Enable Modern Authentication (ModernAuth, OAuth) in Office 365, resolve Outlook Clients not using modern auth.

 First- Ensure Office 365 is set for Modern Auth-

    - Log in to the Office 365 portal, Edge seems to work the best.
    - Admin Centers, Exchange, Classic Exchange Admin Center.   
    - Hybrid, click "Configure" under Exchange Online Powershell Module.
    - Type "Connect-EXOPSSession -UserPrincipalName <your UPN>"
    - Get-OrganizationConfig | ft OAuth*
        - If it's set to "True", you're good to go, modern auth is enabled.
    - If it's set to false- Set-OrganizationConfig -OAuth2ClientProfileEnabled $True
    - Give it a couple of hours.

If a user is still getting the basic prompt in outlook-

    - Go into control panel, credential manager, delete everything related
    - In regedit, go to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Identity. 
    - Create a new DWORD named "EnableADAL" and give it a value 1

If that doesn't work-

    - Create a new DWORD named "DisableAADWAM" and give it a value 1
    - Create a new DWORD named "DisableADALatopWAMOverride" and give it a value 1

Cisco ASDM "This app can't run on your PC" error message."

 

1. Choose Start > Cisco ASDM-IDM Launcher, and right-click the Cisco ASDM-IDM Launcher application.

2. Choose More > Open file location.

   Windows opens the directory with the shortcut icon.

3. Right click the shortcut icon, and choose Properties.

4. Change the Target to:

   C:\Windows\System32\wscript.exe invisible.vbs run.bat

5. Click OK.

How to Hard Match a user on Office 365

• Move the user to an OU that is not monitored by AD sync, perform an export, go to Azure AD and permanently delete the user.
• Connect-MsolService -Credential $credential
• Install-Module MSOnline
• import-module adsync 
  
  
• [system.convert]::ToBase64String((Get-Aduser dfcoughlin).objectGUid.ToByteArray())

• Set-MsolUser -UserPrincipalName user@abc.com -ImmutableId <INSERT B64 ID HERE>
  
  
• Move the AD user back to the monitored OU.

Other way to get GUID-

• Get-ADUser -Identity “<username>” 
  
  
• Convert the GUID to Base 64
• $guid = "3ab39606-c642-489b-84b6-58c038d3ef39"
• $base64 = [system.convert]::ToBase64String(([GUID]$guid).ToByteArray())
• $base64
  

How to unlink a cloud Azure AD account with the corresponding On Prem User (DeletingCloudOnlyObjectNotAllowed)

# Change UPN to "onmicrosoft"

set-MsolUserPrincipalName -UserPrincipalName user@domain.com -NewUserPrincipalName user@yourcompany.onmicrosoft.com

# Setting a new Random Immutable ID

set-MsolUser –UserPrincipalName user@yourcompany.onmicrosoft.com -ImmutableId "Z/-XGv2W4kWPM1mR/ddSdn!)"

# Changing it back to the original UPN

set-MsolUserPrincipalName -UserPrincipalName user@yourcompany.onmicrosoft.com -NewUserPrincipalName user@domain.com

Reset default users and computers folder so you can rename or delete SBSUsers OU

 ReDirUsr "CN=Users,DC=domain,DC=com"

ReDirCmp "CN=Computers,DC=domain,DC=com"

No drivers will install, you get "The Data is Invalid"

 Check to make sure the following services are NOT disabled, and start them-

Device Install Service
Device Setup Manager
Device Association Service

ASDM Certificate Authentication

  - Open up powershell-

$rootcert = New-SelfSignedCertificate -Type Custom  `
-Subject "CN=ASARoot" `
-KeyExportPolicy Exportable `
-KeySpec Signature `
-HashAlgorithm sha256 `
-KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-KeyUsageProperty Sign `
-KeyUsage CertSign

 - Run MMC, add Certficiates, User, go to personal, Export, no to private key, pick Base-64 encoded, save file.

 - Log into ASA- 

MyASA(config)# crypto ca trustpoint ASACERT
MyASA(config-ca-trustpoint)# no ca-check
MyASA(config-ca-trustpoint)# enrollment terminal
MyASA(config-ca-trustpoint)# no id-usage
MyASA(config-ca-trustpoint)# exit
MyASA(config)# crypto ca authenticate ASACERT

 - Log into ASDM, Network Client Access, Anyconnect Connection Profiles, select profile and click Edit, set authentication to certificate only.

Cisco VPN dropping connectino/RDP

“sysopt connection preserve-vpn-flows