS) Role: configuration error”. To configure the IIS use this Powershell :

Make sure to edit the source file to the Windows Server 2016 ISO!

The next place you should look at is this blog by the Microsoft Field Engineer Nik. Although be careful about some of his links as those are outdated and replaced with new versions, although downloading the version he’s linking will still work. He even provides a script that will run the Powershell to configure everything. Why this isn’t on the SharePoint 2016 ISO is beyond me!
But even when downloading all of that and installing it properly I was still faced with this error when trying to setup the farm: “New-SPConfigurationDatabase : One or more types failed to load. Please refer to the upgrade log for more details.“. Going through the install log I found this: “SharePoint Foundation Upgrade SPSiteWssSequence ajywy ERROR Exception: Could not load file or assembly ‘Microsoft.Data.OData, Version=5.6.0.0, Culture=neutral, PublicKeyToken=31bc3856cd365e35’ or one of its dependencies. The system cannot find the file specified.

It seems that the WCF prerequisite file when installed using the Powershell method of manually downloading and installing it! Fortunately the quick fix is to find the file “WcfDataServices.exe” in your profile directory (i.e NOT the one you downloaded!), running it and choosing “Repair”. Only then did SharePoint 2016 install properly!

Get Users With Multiple Licenses

SCENARIO
You’re managing a large O365 tenant and you want to make sure there are no users that have multiple licenses assigned.

PROBLEM
The original problem is that you actually can assign a user with a F1, E1 and E3 license and end up paying three times for a user! Next problem comes with how license information is stored and retrieved with Powershell.

SOLUTION
Here is little code that will read out all your users and go through each one to make sure they don’t have more than one of the licenses assigned. It should work as long as Microsoft doesn’t change the _actual_ names for licenses!

The script can ofcourse be enhanced to write a log or even mail a log to an admin if you want.

Check E-mail Addresses From File

SCENARIO
You’re handed a list of e-mail address for mass mailing from HR and they need to verify that all e-mail addresses are valid and won’t bounce “like last time”.

PROBLEM
There are a few problems with this. One is the fact that not all e-mail addresses are the primary e-mail address and won’t show up in a normal search.

SOLUTION
I put this little script together that will first connect to your MS Online tenant, then read all MSOL users into an array, import the CSV file containing the employees, go through each row and check that the e-mail address from the file in the column “employeeemailaddress” exists as a proxy address on at least one user. If not it writes out the e-mail to a log in c:\temp. Nothing too advanced, just a few things put together to achieve a very, VERY tedious task when you get a list of 10.000 e-mail addresses!

This can also be modified to check if any other attribute exists or not on users if you want to, it was just for this scenario that I had to check e-mail addresses! It can also be modified to read out the local AD and not the Azure AD, ofcourse.

Please comment out the first two lines if you run this more than once in a Powershell window since the list of users is already in the variable and reading out all MSOLUsers can take a very long time!

Valerian

I’m a huge fan of Luc Besson. Big fan! “Léon” is one of my favorite movies of all time! “Fifth Element” is right up there too. “Metro” is a classic, Nikita, Taxi, Big Blue, Transporter, Taken, Jean D’Arc, so many damn great movies! But he’s also done a few that I wasn’t a big fan of but can’t blame him for that 🙂

So when I saw the first trailer for “Valerian” I got really stoked! I mean really stoked. Like so stoked that I can’t even talk myself out of it, which I usually do because I hate going out of the movies disappointed.

I was not disappointed. It was awesome! I would like to give it all 5 elements but there were two things that put me off. 1) The translation to Sweden was bad. Yeah I know, I can’t hold Luc Besson responsible for that but I do hold the movie company responsible! Not that I need Swedish subtitles – but if you’re going to do it do it right, because this was terrible. 2) Dane DeHaan that plays the lead character didn’t feel right for the role. The character was supposed to have been in the military and seen stuff, like Korben Dallas in Fifth Element. Instead he looks and even acts like he’s the one that makes the other guys say “was I that young when I joined”! But apart from that – awesome! And yeah, SF Filmstaden Scandinavia delivers in VIP again!

