ADUsers&Comps**SolarWinds make a free tool GUI for this :

*****More AD Cleaup Tools

You can run these commands in a command prompt on any DC or PC With Active Directory Tools installed

Time Perioud = Weeks so for example let’s work with 6

How to find the CN or OU Path

Open Active Directory Users and Compuer , Click on View and Advanced Features

Find the OU you need to reference and Click on Properties, Attribute Editor Tab and Copy the distinguishedName 


Computer Accounts

Find Old Disabled or Enabled Computer accounts across the whole domain older than 6 weeks

dsquery computer -inactive 6 -limit 0

Powershell Find Only Enabled Computer inactive for 3 Months 

Search-ADAccount -ComputersOnly -AccountInactive -TimeSpan "90" | ?{$_.enabled -eq $True}

Find computer accounts old than 6 weeks and disable

dsquery computer -inactive 6 -limit 0 | dsmod computer -disabled yes

Find Old Computers in a Group CN e.g. if the Icon Looks like this : CN_Group

dsquery computer -inactive 6 -limit 0 CN=Computers,DC=domain,DC=local (Add to stop it going further then the current folder) -scope onelevel

Find Old Computers in a Operation Unit OU e.g. if the Icon Looks like this : OU

dsquery computer -inactive 6 -limit 0 OU=Clients,DC=domain,DC=local (Add to stop it going further then the current folder) -scope onelevel

Query THEN DELETE computer objects which have been inactive for 8 weeks in a specific OU and name starts with PCNAME

dsquery computer "OU=Computers,OU=OUNAME,DC=domain,DC=local" -inactive 8 -name PCNAME* | dsrm -noprompt

User Accounts

Find Old Disable or Enabled User accounts across the whole domain older than 6 weeks

dsquery user domainroot -name * -inactive 6

Powershell Find Only Enabled User inactive for 3 Months 

Search-ADAccount -UsersOnly -AccountInactive -TimeSpan "90" | ?{$_.enabled -eq $True}

Exchange Active User accounts

(Get-MailboxStatistics -Server <exchangeservername> | where {$_.LastLogonTime -gt ((get-date).AddDays(-60))}).count

Find Old User accounts across the whole domain older than 6 weeks and disable 

dsquery user domainroot -name * -inactive 6 | dsmod user -disabled yes


Get-ADUser –filter * -Properties passwordLastSet,whencreated,lastlogondate,Enabled,PasswordNeverExpires | Where { ($_.passwordLastSet –eq $null –or $_.lastlogondate –gt (Get-Date).AddDays(-30)) -and ($_.Name -notlike “*svc*” -and $_.Name -notlike “*Admin*” -and $_.Name -notlike “*test*” -and $_.Name -notlike “*huonit*” -and $_.Name -notlike “*Room*” -notlike “*Mailbox*” -notlike “*Exchange*” -notlike “*Service*” -notlike “*Helpdesk*”) }| Select Name


VN:F [1.9.22_1171]
Rating: 10.0/10 (1 vote cast)
VN:F [1.9.22_1171]
Rating: -1 (from 1 vote)

DSSPlayerWhen opening DSS player after modifying the registry or profile settings you might get the following error message

The application cannot be executed because the following Shell Folder defined in the registry cannot be found. Please contact the system administrator. Templates

Open up Regedit and browse to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

Check for Templates

In my case the following folder was not available


Recreating this folder fixed the problem. This error message might also display MyDocuments , So I would check the My Documents path in Olympus in the program if you can get in or the registry is set correctly. If not reinstalling should recreate this!

VN:F [1.9.22_1171]
Rating: 9.3/10 (12 votes cast)
VN:F [1.9.22_1171]
Rating: +3 (from 3 votes)

proxyexceptionsRecently we needed to add an address in the

“Do not use proxy server for addresses beginning with”

Setting’s in internet explorer. The box was greyed out via group policy , however this was just for a single user using a a remote citrix enviroment and didn’t have the time to roll it out through Group Policy.

Windows stores the entry in the following location :

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]


So open up regedit and modify the enteries via this key!

