Contact
If you want to contact me through this blog, then please either click on the following link:
Click Here For A Question Or Request
Regards,
Jorge
Jorge's Quest For Knowledge!
All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!
For Ad Free Blog
Social Media
Profiles
Statistics
Other Cool Blogs
Interesting Places To Visit
The Knowledge Archives
RSS Links
-
Join 2,027 other subscribers
Categories
- Active Directory Certificate Services (ADCS) (30)
- CAPOLICY.INF (2)
- Certificate Templates (2)
- Certificates (3)
- Learning Guide (1)
- OCSP (13)
- SHA1 (1)
- Active Directory Domain Services (ADDS) (330)
- Account Expiration Notification (1)
- Active Directory Users And Computers (2)
- Active Directory Web Service (2)
- AD Queries (30)
- ADSIEDIT (2)
- Auditing (11)
- AuthN (8)
- Azure AD Connect Health (3)
- Backup And Restore (11)
- Confidential (1)
- Conflicting Objects (1)
- Data Set (1)
- DC Locator (8)
- Deactivate/Defunct (1)
- Delegation (5)
- Delegation Of Control (18)
- Documentation (1)
- Domain Join (3)
- DomainPrep (1)
- Fine Grained Password Policies (12)
- Forest Recovery (14)
- ForestPrep (1)
- FSMO (2)
- Functional Levels (1)
- Group Policy Objects (5)
- Group Policy Preferences (2)
- Indexing (4)
- Install From Media (1)
- KCC (8)
- Kerberos AuthN (25)
- Kerberos Constrained Delegation (3)
- KrbTgt Account (10)
- Last Logon Information (4)
- LDAPS (1)
- LDP (2)
- Lingering Objects (1)
- Metadata Cleanup (10)
- Naming/Limits (1)
- NTLM AuthN (12)
- Object Deletion/Restore (13)
- Password Expiration Notification (7)
- Passwordless (2)
- Passwords (15)
- Performance (1)
- Promotion/Demotion (17)
- Ransomware (2)
- Read-Only Domain Controller (9)
- Replication (36)
- RODCPrep (1)
- Schema (21)
- Security (18)
- Selective AuthN (1)
- Sizing (2)
- SYSVOL (25)
- Trusts (7)
- Updates (1)
- Upgrade (1)
- Vulnerability (2)
- What's New (1)
- Active Directory Federation Services (ADFS) (126)
- Attribute Store (1)
- Auditing (1)
- Auto Certificate Rollover (3)
- Azure AD / Office 365 (5)
- Azure AD Connect Health (1)
- Azure AD MFA Adapter (7)
- Certificate Based AuthN (2)
- Certificates (15)
- Claim Types (5)
- Claims (5)
- Claims Based Apps (6)
- Claims Rule Language (10)
- Configuration (2)
- DB On SQL (3)
- DB On WID (6)
- Device Registration (2)
- Endpoints (1)
- Enterprise PRT (1)
- Export/Import (2)
- Farm (3)
- Federation Metadata (9)
- Federation Trusts (11)
- Forms Based AuthN (4)
- Hardening (1)
- Home Realm Discovery (HRD) (3)
- Identity Stores (3)
- IdP-Initiated (3)
- JWT Tokens (1)
- Kerberos Constrained Delegation (1)
- Migration (5)
- onload.js (2)
- Ports (3)
- Pre-Authentication (1)
- Proxy Service (5)
- RelayState (1)
- SALESFORCE.COM (1)
- Security Token Service (STS) (16)
- Security Tokens (5)
- Service Account (2)
- Shibboleth (1)
- StandAlone (2)
- Tracing (1)
- Transform Rules (6)
- Troubleshooting (2)
- Updates (8)
- Upgrading (2)
- Version (1)
- Web Application Proxy (7)
- Web Themes (1)
- What's New (1)
- Windows Integrated AuthN (5)
- Workplace Join (2)
- Active Directory Lightweight Directory Services (ADLDS) (7)
- Data Set (1)
- Functional Level (1)
- LDAPS (1)
- Apple (1)
- iPad (1)
- Batch Script (4)
- Beta/RC Stuff (58)
- Blog (1)
- Blog Post Series (62)