What I was mostly impressed with was the CG and the visuals! They were absolutely amazing! It even got to the point were I didn’t know if it’s computer generated or if it was makeup or what was going on, I love that! Music was awesome, although missing that kick ass diva song!

So here’s hoping for more and judging by the amount of source material that shouldn’t be too hard 🙂

Get User With E-mail Address

SCENARIO
You’re getting some error that a specific e-mail address can’t be or send mails. But you have no clue about which user/mailbox is the owner of this specific e-mail address

PROBLEM
Most of the times this isn’t a problem, the Exchange Management Console or EOL Admin Center will do the trick. But sometimes it can be a bit tricky if the e-mail address is to say a public folder, which isn’t scoped in the search.

SOLUTION
This quick little powershell will do the trick for you to find it:

Credit goes to Fulgan @ ArsTechnia for the post here.

Enable Versioning On Entire SharePoint 2013 Application

SCENARIO
For some reason, probably money, you can’t use a proper backup solution for your farm. So you want to use versioning as a cheap mans backup.

PROBLEM
Going through every document library in every site in every site collection in every application to enable versioning isn’t possible. And there is no way to specify in Central Administration or declare a policy to enforce this.

SOLUTION
This powershell script will do the trick for you. It’s written to enabling versioning for an entire web application (with easy alteration it can be scoped to a specific site/site collection). What’s neat about this is that it will not change settings on the document libraries that already have it enabled! It will not enable minor versioning, but you can just enable that if you want.

As always, use on your own risk and test in a test environment first and then scope it to a test site collection in production farm!!

Credit goes to Amrita Talreja @ HCL for this post which is the basis for this Powershell script.

Get All MSOLRoleMembers

This is a small little script I wrote for going through all administrator roles in your O365 tenant and listing out the members of each. This can be handy if you feel like you’re losing control over who has what permission in the tenant or someone says the classic “I want what he has”.

Licensed Shared mailboxes

SCENARIO
You’re managing Office 365 for a company. You start seeing those licenses count down and you don’t know where they are going. Then it’s time to check if you have “Shared mailboxes” that are licensed!

PROBLEM
The problem here is that sometimes user mailboxes are converted to a shared mailbox. Maybe it’s an employee that left but you still want to access the mailbox, or maybe the mailbox was accidentally created as a user mailbox to begin with. And Microsoft even has a button in Exchange Online for converting to Shared mailboxes! But the problem is that button does indeed convert it – but it’s not deactivating the license! This is probably working as intended as deactivating the license has some other affects like legal hold and other services.

SOLUTION
This little command will list the mailboxes that are tagged as Shared mailboxes and lookup if their Azure AD object is licensed or not. It requires you to already have a remote PS session with Exchange Online as well as a connecting to MSOL service:

Then you may want to write something like this to automatically remove the licenses. Change “yourlicenseplan” to.. well, your license plan 🙂

Credit goes to Mohammed Wasay (https://www.mowasay.com/2016/03/office365-get-a-list-of-shared-mailboxes-that-are-accidentally-licensed/).

SharePoint 2013 error “Exception from HRESULT: 0x80131401”

SCENARIO
After patching a SharePoint server with normal OS patches and reboot you are no longer able to browse to the applications or Central Admin. When looking at the log you see this error from C2WTS:
“An exception occurred when trying to issue security token: Loading this assembly would produce a different grant set from other instances. (Exception from HRESULT: 0x80131401).”
This was on a normal SharePoint Foundation 2013 server (build 15.0.4569.1506)

PROBLEM
If you check this TechNet forum post it seems to be related to “third party monitoring tools”. Unfortunately, SCOM is considered a third party tool in this case. And as it happens, we have just upgraded to SCOM2016!