VN:F [1.9.22_1171]
Rating: 5.0/10 (3 votes cast)
VN:F [1.9.22_1171]
Rating: +1 (from 1 vote)

w7ao5[1]Upon some testing today inside a company that uses roaming profiles, after upgrading a user’s machine with Office 2010 from Office 2003. The user’s Outlook profile updated , however when the user tried to log back into an Office 2003 box , the profile for Outlook did not load.

The only way to get this working back on a Outlook 2003 machine is to delete the Outlook profile and let it rebuild. This will work until the next time the user logs in and out of a 2010 box!

Not ideal, so would fully recommend rolling out the same version of Office throughout an organisation if they use Roaming Profiles!

VN:F [1.9.22_1171]
Rating: 10.0/10 (1 vote cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

IC101558[1]I would like to thank Dan Furse from Response IT for this little trick bit!

When virtulising a domain controller from Physical to Virtual, it is recommended to segregate it from any other domain controllers on the network in-case replication occurs during the convert. Usually servers will be offsite so you can disable the site to site VPN’s during the conversion, onsite you will need to swap the host to a different unroutable subnet  and assign the virtual host an ip on that network for the management port.

After migration you might find that the server’s DNS and DC functionality has stopped working.

If you have a DC that is:

a)      A FSMO role holder

b)      NOT the only DC in a domain

c)       Booted standalone (ie it can’t contact any other DCs in the domain)

If the FSMO role holder can’t talk to at least one of its inbound replication partners after a reboot, it won’t advertise itself as either a DC or a DNS server. This is a precaution in case the FSMO roles may have been changed on other DCs while this one was down, so it has to do an initial sync to check that it is still the FSMO holder before it allows DNS/DC connections

You will need to add the following Registry Key and Reboot the machine, then it will skip initial replication and boot standalone.


“Repl Perform Initial Synchronizations”=dword:00000000

VN:F [1.9.22_1171]
Rating: 2.5/10 (2 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

2011-08-16-10-18-08-ec0666[1]After updating Firefox to Version from version 17 to 18 via automatic update it displays the following error message when trying to vists SSL sites ( via HTTPS://)

“The proxy server is refusing connections”

After rolling this back down to version 17 with the installer it starts to work again

We do use a proxy onsite provided by Network Box with no authentication.

I have had to disable automatic firefox updates via , to stop it updating

Select “Tools” and “Options” and wait for the pop-up window to appear. Choose “Advanced” and “Update.”


*** Update *** 21/01/2013

Known Firefox Issue :

Firefox 17 Links

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

wrldbfree-rww-21[1]On trying to access the Remote Web Workplace on a Small Business Server 2003 / 2008 server on a brand new machine, the Active X Client Would Not Load. After clicking the connect button a white screen would be displayed and nothing would happen.

1) The ActiveX Control was enabled and installed

2) The Site was added to Trusted Sites

3) Made sure UAC was turned off

4) Made sure I could register mstscax.dll

Upon trying to run a VB Scribt to add the Registry Values I was greeted with the following Error message

Can’t find script engine “VBScript” for script.

As per this link this was caused by Macafee being preinstalled on the machine ( Even though it was BullGuard currently installed as the AV )

I downloaded the Macafee Removal Tool , ran and removed , restarted and it fixed the Remote Web Workplace issue as well as the VB Script Problem!

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

This is the same connection settings as BT Infinity Fibre ( all the ISP’s resell BT’s Service ) as per link here :

The Main Settings Are :

[WAN] > [General Setup] > [WAN1] and DSL Mode : VDSL and set the WAN VLAN ID should be set to 101

[WAN] > [Internet Access] and set the Connection Type as PPPoE. Enter the username / password details that were provided by your ISP in the appropriate fields as shown:

VN:F [1.9.22_1171]
Rating: 7.0/10 (3 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)
  1. Creat new user – BESADMIN
  2. Make BESAdmin a member of Administrators Group
  3. Assign the BesAdmin user “log on as a service” rights in the Default Domain Controller Policy through Group Polic
  4. Run the following in Exchange Management Shell
  • Get-MailboxDatabase | Add-ADPermission -User “BesAdmin” –AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin
  • Add -RoleGroupMember “View-Only Organization Management” -Member “BesAdmin”
  • Add-ADPermission -InheritedObjectType User -InheritanceType Descendents –ExtendedRights Send-As -User “BesAdmin” -Identity “OU=SBSUsers,OU=Users,OU=MyBusiness,DC=COMPANY,DC=local”
  • Get-ThrottlingPolicy | Where-Object {$_.IsDefault -eq “True”}|Set-ThrottlingPolicy -RCAMaxConcurrency $null
  1. Set Send/Receive As Security for Users
  • In Activate Directory Users and Computer, view Advanced Properties.
  • View properties of the SBS Users OU.
  • Select Security
  • Add BESAdmin
  • Click Advanced
  • Highlight BESAdmin.
  • Click Edit
  • Select Descendant User Objects in the drop down
  • Check the boxes for SendAs and ReceiveAs
  • Click OK 3 times

  1. Install the Exchange MAPI CDO 1.2.1 package
  1. IPv4 Host File entry for the server (e.g. SBSSERVER01).

Now perform a default installation of the BESExpress Software.

  • After BESExpress is installed, enable the Hard Deletes Setting:
  • Log into the BlackBerry Administration Service.
  • In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > Email.
  • Click the instance that you want to change.
  • Click Edit instance.
  • On the Messaging tab, in the Messaging options section, in the Hard deletes reconciliation drop-down list, click True.
  • Click Save all.
  • On the computer that hosts the BlackBerry Dispatcher, restart BlackBerry Dispatcher service.
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

( Courteous of ) for future reference

First of all we need to install the Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 if these have not already been done. You can download these from:

Your Server must also have Microsoft Exchange Server 2007 Service Pack 2 and all Patches Installed.

Once you have installed the above, you then need to Raise Windows Server 2008 Active Directory Domain and Forest Function Levels.

  1. To do this launch “Active Directory Users and Computers” from the Administrative Tools
  2. Right click your domain and choose ‘Raise Domain Function Level’
  3. Choose Windows Server 2008 and click Raise, Accept and Ok and then Ok upon Success
  4. Close MMC and then launch “Active Directory Domains and Trusts” from the Administrative Tools.
  5. Right Click ‘Active Directory Domains and Trusts’ and select Raise Forest Function Level.
  6. Choose Windows Server 2008 and click Raise, Accept and Okay and then Ok upon Success.

 Next, we need to create a Windows account and mailbox to act as the Blackberry Enterprise Server Express Account

  1. Open the Exchange Management Console
  2. Select the Recipient Configuration Node, and then the Mailbox Note. Click on “New Mailbox” on the right
  3. Select “User Mailbox” as the type and then click next, Create a Mailbox for “New User” and click next
  4. Fill in the usual fields First Name, Name, User Logon Name and give a strong password to the account (BESAdmin – Recommended Username) and then click next.
  5.  Select the Mailbox Database you wish to add the account too, click on next and then new

Once that process has been completed successfully, you then need to configure some settings within Exchange Server 2007 using the Exchange Management Shell

  1. Launch the Exchange Management Shell
  2. Type in the following PowerShell command to set ViewOnlyAdmin role for BESAdmin

add-exchangeadministrator “BESAdmin” -role ViewOnlyAdmin

  1. Type in the following PowerShell command to assign the ms-Exch-Store-Admin, Receive As, and Send-As Permissions for BESAdmin

get-mailboxserver “ContosoServer” | add-adpermission -user “BESAdmin” -accessrights ExtendedRight -extendedrights Receive-As, ms-Exch-Store-Admin, Send-As

 Next we need to configure the server that will host the Blackberry Enterprise Server Express Software