- Certificates (2)
- Cloud Services (3)
- Company/Employer Stuff (13)
- Conferences (41)
- Core Networking Services (12)
- NTP (6)
- Cyber Attack (1)
- Day-To-Day Stuff (118)
- Design Guides (30)
- Exchange Server (24)
- OWA (1)
- Field Experiences (10)
- Firewall (1)
- Forefront Identity Manager (FIM) bHold (23)
- Updates (16)
- Forefront Identity Manager (FIM) Certificate Management (40)
- Troubleshooting (2)
- Updates (19)
- Forefront Identity Manager (FIM) PCNS (9)
- Updates (7)
- Forefront Identity Manager (FIM) Portal (101)
- Activities (1)
- Backup/Export (1)
- Calendar (1)
- Data Set (1)
- Logon/Access (1)
- Mail Template (1)
- MPR (2)
- PowerShell (1)
- RCDC (5)
- Search Scopes (1)
- Self Service Password Reset (4)
- SET (4)
- Tools (2)
- Troubleshooting (3)
- Updates (21)
- User Verification (1)
- Workflow (5)
- Xpath (2)
- Forefront Identity Manager (FIM) Sync (78)
- Backup/Export (1)
- Connector/MA (9)
- CSExport (2)
- GAL Sync (2)
- Tools (4)
- Troubleshooting (1)
- Updates (23)
- Hardware/Devices (1)
- Identity Lifecycle Manager (ILM) (22)
- Intune (1)
- IT News (22)
- IT Pro Tools (14)
- KB Articles (1)
- Literature (1)
- MCP/MCT (2)
- Microsoft (4)
- Microsoft Authenticator App (3)
- Microsoft Identity Manager (MIM) (11)
- Migration/Upgrade (11)
- Mobile Devices (2)
- MVP (22)
- Networking (8)
- OCS/Lync Server (4)
- Office (1)
- Office 365 (5)
- DirSync (2)
- SSO (3)
- Troubleshoot (1)
- Outlook.com (1)
- Password-Less (2)
- Personal Stuff (17)
- PowerShell (129)
- SaaS Apps (1)
- Security (8)
- Sharepoint Server (16)
- SQL Server (4)
- Tooling/Scripting (127)
- Uncategorized (8)
- VB Script (7)
- Virtualization (26)
- Windows Azure (2)
- Windows Azure Active Directory (149)
- App Access Management (1)
- Azure AD Administrative Units (11)
- Azure AD Application Proxy Connector (1)
- Azure AD B2B (1)
- Azure AD B2C (2)
- Azure AD Cloud Sync (1)
- Azure AD Connect (72)
- Documenter (1)
- Azure AD Connect Health (6)
- Azure AD Domain Services (DCaaS) (2)
- Azure AD Graph (2)
- Azure AD Identity Protection (3)
- Azure AD Join (6)
- Azure AD Password Protection (12)
- Azure AD PRT (1)
- Azure AD Sync (8)
- Branding (1)
- Certificates (2)
- Conditional Access (4)
- Data Set (1)
- DirSync (3)
- Microsoft Graph (8)
- Monitoring/Reporting (1)
- Multi-Factor AuthN (13)
- Pass Through Authentication (2)
- Password Hash Sync (PHS) (1)
- Passwordless (2)
- Passwords (12)
- Portals (2)
- RBAC (3)
- Rights Management (1)
- Self-Service Group Management (1)
- Self-Service Password Reset (6)
- SSO (5)
- Trial (1)
- Troubleshoot (2)
- Windows Client (68)
- Apps (1)
- Event Log (1)
- Remote Server Administration Tools (3)
- Security (1)
- Updates (2)
- User Rights (1)
- WH4B (3)
- Windows Server (157)
- Event Log (1)
- Remote Server Administration Tools (2)
- Security (1)
- Server Core (2)
- Support (1)
- System Wide Proxy Settings (2)
- Updates (5)
- User Rights (1)
- Yammer (1)
- DirSync (1)
- Active Directory Certificate Services (ADCS) (30)
Jorge's Quest For Knowledge! 
(2011-06-14) Oh My Blog – How Much I Have Neglected You! « Jorge's Quest For Knowledge! said
[…] Contact […]
LikeLiked by 1 person
Brajesh Panda said
Jorge, I am very much impressed with your blog contents. Loving it!!