SOLUTION
According to the TechNet forum post (and this official MS post) you should update or disable any third party monitoring tool. So, uninstalling the SCOM monitoring agent, rebooting, reinstalling it with “NOAPM=1” parameter will solve the issue (atleast it did for me).
However, if that it not an option (sometimes you can’t just reboot a critical server!), disabling Load Optimization does work, even if means your SharePoint is now unsupported. So I’m posting this for all us “it needs to be fixed now and I can’t find, update or disable whatever DLL is causing this!”-techies! So setting these registry keys works:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework, create a new ‘DWORD (32-bit) Value’ named “LoaderOptimization” with a value of “1”.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework, create a new ‘DWORD (32-bit) Value’ named “LoaderOptimization” with a value of “1”.

But as those MS people will tell you, it really isn’t a recommended solution (which is weird since it originated from MS support!).

New-MSOLUserPrincipalName

SCENARIO
You’re changing the e-mail domain of a user or even a bunch of users. After that you also need to set their UPN’s to reflect the change.

PROBLEM
The problem is that Azure AD Connect service doesn’t currently support changing domain of a UPN of an object that is already synced! So you have to run a powershell command to change it. But it get’s even more complicated because you can’t change the UPN from one federated domain to another without making it “unfederated” first.

SOLUTION
Enter New-MSOLUserPrincipalName, which is a function that will take the user with the current UPN ($UserPrincipalName), change it to a temporary UPN with the domain extension “@[your tenant].onmicrosoft.com” and change it to the new UPN ($NewUserPrincipalName).

Thanx to Johan Dahlbom for this one!

Download PS1 from Dropbox

Download PS1 from Dropbox

Star Wars – Rogue One

I finally did it! I finally saw “Star Wars Rogue One”. Or “Star Wars Episode 3.9” as I’d call it! As a huge fan of the original triology I was definitely looking forward to seeing it but for one reason or another (one being my son’s refusal to see a movie he wasn’t allowed by the authorities to see!) it never happened when it was playing in the cinemas. And I certainly didn’t want to see a low quality “grabbed from the internet” version of the movie.

First off – spoiler warning! There are some spoilers below so don’t go there unless you’ve already seen the movie or don’t care about having it spoilt!

All in all – I was positively surprised at how good it was! I don’t know why but my expectations weren’t that great, probably because Episode VII was such a disappointment. But this one was really, really good.

And if you know me well enough you know one thing I love is continuity! Screwing up, or even ignoring continuity, can get me to dislike an otherwise good movie or TV show. Or in the case of Babylon 5 absolutely love a TV show that really isn’t that great once you remove the 5 story arc. And in this case most continuity I felt was acceptable, as expected there were tons of great references to Episode IV – one of the smaller ones being Bail Organa saying he’s going back to Alderaan and I spontaneously scream “don’t do it!!”. The other thing being the lengths they went to to have Tarkin and Leia in this movie when neither was actually in it! (there were ofcourse other characters that were “brought back” from the original triology, like Mon Mothma)

But another pitfall of trying to adhere to continuity is you can’t create characters or major plots without.. well, killing them before the end of the movie. And I’m sorry if this spoils it for the people that haven’t seen it but when they have a rebel meeting about wether to extract the Death Stars plan you can just go around the table and you know, based on who’s in Episode IV, who’s going to make it back alive! So in that way you kind of knew how the ending was going to be. And to my surprise they did the un-Hollywoodian (is that even a word!) thing and stuck with it!

And regarding Tarkin and Leia who were both computer generated faces superimposed on other actors.. I don’t know why the brain is so god damn good at it but you definitely saw that there some something “off” about their faces. Most notably Leia, even though it was just a few seconds and one line you saw that it wasn’t quite right. Great that they tried but it seems like an impossible task because the brain is just too good at face recognition for it to work.

