tyelford's questions

We have a Google Apps account that we use for most of our work. We also use AD FS 3.0 as an SSO provider to authenticate users. Everything works great with the sign in process. However when signing out, it all falls to pieces.

I followed a guide a long time ago to get it setup and the verified the settings with this guide and checked a few others and the settings should be correct.

When signing out from a Google page, we get redirected to our AD FS sign out url (https://<domainname>/adfs/ls/?wa=wsignout1.0), then get a message that says "You have been successfully signed out". However, going back to our custom sign in URL for Google (mail.domainname) we are signed straight back into Google as if we didn't hit the sign out button.

I've done some digging around and apparently this is a larger issue. This post on Google Product Forum has the exact issue I am having and someone suggested to contact Google Support. After on the phone for about an hour with Google support, they decided that the issue was from our AD FS server running some kind of script that keeps us logged in and I should contact our web developer...

The problem is somewhere within AD FS but I cannot seem to figure it out and hoping someone has come across the same issue and would be able to provide some guidance.

I am curious if it would be possible to sign users into their Chrome Browsers on Windows and/or Mac automatically when they sign in to their AD account.

Our G Suite account syncs all data from our AD and we use SSO for Google so the information is there somewhere.

We push a lot of settings and apps to our users Chrome browsers when they sign in.

This is what I want to do but in the background

https://support.google.com/chrome/answer/185277?co=GENIE.Platform%3DDesktop&hl=en

I have two domain names that I currently use for email. They are both listed as accepted domains on my exchange server and work just fine.

What I am trying to do it make is so, if an internal email is sent to the second domain name it will not go to the exchange mailbox but get send to the users google mailbox. The google accounts have been synced, and their primary login uses the second domain name, for the users that I wish this to occur.

I have tried to setup MX records in our local DNS for the second domain to point to google but they messages still just go to the internal exchange mailbox.

I have also tried to remove the second domain as an accepted domain in exchange but it still just goes to the internal exchange mailbox.

Any suggestions, or is this even possible?

I don't know if what I am trying to do is possible but here we go.

I have a bunch of iPad's that I am going to supervise before they go on to my network. The iPad's will connect to the wifi via 802.1x authentication using username and password from active directory via NPS server.

What I want to do is make sure that every iPad on my network has been supervised before they can connect to the wifi. What I was hoping to do is, create a generic certificate from NPS that I can put on all the iPad's during supervision and then the iPad's can connect to the wifi using username and password. If they don't have the certificate on the iPad, the wifi doesn't connect.

Is this a possibility?

The reason I still want the users to connect with username and password is, those details are put into our MDM, and Wifi controller. I am not able to push a Wifi payload when supervising doing this because I have to specify a username, but I can add certificates.

I am currently looking to trial some new Wifi products for my work place. We currently have around 50 Access Points that link into an HP MSM controller.

I wanted to find out if anyone has any strategies to test the different products, for example load testing, signal tests, management.

The products I am currently looking at are Aruba and Meraki. Management is an easy one to test, looking at Aruba with AirWave and obviously Meraki has it's built in Management portal.

I have successfully decommissioned an Exchange 2013 server and now running on a single Exchange 2013 server (looking to add additional soon).

However in Outlook on my clients under the File tab, next to the Account settings it shows the URL to my old exchange server for Web mail.

Is there a way to change this?

On my exchange server this command:

Get-OutlookAnywhere | fl

Is showing that my Internal Hostname is the correct Exchange server. As well as these commands also show the correct exchange server:

Get-ActiveSyncVirtualDirectory
Get-WebServicesVirtualDirectory
Get-OABVirtualDirectory
Get-ClientAccessServer

Here is the article I was looking at for reference

Anyone know how to change this?

I am in the process of decommissioning an Exchange 2013 server in favor or a different exchange 2013 server. The one I am getting rid of is on old hardware are is hardly used and has frequent crashes.

I wanted to find out if there was a way that I could see what mail was still flowing through the old exchange server to avoid possible email loss. I have already moved all mailboxes over to the new exchange server and they are working fine. The emails that I am most concerned about are service emails -- such as emails from printers, servers, applications, etc that I may have missed.

Does anyone know if it is possible to see what mail is flowing through? All I need is the meta data like sender, receiver, and subject.

I've had Cisco Meraki setup for a while for our iPad MDM and it's been great. I am now trying to take it a setup further by added in AD authentication at enrollment time.

I've followed this how-to from Cisco Meraki, I'm using the thrid option Active Directory via SM Agent.

Everything seems to be ok from the Meraki point of view. I get the green check mark next to the domain controller I just added under the status column.

On the iPad, when enrolling, it asks for a username and password, but whatever combo of username, email address etc that I try does not work.

Windows firewall is off on the servers and I've double checked the Firewall Information page from Meraki. All my required ports seem to be correctly opened. I also get a good connection status of the windows server in the Meraki client console.

I am missing a step?

From the MS Documentation I can see that computers in a domain should get their time from the PDC domain controller, and if done right the PDC should get it's time from an external source.

In my environment I have changed the PDC a while back after upgrading a domain level. I still have the old PDC but it is no longer listed as the PDC if I run netdom /query fsmo. All domain controllers show the right PDC (and other FSMO roles).

On my current PDC I have updated the time to sync from an external time source as per a few articles from MS (most this one). However the PDC is saying that it is still getting it's time from the old PDC when I run w32tm /query /status

The old PDC is saying that it is getting it's time from a hardware CMOS clock and updating it seems to make no difference to this value.

Every once in a while the time will go out on our network by about 10 - 12 minutes causing all sorts of havoc, as you could imagine.

Does anyone know how to get the time setup properly on a domain?

I am not sure if this is possible. I have been reading a bit about answer files but that seems to be more for the actual installation of windows to me.

This is the process we currently use:

• Install windows
• Go into audit mode
• Install required software / windows updates
• Sysprep image when finished and shutdown machine
• Capture image
• Restore image to client machines

The whole process works fine but I would like to be able to reduce the amount of clicks needed after restoring the image.

Is there a way to automate the initial windows 10 settings such as accepting the EULA, changing the privacy settings, added a local user, possibly even joining a domain. After the computer has been reimaged we currently do this manually.

To make matters a bit harder our clients are Macs and Windows runs in VMware Fusion so the Sysprep'ed Windows comes on the Mac as part of the overall Mac image.

I am looking to do a mass migration of user files from a Windows Server to Google Drive. Each user has their own folder on the Windows Server and I am looking for a way to bulk migrate to each users Google Drive.

I have 1200+ users to do this for (lucky for me no data limitations). I also have quite a large time frame, so if it goes slow it will not matter.

Has anyone seen a solution for this?