$Params = @{
"DnsName" = @("quail-vm1.nytis.com")
"CertStoreLocation" = "Cert:\LocalMachine\My"
"NotAfter" = (Get-Date).AddMonths(100)
"KeyAlgorithm" = "RSA"
"KeyLength" = "2048"
}
New-SelfSignedCertificate @Params
https://www.sslshopper.com/ssl-converter.html
1. Install CA, configure as root CA.
2. On your CA Server launch the Certification Authority Management Console > Certificate Templates > Right Click > Manage.
3. Locate the Kerberos Authentication certificate > Make a Duplicate.
4. General Tab > Call it ‘LDAPoverSSL’ > Set its validity period > check to publish the cert in AD.
5. Request Handling Tab > Select ‘Allow private key to be exported’ > Apply > OK. Close out of the templates.
6. Right click Certificate Templates again > NEW > Certificate Template to issue.
7. Locate and select the ‘LDAPoverSSL’ certificate > OK.
8. Now logon to a DOMAIN CONTROLLER > Windows Key+R > mmc {Enter} > File > Add/Remove Snap-in > Add in the Certificates Snap-In > Computer account > Finish > OK > Expand Certificates > Personal > Certificates > Right Click > All Tasks > Request New Certificate > Next > Next.
9. Select the LDAPoverSSL Certificate > Enroll > Close the Certificate Snap-in.
10. In my case I need my device to ‘Trust’ the CA, So on the CERTIFICATE SERVER > open a command window and run the following command;
certutil -ca.cert ca_name.cer
11. It will display the certificate PEM on the screen and should complete successfully.
12. You will notice my command was run while I was on the root of the C: Drive, yours will probably be C:Users{your-username} go there and retrieve a copy of the ‘Root Certificate’.
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\OneDrive
Check if any of the "Disabled" keys are set to 1. If they are, set them to 0.
Import-Module ADSync
Get-ADSyncScheduler
Replicate your DCs first- repadmin /syncall /AdeP
Delta Sync-
Start-ADSyncSyncCycle -PolicyType Delta
Full Sync-
Start-ADSyncSyncCycle -PolicyType Initial
So here's a nice surprise, apparently, exchange is reporting an error Can't Convert "2201010001" to long this morning. As of Jan. 1, 2022 0:00 UTC on-premises Exchange servers seem to freezing transport of all emails – a date can't get converted. Here is a quick overview of what is going on.
To resolve this, for now, disable the anti malware-
& $env:ExchangeInstallPath\Scripts\Disable-Antimalwarescanning.ps1
redundancy management-module nonstop-switching
show redundancy
redundancy rapid-switchover 60
redundancy swtchover
show redundancy detail
Firmware-
boot set-default flash primary
write memory
boot standby
show redundancy (wait for sync
redundancy switchover
Check users email fields-
get-aduser -Filter * -Properties mail | select name,mail | Out-GridView
Command to copy-
Get-ADUser -LDAPFilter '(userPrincipalName=*)' ` -Properties userPrincipalName,mail | Select-Object * | ` ForEach-Object { Set-ADObject -Identity ` $_.DistinguishedName -Replace ` @{mail=$($_.userPrincipalName)} }