Now – Darth Vader… well what can you say about Darth Vader… the problem with this movie is that the “original trilogy Darth Vader” was tall, imposing but not one for the front lines and certainly not a killing machine. That would have been more a Darth Vader from Episode 3.2 or something. But this movie ends a few days, maybe even hours, ahead of the first scene in Episode IV. But the original Darth Vader sent in his troops and never went in first himself, both the boarding in Episode IV and invasion of Hoth showed that. So ending it with a Darth Vader killing machine, even though it was cool as hell, didn’t really line up with the first scene of Episode IV. And it felt just .. misplaced somehow. But even though I’m a sucker for continuity I have to say that it was so damn cool that I’m gonna forgive that because sometimes rule of cool wins 🙂

Upgrading AD FS 2012R2 to 2016

SCENARIO
You have a working ADFS farm running version 3 on Windows 2012R2 and want to upgrade to ADFS 2016 delivered in Windows Server 2016.

PROBLEM
The problem is that this is, if you ask Microsoft, a very straight forward “next-next-finish” process to do as the only TechNet article I found about it makes it look pretty straight forward. But that article was written for Windows Internal Database (there is now also one for SQL cluster backend. Also you’ll notice at the bottom that it’s written for Technical Preview of Windows Server 2016 and also assumed you have no AD group policies that may break stuff! So there are still alot of things that can, and will, go wrong if you follow that procedure.

SOLUTION
There really isn’t one solution since there are so many issues you may run into but I managed to work through them all. But here are my comments to the TechNet article and where things went wrong for me:
2) It’s never showing in a screenshot but it is shown in the next – you have to chose to join an existing farm, the default option is creating a new farm which is a totally different thing!
But even after going through the setup process succesfully after patching and rebooting I got the error 1297 “A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration“. As it turns out, this is a policy issue with the Windows Server 2016 baseline that limits who and what can “Log on as a service” and “Generate a security audit”. Creating an override policy for this and adding the service account running the AD FS service solved this issue for me! (thanks to https://blogs.technet.microsoft.com/pie/2015/09/04/adfs-refuses-to-start-error-1297/)
3) This is actually very important later on knowing which server is primary and not!
4) and 5) These are confirmed as not required if you’re running a SQL cluster backend. However, you still need to check later for which server is primary and not.
6) This entire Powershell is just wrong and not accepted at all, atleast in my environment! You’re much better off starting the Remote Access Manager and starting the Wizard from there. This will allow you to chose the certificate in a dropdown without knowing the thumbprint. But this is where I ran into problems and lot’s of them!

The first problem I had when configuring the WAP was connectivity resulting in the error “An error occurred when attempting to establish a trust relationship with the federation service. Error: Unable to connect to the remote server”. This was first due to physical firewall, then the local firewall policy settings and in the end that the service itself was down! So this was basically alot network issues, not the biggest thing in the world.

Now that that was done with I ran into the next problem that caused so much headache for me – “An error occurred when attempting to establish a trust relationship with the federation service. Error: Unauthorized. Verify that the service account has administrative access on the target Federation Server.”! The account that the WAP uses to connect to the internal AD FS server with that has to be a local user and local admin account on the internal AD FS server (since the WAP server shouldn’t be a member of the same domain as the internal AD FS servers). The problem is that there is a group policy baseline for Windows Server 2016 that denies logon from the network for all local users (“Deny access to this computer from the network“)! This resulted in the error since it wasn’t allowed to login with anything but the console! Setting that to only “Guest” should be enough for this.

So after getting that problem solved I got the next error – “An error occurred when attempting to establish a trust relationship with the federation service. Error: Internal Server Error“. Looking at all logs and events and I couldn’t figure out what tha hell was causing this issue. Well, as it turns out it was related to step 4 and 5 which you shouldn’t have done if you’re running SQL backend! When you point to the internal AD FS service address (the web address sts.xxxxxxx.com) you’re supposed to use a host file to control that and point it to the load balanced IP address. Well when I did that I always ended up on a server that was NOT the primary computer and therefor I couldn’t add the WAP! When I changed the host file to point directly to the IP of a server that was Primary computer for the farm it worked! Just remember to change this back since you don’t want the WAP servers point to one specifik AD FS server.