LikeLike
Pictures Temporarily Not Available On my Blog « Jorge's Quest For Knowledge! said
[…] Contact […]
LikeLike
Denny said
Hi Jorge,
This is Denny, the creator of this free automated employee
provisioning/termination app– Z-hire. I wrote this app for the TechNet community a year ago.
Since you run a very informative blog, I would like your help
spread the word. Since my application is free, i need supporters from the
community. It would means a lot if you can help.
Here is a link to my app
http://gallery.technet.microsoft.com/Z-Hire-Employee-Provisionin-e4854d6b
Thanks
LikeLike
Jorge said
it took some time…but I have published a blog post about this tool
LikeLike
josh said
I use LinkedIn to keep track of my professional network, and would like to add you.
I have problem for ADFS certificate renew.
I read your blog https://jorgequestforknowledge.wordpress.com/category/active-directory-federation-services-adfs/
But I still have the problem too.
Claims Based and IFD certificate has been updated successfully. ADFS Relying Party Trust occur down. Test federation metadata, it is fail. The error message in event view is The RSA key used to encrypt the RSA cookie was not found in the given decryption keys.
I did configure the certificate as the secondary “Token Signing” certificate in ADFS management, it is still error.
– josh zhang
LikeLike
(2015-03-24) Notifying Users By E-mail Their Password Is Going To Expire (Update 1) « Jorge's Quest For Knowledge! said
[…] Contact […]
LikeLike
(2015-04-29) Notifying Users By E-mail Their Password Is Going To Expire (Update 2) « Jorge's Quest For Knowledge! said
[…] Contact […]
LikeLike
Paul said
Hi Jorge
Thanks for your script however I am getting the following error.
Missing closing ‘)’ in expression.
At C:\AD-Pwd-Exp-Notify\AD-Pwd-Exp-Notify_v016.ps1:80 char:2
+ <<<< [string]$xmlconfigfilepath,
+ CategoryInfo : ParserError: (CloseParenToken:TokenId) [], ParseException
+ FullyQualifiedErrorId : MissingEndParenthesisInExpression
Thanks
LikeLike
Jorge said
I just download the script through the provided link, executed it, and ran without the error you mention. Are you using the latest version?
LikeLike
Michael said
I am also receiving that same error message when running it on server 2008 R2 SP1 64bit. Fresh from a download, only edited the XML file with the options that pertain to my environment. Did not edit the .ps1 file at all.
LikeLike
Michael said
I’ve also just tried it on a windows 2008 R2 Server with Powershell 3.0 and a Windows 2012 R2 Server with Powershell 4.0. On both of those there are some errors, but the script continues to run. It writes the output to screen and .csv file correctly but it ALWAYS runs in TEST mode no matter what you specify for the executionMode. Running with and without the -force option results in TEST (NO MAILINGS) even when execution mode is set to DEV.
Powershell 3.0/4.0 Errors:
Property ‘Width’ cannot be found on this object; make sure it exists and is settable.
At C:\AD-Pwd-Exp-Notify\AD-Pwd-Exp-Notify_v016.ps1:212 char:2
+ $uiConfigScreenSize.Width = $uiConfigScreenSizeMaxWidth
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : PropertyNotFound
Property ‘Height’ cannot be found on this object; make sure it exists and is settable.
At C:\AD-Pwd-Exp-Notify\AD-Pwd-Exp-Notify_v016.ps1:217 char:2
+ $uiConfigScreenSize.Height = $uiConfigScreenSizeMaxHeight – 5
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : PropertyNotFound
Exception setting “WindowSize”: “Cannot convert null to type “System.Management.Automation.Host.Size”.”
At C:\AD-Pwd-Exp-Notify\AD-Pwd-Exp-Notify_v016.ps1:222 char:1
+ $uiConfig.WindowSize = $uiConfigScreenSize
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], SetValueInvocationException
+ FullyQualifiedErrorId : ExceptionWhenSetting
Powershell 2.0 Error:
Missing closing ‘)’ in expression.
