Activation Error on New Microsoft Azure Server VM

Ran into this today, but luckily there is a quick fix (at least for me)! I created a new B2ms VM running Server 2016 Datacenter but as soon as I booted it up, I saw there was an activation error. I tried to run the activation tool but no dice.

I found this help doc which provided this Powershell one-liner to add Azure’s KMS licensing servers just in case they were missed:

Invoke-Expression "$env:windir\system32\cscript.exe $env:windir\system32\slmgr.vbs /skms kms.core.windows.net:1688"

I re-ran the licensing troubleshooter and voila, I was activated!

UPDATE: Using Dell Command Configure to Set Wake-On-LAN for Dell Computers

I’ve previously written about using an older version of Command Configure for enabling WOL. The commands have changed in the latest version, v4.2 as of this writing. Download available here.

cctk.exe –wakeonlan=LanWlan for setting WOL for both LAN and Wireless LAN (wifi) connections.

Your options for –wakeonlan are:

  • LanOnly
  • Disabled
  • WlanOnly
  • LanWlan
  • Lanwithpxeboot
  • addincard
  • onbaord
  • sfpnic
  • lanorsfpnic
  • sfpnicwithpxeboot

If you need to see what options are available, you can hit use the -H command:

cctk.exe –wakeonlan -H

Updating Azure Application SAML Roles in Microsoft Graph

Something on my list of things to do has been to update SAML roles for an application setup a few years ago before Microsoft simplified certain aspects of SAML applications. After tickets with Microsoft support that ended up escalated but with no assistance from them, I found that these roles could be updated via Microsoft Graph. Let’s dive in.

I have my application ID and have requested the body via GET below and the URL https://graph.microsoft.com/beta/servicePrincipals/{ID} (without the curly brackets surrounding your ID)

In the JSON Response Preview, you can see the appRoles listed for the application. After using my Google-FU and not finding any documentation on this at all, I experimented and after trial and error, figured out how to update the approles while keeping existing appRoles.

First, you’ll need a unique GUID for the new approle. In Powershell, you can run new-guid to generate a new GUID for your new approle(s).

Next, copy your entire existing Approle digest from the Response Preview to your editor of choice; I like Visual Studio Code. This means everything from the approles: [ line to the bracket at the end of the last role.

Add a new approle (you can copy a previously used one), paste in your GUID, and change the description, displayname, and value. Because this is JSON, you’ll need to add a comma to the curly bracket for the previous approle.

Once you’re done editing your approles, go back to Microsoft Graph. Where before you chosen to GET , now select PATCH. Keep the URL the same.

Be sure to validate the JSON (you may need to add curly brackets to the beginning and end of the JSON file) using any free online tool or Visual Studio Code. Paste the JSON code in to the Request Body in Microsoft Graph and hit Run Query.

If everything went well, you should see a green OK!

Deleting Folders or Files

I recently ran into an error with a client’s off-site backup using Cloudberry to Backblaze B2 that simply said: file name segment must be no more than 250 bytes

Nice, right? Digging into the logs, I found that it was erroring out on an amazingly long .JS file a user had copied over with a bunch of personal files.

Enter SuperDelete on Github. Download it from the release page or compile it yourself, move it to the problem folder and let it do its magic. Simply run the executable (no installation necessary!) and name the file in question and you’re golden!

Disabling IMAP and POP Enabled for Mailboxes in Office365 Using Powershell V2 Module

I recently wrote about Microsoft’s new Powershell V2 Module and locating IMAP and POP enabled mailboxes using it. Now we’re going to get to disabling IMAP and POP to keep things secure! As of the date of this post (January, 2020) there are no new V2 modules to Set-CASMailbox, so we’ll have to use a V1 command. This will disable IMAP and POP across the tenant:

Get-EXOCASMailbox -Filter {IMAPEnabled -eq $True -or POPEnabled -eq $True} | Set-CASMailbox -ImapEnabled $false -PopEnabled $false

If you’d like to see a list of who will have the settings applied, you can add -whatif to the end

Locating IMAP and POP Enabled from Mailboxes in Office365 Using Powershell V2 Module

Using Microsoft’s recently released Exchange Online PowerShell V2 Module, we can easily find IMAP and POP from mailboxes in Office365 via Powershell.

Finding IMAP and POP Mailboxes, Powershell V2:

Get-EXOCASMailbox -Filter {IMAPEnabled -eq $True -or POPEnabled -eq $True}

If you’d like to disable, take a look at my next post about doing that!

Using Microsoft’s New Exchange Online PowerShell V2 module

Microsoft recently released a preview of their new Exchange Online Powershell module. One of the highlights is that it has built-in support for MFA-enabled admin accounts. One of my biggest pet peeves was that Microsoft made you jump through hoops and poorly supported MFA with their V1 module.

To get started, install the module from the Powershell gallery via

Install-Module -Name ExchangeOnlineManagement

Note only Powershell 5 is supported, with Powershell Core and 7 support coming… soon.

The commands have changed too. Get-Mailbox is still able to be run, but the new command is Get-EXOMailbox, which yields output more efficiently then its predecessor according to Microsoft, by changing what properties get shown and not including blank properties.

You can now connect via “Connect-ExchangeOnline” which creates an MFA-capable prompt. After you sign-in, you’re shown the new cmdlets!

Powershell One-Liner: Find all PST files on a workstation

For reasons I don’t want to get into, I’ve had to locate all PST files on a number of workstations. Plugging this one line Powershell command into our RMM, I was able to see what workstations had what files and upload them to Office365 for safe(r) keeping.

gci -path c:\ -recurse -include *.pst -erroraction 'silentlycontinue'|select-object fullname,lastwritetime | fl fullname