That is as far as I’ve gotten as the rest of the upgrade involves upgrading the forest and domain schema which I’m really not ready to do.

Selling The Old Car or Beware of “vikoperdinbil.se”

So now that we have our new car we begin the task of selling off our old car. We’ve tried selling off old cars ourselves before and it’s never ended well. I expect too much professionalism for that when we’re talking about this much money and I’ve always ended up with the complete opposite so I didn’t want to go the private route. Even though it means getting less I wanted to sell it to a dealer who could do the work. After trying out different “what’s my car worth” sites I ended up trying out a company called “Vi Köper Din Bil” (“we buy your car”) with the website “vikoperdinbil.se”. I’m typing it there because my hopes are anyone googling it will see this and stay away!!

On their website you simply enter the model, make, year and mileage of your car and they will guestimate it’s worth. For our Seat Leon they guestimated about 112.000:- “plus any extra options” which we had plenty of on that car. That’s about half of what we paid for it three years later but sounded ok. I mean the “street value” of the car would be 130.000:- but they needed a cut of that so ofcourse I couldn’t get that. But based on that estimate I made an appointment to take my car in to get a proper go-through and evaluation. I took time off work, I cleaned the car, loaded her up with the summer tyres and coordinated with the wife to come pick me up afterwards. But at the station they went through it (and didn’t find anything wrong with it at all), sent everything off to their expert who came back with an offer. 90.000:-! That’s 22.000 less, or more accurately 22% less, than their gustimate which included the comment “plus any extra options”!

Their business strategy is pretty obvious – give customers an optimistic guestimations and then when they’ve take the time and make the effort of going into their station they can just slash 20% off that and some people will go for it. Or “lockpriser” as we say in swedish. Real estate agents are given warnings whenever they are caught using tactics like that but for cardealers this is totally acceptable?! Even going through their own “what our customers think of us” turns up a gem where a guy says that he was happy even though they slashed 20% off the initial guestimate! There are also plenty of reviews on Trustpilot against them for this tactic!

Naturually I said “get the fuck out of here!” and left on the spot. So beware of “vikoperdinbil.se” unless you’re ready to get an offer about 40.000:- less than the street value. How do I know that? Well my option B was to take it to the authorized Seat dealer in Täby. They gave us 110.000:- for it and put it up for sale for 130.000:- and in 3 days the ad was taken down!

Buying a new car – how hard can it be? Part III

[Previously on the blog – me and the wife wanted to buy a new car and ordered an Audi A5 for 492.000 SEK and it was delivered in late February but only after wondering if this was their first car delivery ever!]

Now that was 3 weeks ago. And in those three weeks unfortunately enough has happened to make me say “I won’t go back there again”.

Not only because of the reasons I’ve already listed (1) them telling us to go away from the business section in a rather rude manner, 2) the unprofessional way of handling the tyre situation 3) noone informed us of the deposit we had to make before we got there) but as it turns out they made even bigger mistakes – one huge mistake during the ordering process and two pretty big mistakes with the delivery.

