Category: Microsoft
Active Directory Federation Services (AD FS) Server 2016
Azure AD Connect Adds Support for Windows Server 2016 and SQL 2016
If you’re a customer who uses Azure Active Directory Connect, you’ll want to know that Microsoft just released version 1.1.343.0, which adds support for Windows Server 2016 and SQL Server 2016 and fixes some bugs.
Improvements:
– Added support for installing Azure AD Connect on Windows Server 2016 standard or better.
– Added support for using SQL Server 2016 as the remote database for Azure AD Connect.
– Added support for managing AD FS 2016 using Azure AD Connect.
Fixed issues:
– Sometimes, installing Azure AD Connect fails because it is unable to create a local service account whose password meets the level of complexity specified by the organization’s password policy.
– Fixed an issue where join rules are not re-evaluated when an object in the connector space simultaneously becomes out-of-scope for one join rule and become in-scope for another. This can happen if you have two or more join rules whose join conditions are mutually exclusive.
– Fixed an issue where inbound synchronization rules (from Azure AD) which do not contain join rules are not processed if they have lower precedence values than those containing join rules.
Microsoft Deployment Toolkit (MDT) build 8443
The Microsoft Deployment Toolkit (MDT), build 8443, is now available on the Microsoft Download Center. This update requires the Windows Assessment and Deployment Kit (ADK) for Windows 10, version 1607, available on the Microsoft Hardware Dev Center (adksetup.exe file version 10.1.14393.0).
You may notice that we are not tagging this release with a year or update version. To better align with the current branches of Windows 10 and Configuration Manager, and to simplify the branding and release process, we are now just referring to it as the “Microsoft Deployment Toolkit”, using the build number to distinguish each release. This is not necessarily a “current branch” of MDT; we are committed to updating MDT as needed with revisions to Windows, the Windows ADK, and Configuration Manager.
Here is a summary of the significant changes in this build of MDT:
- Supported configuration updates
- Windows ADK for Windows 10, version 1607
- Windows 10, version 1607
- Windows Server 2016
- Configuration Manager, version 1606
- Quality updates
- Deployment Wizard scaling on high DPI devices
- Johan’s “uber bug” for computer replace scenario
- Multiple fixes for the Windows 10 in-place upgrade scenario
- Several fixes to Configure ADDS step
- Removed imagex/ocsetup dependencies, rely solely on DISM
- Includes the latest Configuration Manager task sequence binaries (version 1606)
Exchange Team has released Quarterly Exchange Updates
– A new Outlook on the web compose experience
– Support for .Net 4.6.2
– Change to Pre-Requisites installed by Setup
– Update on Windows Server 2016 support KB3206632
– Latest time zone updates
– Important Public Folder fix included in these releases
Exchange Server 2016 Cumulative Update 4 (KB3177106), Download, UM Lang Packs
Exchange Server 2013 Cumulative Update 15 (KB3197044), Download, UM Lang Packs
Exchange Server 2010 Service Pack 3 Update Rollup 16 (KB3184730), Download
Exchange Server 2007 Service Pack 3 Update Rollup 22 (KB3184712), Download
IIS Crypto the best tool to configure SSL/TLS cipher suites
IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2008, 2012 and 2016. It also lets you reorder SSL/TLS cipher suites offered by IIS, implement best practices with a single click, create custom templates and test your website.
