SS Technology Forum

SS Technology Forum

Computer Migration - Things to Consider

Here are a few points which you can consider while doing computer migration. These points are applicable to all migrations irrespective of the migration tool (ADMT, NetIQ, Quest etc)

Active Directory User Migration

Here is a graphical representation of the high level steps involved in an Active Directory migration using ADMT

User Migration and Merging Using Quest Migration Manager

Pre-creating user account in the target domain is a common scenario these days due to single-sign-on solution, HR management procedure etc

Microsoft Right Management Service (RMS)

Rights Management Service (RMS) is an add-on to many RMS aware applications. In this article my main focus is to explain how we can utilize RMS technology with Exchange 2003 and how we can take advantage of RMS technology to increase the email security

Microsoft ISA Server

I am sure we have all either encountered or heard of this "problem" one time or another if the ISA Server is part of the Active Directory Domain. Is it a problem?

Tuesday, May 5, 2015

SCCM Integrated Intune – iOS and Android Store App Deployment

SCCM Integrated Intune  - iOS and Android Store App Deployment

You have two deployment options (Available and Required) when deploying applications though SCCM as shown in the following screenshot:


Currently, the App Store (from Apple or Android) “"deployment using “Required” (push deployment) option is not supported (doesn't work) by Microsoft.  The “Available” applications will show up on end user devices.  The “Required” applications won’t show up.   This is a limitation of SCCM integrated Intune.  The standalone Intune deployment supports both options. 

According , “Required” install is supported only for sideloaded app.


In a standalone Intune deployment, these options are little different.  If you deploy application to devices you only see the “Required” option .  If you deploy applications to users, you will see “Required” and “Available” options. 

 Device Deployment:


User deployment:


Monday, April 27, 2015

Microsoft Intune and Device Registration Error

The device registration errors in Microsoft Intune can be misleading.  I was getting This service is not supported, MdmAuthorityNotDefined, A connection to the server could not be established etc errors during an Apple device enrollment.  This was my test device. I have used this device with different user account, Intune subscription etc. 

Possible issue #1

In my case, the following 2 errors were due to duplicate/already enrolled device information in Intune.  Everything started working once I removed the existing device entry from Intune. 

Error #1:

Device not added

This service is not supported

Error: MdmAuthorityNotDefined




Error #2:

Profile Installation Failed

A connection to the server could not be established


Error #3:

Service not supported



Possible issue #2

In this case, the user was not part of the Intune collection.  You can see the current configuration from SCCM->Intune subscription properties.




Tuesday, April 14, 2015

Microsoft Intune – Service Status Dashboard

I am not sure you are aware of this, you can check the Microsoft Intune service status using the following URL:



If you are you logged in, it will display your service instance name as shown in the following screenshot:



Tuesday, April 7, 2015

Microsoft Azure - Service Status Dashboard

Here is a great way to identify any maintenance or service related issues with Microsoft Azure service.  The  portal gives you a real time update on Azure services.  You can even subscribe to a feed.



Tuesday, March 10, 2015

Azure Management Portal – You have signed out elsewhere


The Azure management portal ( generates a “You have signed out elsewhere. Click OK to log out from the management portal”   error message during the sign in process. 




  1. Clear Cache and Cookies from your browser. 
  2. Press Escape (ESC) key as a workaround to clear this annoying message. 

Thursday, February 26, 2015

F5 VPN Plug-in and NPuroamHost.dll Issue

By default, the F5 VPN plug-in (F5 Networks Firepass Host Plugin) doesn't install from Internet Explorer 11 browser.  If you try the manual installation option, you will get only the NPuroamHost.dll file. Copying and pasting this DLL doesn’t work and also, you won’t be able to find a plug-in directory. 



You can resolve this issue by adding your VPN URL or company URL to Compatibility View Settings in IE.

image image

Thursday, February 12, 2015

PowerShell TTUC #117 - $FormatEnumerationLimit – Displaying Complete Text

PowweShell Tips, Tricks and Useful Commands #17

Some PowerShell commands don’t display the complete text in the output even if you use Format-List or Format-Table etc command with specific width information.   The result displays with … ellipsis. The $FormatEnumerationLimit variable can be used to control this behavior. Default value is 16. You can set the value to –1 to remove this limitation or set the value to unlimited characters.



Monday, December 1, 2014

Group Managed Service Account (gMSA) – Access Denied

I have seen a lot of questions on TechNet forums about Access Denied error when installing Group Managed Service Account (gMSA) using Install-ADServiceAccount PowerShell cmdlet. 

Install-ADServiceAccount : Cannot Install service account.  Error Message: ‘{Access Denied}



This error message can be little misleading if you are using proper administrative credentials.  If you are using a security group for your host servers (PrincipalsAllowedToRetrieveManagedPassword), you need ensure that this particular server is part of that security group.  If you have recently added this server to the group, you need to restart the server to get the updated group membership.  The service account cannot be installed on the server before verifying the group membership.

Thursday, October 23, 2014

Azure Directory Sync - Global Admin and Multifactor Authentication

I was trying configure Azure directory synchronization and it was keep failing with “The use name or password is incorrect.  Verify you name, and then type your password again.” error message.



I knew that the user name and password are correct.  For some other testing purpose I enabled Multi-Factor Authentication on this account that was causing the issue. Everything started working after disabling MFA on this account. 


Tuesday, October 21, 2014

Azure Active Directory Sync – Object Selection and Synchronization Schedule

Finally I got some time to play with the new Azure Active Directory Sync tool and configuration.   You can see the new features of this tool in Alex Simons’  blog -


The installation was very straight forward.  The step-by-step instruction are provided in the article.  The administration tools and scripts are located in difference places which was little confusing in the beginning.  There  are three tools available to administer or customize the AAD sync configuration. 

Synchronization Service Manager - C:\Program Files\Microsoft Azure AD Sync\UIShell\miisclient.exe

Synchronization Rules Editor - C:\Program Files\Microsoft Azure AD Sync\UIShell\SyncRulesEditor.exe

Synchronization Service Key Management - C:\Program Files\Microsoft Azure AD Sync\Bin\miiskmu.exe

Synchronization Service Manager

This is where you administer or customize your synchronization options.  It is an MIIS client. In the backend it creates Management Agent (MA) for your directory and Azure. 


The default location of this file (missclient.exe) is in C:\Program Files\Microsoft Azure AD Sync\UIShell


By default, the Azure AD sync schedule to run every 3 hours.    It is Windows scheduled task as shown in the following screenshot:


You can manually force the replication from here if needed.   In the backend it calls the DirectorySycnClientCmd.exe file which is located in C:\Program Files\Microsoft Azure AD Sync\Bin\ folder.

Note:  If you have Office 365 in a hybrid mode, changing the default schedule or creating a custom schedule is not recommended or supported. 


Object Filter and Customization

Object selection and customization can be performed using the Synchronization Service Manager tool.



Synchronization Rules Editor

This is where you can create custom filters based on an attribute or attribute values. By default, this tool (SyncRulesEditor.exe) is located in C:\Program Files\Microsoft Azure AD Sync\UIShell\folder. 


You can create a new filter by selecting the Add new rule button in the Synchronization Rules Editor



If you are planning to use an attribute based filer, make sure that the required attribute is selected (enabled) in the connector (MA) properties.






Popular Posts


Twitter Delicious Facebook Digg Stumbleupon Favorites More