When delivering an Audi, the representative is supposed to help you sign up to the myAudi account and tie your car to that account. Nope, didn’t happend! Fortunately I know my way around Internet and websites but it led me to the next big issue. They also failed to inform us that the little plastic badge on the set of keys we got was actually very, VERY valuable since it had a PIN to enable remote access of the car! Without this I couldn’t use the electronics I paid for and selling it would be pretty damn hard! Fortunately we hadn’t thrown that little plastic thing in the bin yet but at no point did we think it was something we needed to keep! But the major f*ck up was discovered when we were loading up the car with some kids and realised this model didn’t have 3 seatbelts in the back, only 2!!! I didn’t even know that was possible but apparently it’s an extra option for Audi that costs a mere 3.600 SEK! Had the original salesguy informed us about that we would absolutely have clicked it. But he didn’t so now we’re stuck with a car that only has 4 seatbelts! This was a dealbreaker when we started this (one of the reasons we didn’t go for a Mustang!) and we made sure to check that it did have it when we were in the showroom! I can only imagine the salesguy picked up on us only having one kid and in an attempt to keep the price below 500.000 didn’t click it but it leaves a very sour taste! Fortunately we have a cheap ass VW Polo that has 3 seatbelts in the back so if we ever need one extra seat we can use that. But still… And “we should have checked it ourselves”, yeah you could say that, but as I said in part I, it’s a freaking jungle!! Unless you work there knowing what’s included in the “2017 A5 Sportback Proline Sport Edition” from the go, it’s damn impossible! And when adding stuff BAM! you’re told that it’s not compatible with the current loadout! It’s rediculous! Sometimes I think those configurations should have a “these things are NOT included in your layout”-list, that would have spelt it out for us that it was an extra option.

So, expect a new one of these in 3 years when it’s time to buy a new car again. Maybe we’ll go for a Mustang that time around or maybe Tesla if they are affordable by then.

Read Part I here.

Read Part II here.

Buying a new car – how hard can it be? Part II

[Previously on the blog – me and the wife wanted to buy a new car and ordered an Audi A5 for 492.000:- and was told it would be delivered end of March]

And so we waited. And waited.

Eventually in mid February we got an e-mail from the insurance company telling us it was time to insure our Audi. ??.. so we called up the dealer in Järva, got put on hold and eventually told by the manager that “I’m gonna have to call you back”. And so he did. And yeah, the car had arrived and we were free to pick it up next week. At this point I’m wondering “how long has it been there and when were you going to tell us!?” but I was just too excited and grateful that it was already here to question that. After our dealing with Toyota I thought it’d be best if we gave them the week and come in on Friday afternoon. This gave them over 8 days to get the car ready. And then he assigned the delivery to another salesman which I thought was weird but as it turns out the salesman, Daniel, that I liked so much and ordered the car from was no longer working there for reasons noone wanted to get into. When I woke up on Tuesday, 3 days before the delivery, it was snowing. And I remembered we hadn’t ordered the winter tyres so it would be illegal for us to drive our new car home from the dealer without it! So I called them up and asked what they usually do in this situation when customers have ordered cars without winter tyres and it’s snowing. And he had no clue. His first response was just hoping it would get warmer and thaw so it wouldn’t be a problem. I couldn’t tell if it was a joke or serious but it was absolutely unprofessional! So I had to ask him if he could fix winter tyres for us which he ofcourse was willing to try to do but couldn’t make a promise he’d get them in time. Seriously, he had 3 days to find new wintertyres for a new car in Stockholm, how hard can that be, pick up the phone to Euromasters and have them send over a set with DHL!? Well, he couldn’t just call anyone to get any kind of tyres, he had to order Audi originals regardless if we wanted it or not! Then we didn’t hear anything from him and we were just left assuming it was sorted when we went in to pick up the car on Friday afternoon. And much to our delight and surprise he had sorted it. On the car was now brand new Audi original winter tyres! “Great, so can we get the car now” … “well not really because you still haven’t paid us the 130.000 that was due”. Huh? Well, as it turns out we were supposed to send in the money to them so they had it before we could pick up the car and noone had told us about this. He said it was the “other guy” that had missed informing us of that. Personally I think it should be on a check list when preparing to deliver a car to make sure the car is legal to drive on the day of delivery and that the payment was settled, but apparently this guy didn’t think that was on them, those were my problems to solve!