Features
– Single click to secure your website using best practices
– Create custom templates that can be saved and run on multiple servers
– Stop DROWN, logjam, FREAK, POODLE and BEAST attacks
– Disable weak protocols and ciphers such as SSL 2.0, 3.0 and MD5
– Enable TLS 1.1 and 1.2
– Enable forward secrecy
– Reorder cipher suites
– Built in Best Practices, PCI, PCI 3.1 and FIPS 140-2 templates
– Site scanner to test your configuration
– Command line version
WMI Filters for OS version
DESKTOPS
ANY WINDOWS DESKTOP OS
- Any Windows Desktop OS – 32-bit
select * from Win32_OperatingSystem WHERE ProductType = “1” AND NOT OSArchitecture = “64-bit” - Any Windows Desktop OS – 64-bit
select * from Win32_OperatingSystem WHERE ProductType = “1” AND OSArchitecture = “64-bit”
WINDOWS 7
- Windows 7
select * from Win32_OperatingSystem WHERE Version like “6.1%” AND ProductType=”1″ - Windows 7 – 32-bit
select * from Win32_OperatingSystem WHERE Version like “6.1%” AND ProductType=”1″ AND NOT OSArchitecture = “64-bit” - Windows 7 – 64-bit
select * from Win32_OperatingSystem WHERE Version like “6.1%” AND ProductType=”1″ AND OSArchitecture = “64-bit”
WINDOWS 8.1
- Windows 8.1
select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”1″ - Windows 8.1 – 32-bit
select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”1″ AND NOT OSArchitecture = “64-bit” - Windows 8.1 – 64-bit
select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”1″ AND OSArchitecture = “64-bit”
WINDOWS 8.1
- Windows 8.1
select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”1″ - Windows 8.1 – 32-bit
select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”1″ AND NOT OSArchitecture = “64-bit” - Windows 8.1 – 64-bit
select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”1″ AND OSArchitecture = “64-bit”
WINDOWS 10
- Windows 10
select * from Win32_OperatingSystem WHERE ‘Version like ‘10.0.%’ AND ProductType=”1″ - Windows 10 – 32-bit
select * from Win32_OperatingSystem WHERE Version like “10.0.% AND ProductType=”1” AND NOT OSArchitecture = “64-bit” - Windows 10 – 64-bit
select * from Win32_OperatingSystem WHERE Version like “10.0.%””6.3%” AND ProductType=”1″ AND OSArchitecture = “64-bit”
SERVERS
ANY WINDOWS SERVER OS
- Any Windows Server OS
select * from Win32_OperatingSystem where (ProductType = “2”) OR (ProductType = “3”) - Any Windows Server OS – 32-bit
select * from Win32_OperatingSystem where (ProductType = “2”) OR (ProductType = “3”) AND NOT OSArchitecture = “64-bit” - Any Windows Server OS – 64-bit
select * from Win32_OperatingSystem where (ProductType = “2”) OR (ProductType = “3”) AND OSArchitecture = “64-bit” - Any Windows Server – Domain Controller
select * from Win32_OperatingSystem where (ProductType = “2”) - Any Windows Server – Domain Controller – 32-bit
select * from Win32_OperatingSystem where (ProductType = “2”) AND NOT OSArchitecture = “64-bit” - Any Windows Server – Domain Controller – 64-bit
select * from Win32_OperatingSystem where (ProductType = “2”) AND OSArchitecture = “64-bit” - Any Windows Server – Non-Domain Controller
select * from Win32_OperatingSystem where (ProductType = “3”) - Any Windows Server – Non- Domain Controller – 32-bit
select * from Win32_OperatingSystem where (ProductType = “3”) AND NOT OSArchitecture = “64-bit” - Any Windows Server – Non-Domain Controller – 64-bit
select * from Win32_OperatingSystem where (ProductType = “3”) AND OSArchitecture = “64-bit”
WINDOWS SERVER 2008 R2
- Windows Server 2008 R2 – 64-bit – DC
select * from Win32_OperatingSystem WHERE Version like “6.1%” AND ProductType=”2″ - Windows Server 2008 R2 – 64-bit – non-DC
select * from Win32_OperatingSystem WHERE Version like “6.1%” AND ProductType=”3″
WINDOWS SERVER 2012 R2
- Windows Server 2012 R2 – 64-bit – DC
select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”2″ - Windows Server 2012 R2 – 64-bit – non-DC
select * from Win32_OperatingSystem WHERE Version like “6.3%” AND ProductType=”3″
WINDOWS SERVER 2016
- Windows Server 2016 – 64-bit – DC
select * from Win32_OperatingSystem WHERE Version like “10.0%” AND ProductType=”2″ - Windows Server 2016 – 64-bit – non-DC
select * from Win32_OperatingSystem WHERE Version like “10.0%” AND ProductType=”3″ - Source: http://www.nogeekleftbehind.com/2016/01/19/os-version-queries-for-wmi-filters/
Powershell Add AD Group Member to Group
get-adgroupmember -identity “orginalgroup” | Get-ADuser | Foreach-Object {Add-ADgroupmember -identity “destinationgroup” -Members $_}
Don’t Deploy Exchange Server 2016 on Windows Server 2016 For Now Due to Stability Issues
Since the release of Exchange Server 2016 Cumulative Update 3 (CU3), which added support for installing Exchange 2016 onto Windows Server 2016 servers, there’s been a series of reports in support forums and blog comments about errors that customers are seeing.
Now Microsoft has acknowledged that there is in fact a known issue, and there is no current workaround for it.
If you attempt to run Microsoft Exchange 2016 CU3 on Windows Server 2016, you will experience errors in the IIS host process W3WP.exe. There is no workaround at this time. You should postpone deployment of Exchange 2016 CU3 on Windows Server 2016 until a supported fix is available.
That’s all the detail that has been publicly released by Microsoft at this time, but the guidance is clear. You should deploy Exchange 2016 only on Windows Server 2012 R2 until further notice.