  1. Launch “Active Directory users and Computers”
  2. Select the hive Builtin and double click ‘Administrators’
  3. Choose the tab ‘Members’ and click on Add, Type ‘BESAdmin’ and click ‘Check Names’, Click Ok, Apply and then Ok
  1. Launch Group Policy Management
  2. Right click ‘Default Domain Controllers Policy’ and then choose ‘Edit’
  3. Choose Computer Configuration –> Windows Settings –> Security Settings –> Local Policies –> User Rights Assignment and double right click in the right pane ‘Allow log on locally’
  4. Click ‘Add User or Group’ , Browse, Type ‘BESAdmin’ and click ‘Check Names’  click on Ok, Apply and then Ok.
  5. Scroll down and double click ‘Log on as a Service’
  6. Check ‘Define these policy settings’ and click ‘Add User or Group’
  7. Click Browse, type ‘BESAdmin’ and click ‘Check Names’ and then Click on Ok, Ok, Apply and then Ok

Once you have completed these steps, we will then need to configure the Database Server and Run the BES Setup but before we can do that we need to get you on to the RIM website to Register and Download the Software and get all of the Licence/CAL keys you will be required to enter later.

NOTE: You need to now Logoff from the Server and logon with the BESAdmin account you created earlier, if you DO NOT do this then the whole thing will just fail and give you a headache!

Run the download, unzip the contents into a folder C:\BESExpress and the setup will start automatically.

Make sure that on the prompt it states you are logged in with the BESAdmin account and the domain shown is correct.

Fill in the details asked for, Username/Organisation/Country and accept the Licence Agreement.

On the next screen choose ‘Create a Blackberry Configuration Database’ and click on next, choose the defaults and then click on next, go through the checklist and make sure you do not see any warnings. If you do then please correct the warnings by installing any components you may be missing. (If your server is up to date then this should be fine).

On SBS2008 there is already a SQL 2005 Instance, you can choose to install the database into the SBSMonitoring Instance but I would recommend that you create a dedicated instance, the BES Express software will look after all of that for you.

So, on the next screen choose “Install Microsoft SQL Server 2005 Express Edition SP3 on this Computer”, and then click on next.

Fill in the Password and the name of your server and then click on next, make sure you type in this information correctly otherwise again you will have problems further down the line, review your settings and click Install.

Go and grab yourself a drink, and some lunch if it’s that time already and when you return it should be prompting you to restart the server. After the server has restarted make sure you logon again with the BESAdmin account otherwise it won’t continue the setup.

*NOTE it won’t fail if you logon with Administrator by accident, just logoff and login as the right user.

Once you have logged back on to the server, the installation should pop back up for you on screen, leave the settings as they are on screen and select next.

Wait a couple of seconds and then you will be asked to create the BESMgmt Database, Choose Yes and then the database will be created, Click on Ok once you the Success Info Prompts.

On the next screen you will be asked to fill in the CAL Key, SRP Identifier and Authentication Key, Click on Verify on both SRP Host and SRP Authentication Information, upon success click next

On the next screen, fill in the name of your server and the mailbox field is the user you created earlier BESAdmin, Select ‘Check Name’ and then Apply and Ok

Next, type in a password for the SSL Certificate and click on next

On the next screen type in the account credentials to allow the Blackberry Administration Service to Authenticate users in Microsoft Active Directory, NOTE: DO NOT use the BESAdmin account here, Use the account you created upon Installation of the Server Operating System i.e. Administrator and then click Next.

On the next screen I chose to use a Non Active Directory Account to manage the Blackberry Accounts, So Select “Use Blackberry Administration Services Authentication” and type in a Secure Password, and then click next.

Nearly Finished, Click on “Start Services” on the next page and sit back and wait in suspense, click on next and then you should see the results come back as Successful.

Then make a Note/Save the URL’s and then click on Finish

Finally, configure the firewall on the Small Business Server to allow access to the Blackberry Administration Service and Web Desktop Manager. I personally chose to do this via Command Prompt but it can be doing using the GUI via Control Panel.

  1. Launch Command Prompt (Start > Run > CMD > Enter)
  2. Type netsh firewall add portopening TCP 3443 “BESExpress Management Port” and press Enter.
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)