So I ended up using Swish, a Swedish “send money instantly to another phone number” system that is quite a common way to send money here – just not supposed to be used for transactions of this size!! Fortunately my bank allowed the transaction, otherwise I don’t know what they’d do but I was furious enough to leave there and then and have another look at the Cupra – just ask Toyota. So now that that was sorted we got a big, long debriefing on insurance options. After that he unveiled our new car. And it was glorious!! I knew the car was so hitech that we were in for long education of what everything did.. but nope, he wasn’t into that, “I could spend an hour talking about everything but you pretty much want to get on the road huh?”.. well that didn’t stop him from talking insurances for a very long time but ok so let’s get on the road.. nope, we had to take a detour to their servicecenter to pay for the tyres. Fortunately the guy there was an absolute professional and got that over with quickly in the kind of “getting it done!” method I love. After that we got an ok to go out on the road, finally!

To be continued tomorrow…

Read Part I here.

Read Part III here.

Buying a new car – how hard can it be? Part I

Me and the wife were in the market to buy a car. And my wife has expensive taste. And we had the cash to spend. Sounds like a dream for any car dealer, right? But you know after our dealings with Toyota last year that I didn’t think very highly of car dealers… and that was about to get even lower!

My wife have always wanted to buy a Mustang. But purchasing a new Mustang in Stockholm proved pretty impossible as the only dealer we were in contact with didn’t have any available for us to try as other customers had crashed them both and we didn’t want to order one blindly. Besides I got the feeling he wasn’t too eager to sell one to us anyway. So we checked out a secondhand dealer that had a great Mustang waiting to be bought. After sitting in it we both kinda realised this isn’t the kind of car you use driving back and forth to school or to Ikea. So that idea was put on hold.

The next idea was a Tesla. But in Sweden the start at about 750.000 SEK which is shitload of money but when you start adding on stuff it goes up to 7 digits quite fast. So no, not yet.

Then we went for a sport version of the car we have today, a Seat Leon Cupra. The only dealer we had even remotely close to us turned out to be amateurs! They only had one for customers to try out. And the owner was using it as his private car. And we had to book an appointment to testdrive it! Well we did but it turns out the boss’s wife or daughter had taken the car for high street shopping that afternoon and got stuck in traffic. Who knew there might be traffic jams when going from Stockholm city to Barkarby at 5pm!? And when we test drove it we found their candy stash, we found her wallet and some left over shopping. As I said, amateur hour. Unfortunately the car was an absolut beast and we were tempted to buy one had it not been for the dealer.

So then we raised the bar! As we’ve been happy with both our Volkswagens and our Seat we decided to test the upgrade in the family and go for an Audi! Now I wanted to use Möller Bil again since we were so pleased with how the Seat turned out and how professional they’ve been but no Möller retailer close to us sells Audi. So we went to the Audi retailer in Järva. First thing that happened was they didn’t respond to my e-mail requests. Usually not a big thing but car dealers are supposed to be more eager than this, but oh well. So we went to their showroom and were told that we weren’t welcomed because we were in the business section! Should have gone home right there and then to be honest because the only reason we were in the business area was poor signage from their end! But we didn’t go home, we went up a floor to the consumer section and met a really friendly and nice salesguy, Daniel. He tried to understand what we wanted and our criterias – the wife wanted a bit of luxury but I wanted to pay the least amount for it! We went there looking at an A4 but when the wife saw their latest A5 Sportback she was totally sold! And when I saw their virtual cockpit, so was I. We tested sitting in an A5 to get the feel for the interior, noting that there was indeed 3 seatbelts in the back (more why that was important later!) and then we testdrove an A4 with identical engine to get the feel for the cars power. We were both very, very pleased. So we sat down to go through the list of options for the car to try to come up with a good car that fit our needs and what that would cost us. He went through every option (or so we thought!) with us and based on what he knew of our needs made recommendations. Since every manufacturer has their own terms/language, options and editions it’s a real jungle to sort it out but he did a good job of explaining it. I really liked this guy! So he came up with a car for 492.000 SEK, almost half a million. Naturually we needed to have a talk about it but after two days we made the decision to go for it. We went back and talked with him again to place the order. No fuzz at all, we agreed we’d put down 130.000 which we’d get from selling our current car when we got the new car. It would take “about 5 months” to get the car. A bit long but it would be worth waiting for. Now, did we want winter tyres on this or not? That was an extra 20.000 SEK. I knew I could get tyres for about half that price, and 5 months from end of October would be and of March so no really need for it, so no thanks. And the order was placed and we were happy with it all.