At C:\ad-pwd-exp-notify\AD-Pwd-Exp-Notify_v016.ps1:80 char:2
+ <<<< [string]$xmlconfigfilepath,
+ CategoryInfo : ParserError: (CloseParenToken:TokenId) [], ParseException
+ FullyQualifiedErrorId : MissingEndParenthesisInExpression
LikeLike
Jorge said
Hi,
See if the following will work for you:
regards,
Jorge
LikeLike
(2015-09-22) Notifying Users By E-mail Their Password Is Going To Expire (Update 3) « Jorge's Quest For Knowledge! said
[…] Contact […]
LikeLike
(2015-10-18) Notifying Users By E-mail Their Password Is Going To Expire (Update 4) « Jorge's Quest For Knowledge! said
[…] Contact […]
LikeLike
Dan said
Hi,
I’d like to adapt the script to email users who accounts are expiry not passwords, not sure where to start.
Any advice?
Thanks,
Dan
LikeLike
Jorge said
I do not know what you want to adapt. If you try to explain it to me I may be able to give avice
regards,
jorge
LikeLike
Jorge said
based upon your mail, you would need to adjust the filter of the query to target expiring accounts. However, do you really want to mail a user their account will expire? I do not think that’s a user’s problem, but rather the problem of the user’s manager (who knows when the user will actually stop working)
You need PowerShell scripting skills to adjust this script or see if you can find a script that fits your needs in the scripting gallery on technet
regards,
Jorge
LikeLike
Dan said
Would like to adapt the script to notify users whose accounts are expiring, not really sure how to adapt.
Any advice?
Dan
LikeLike
Jorge said
I do not know what you want to adapt. If you try to explain it to me I may be able to give avice
regards,
jorge
LikeLike
(2016-05-09) Notifying Users By E-mail Their Password Is Going To Expire (Update 5) « Jorge's Quest For Knowledge! said
[…] Contact […]
LikeLike
(2016-07-24) Fixing Web Content Data In ADFS 2012 R2 (v3.0) When Leveraging WID As A Database Store « Jorge's Quest For Knowledge! said
[…] Contact […]
LikeLike
(2016-09-25) FIM/MIM Configuration Export Scripts « Jorge's Quest For Knowledge! said
[…] Contact […]
LikeLike
Arnaud said
This is a really great blog!!!!
LikeLike
klutch14u said
Hi Jorge, I appreciate your blog. I have a question for you, I’m trying to move our ADFS 2.0 DB from one SQL server to another SQL server. Pretty straight forward. I’ve found these highly referenced instructions https://social.technet.microsoft.com/wiki/contents/articles/948.ad-fs-2-0-migrate-your-ad-fs-configuration-database-to-sql-server.aspx but those are to move off WID to SQL. I found this msdn post where I believe you replied to his post, what I’m not sure of is it isn’t clear if you’re saying the ONLY things that need to be followed are step 5 and 7? I’ve been tasked with this move and am not really familiar with SQL or ADFS so I’m trying to make certain I know what steps I need to take, exactly. Thanks for any light you can shed on this for me.
LikeLike
klutch14u said
Sorry, couldn’t figure out how to edit my post and realized I forgot the post you replied in that I mentioned. https://social.msdn.microsoft.com/Forums/vstudio/en-US/3c851a13-24d9-4532-b09a-67bf49742489/adfs-20-move-configuration-database-from-one-sql-to-another-sql-server?forum=Geneva
LikeLike
Jorge said
When moving from on SQL server to another SQL server
On ADFS servers you need to:
* Stop the ADFS service
* Extract the connection string in use by ADFS for the config DB (you do not need this, but you may need when rolling back)
On the target SQL you need to:
* Create the login used by ADFS
On the source SQL you need to:
* Detach the config and artifact database
* COPY the database files over to the target SQL server
On the target SQL you need to:
* attach the config and artifact database
* Make sure every database has the Broker enabled
On ONE ADFS server you need to:
* Update the connection string to target the new SQL server
* Start the ADFS service
* Update the connection string for the artifact database
* REstart the ADFS service
On REMAINING ADFS servers you need to:
* Update the connection string to target the new SQL server
* Start the ADFS service
That’s it
Best Regards,
jorge
LikeLike
Robert Waltercrantz said
Good to see you’re back to blogging !!!
LikeLike
Jorge said
Thank you!
LikeLike
(2018-12-30) PowerShell Script To Reset The KrbTgt Account Password/Keys For Both RWDCs And RODCs « Jorge's Quest For Knowledge! said
[…] Contact […]
LikeLike