And then we waited. And waited…

Read Part II here.

Read Part III here.

Remove User Mailbox Permissions

SCENARIO
A user has alot of mailbox permissions to other mailboxes that needs to be revoked.

PROBLEM
The problem is that the GUI, even in an on-prem interface, forces you to remove the permissions on the destination so you have to go to every mailbox he/she has access to, remove the permission and then go to the next. This is very time consuming, one wish you could open the user and remove the permissions to other mailboxes that way, but it doesn’t work like that unfortunately.

SOLUTION
This little script solves this problem. It goes through all mailboxes in your mailenvironment and checks all the boxes that the [USER] has access to and prompts to remove them one by one. I still feel a prompt is necessary because sometimes you get the request to “remove everything except these”, so by prompting we can chose which ones to remove. Alot faster than going to every mailbox in the list! For better performance, I suggest you specify a “-servername EXCHANGESERVER” in the “get-mailbox” command, otherwise it’ll go through the entire Exchange org.

Download PS1 from Dropbox

Download PS1 from Dropbox

Change Something On Users From File

SCENARIO
You’re the administrator of an Office 365 tenant and/or on-prem Exchange and Active Directory and you need to make bulk changes to a group of people and you have a list with UPNs ready to use.

PROBLEM
There really is no problem but it may be very repetetive tasks.

SOLUTION
This script will read the file “C:\temp\list_of_upns.txt“, which is just a list of UPN’s, and iterate through them making the change you want. Since I make alot of the same changes to different users depending on what I need. I simply un-comment by removing the “#” for whatever I need to script to change on the user. And remember to put the “#” back in to comment if you want it to do something else or you may end up doing unwanted things on the objects (like converting a bunch of on-prem mailboxes to Room mailboxes, true story!)

Download PS1 from Dropbox

Download PS1 from Dropbox

Get User Serviceplans

SCENARIO
You’re the administrator of Office 365 and you want to programmatically extract information about what serviceplans (features) a specific user has access to and which he or she doesn’t have access to.

PROBLEM
Microsoft’s way of storing the information regarding licenses and features/plans isn’t quite logical sometimes for unitiated people so this might sound like a very complicated thing to do with Powershell and you’re left to do it through the portal instead.

SOLUTION
This little snippet of code will help you. You can add exporting features to it if you want, or input a user.txt file, but this is the stuff that displays the information. But if you want to get a complete dump of all information for all users, you should use this script instead which does that magic alot better.

Download PS1 from Dropbox

Download PS1 from Dropbox

UPDATE: Apparently the new Powershell moduled for MSOL handled this differently so the output became quite different. Rather than type out one plan at a time it bunched them together so there was no way of seeing which feature belonged to which plan. So I re-wrote this with a “while” loop and “format table” command to force it to seperate the output. (seriously, remove the “ | ft” part and see what that does to this snippet!)

Get AD User By UPN

SCENARIO
You’re managing Office 365 and want to do Powershell quieries against the on-premise Active Directory

PROBLEM
The problem is that Office 365 cmdlets like “get-msoluser” always gives you the users userprincipalname (UPN) because that is all that Office 365 cares about. But when you want to query the local on-premise Active Directory with “get-aduser” it doesn’t recognise the UPN when searching for users.

SOLUTION
The solution is adding it as a filter like this, where $MSOLUPN is the UPN you get from “get-msoluser“:

Again, this is pretty basic stuff, but still something you need to know and use all the time.