WMI Filters for GPO in AD

Hereafter listed few filters I keep using on my projects.

Almost every client I’ve worked with had these filters implemented in their Group Policy Console of Windows Active Directory.

So I keep it here for faster access, and easier than searching for it every time on different sites on the the web.

FILTER 1: Select DCs & Member Servers

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”3″ OR ProductType=”2″

FILTER 2: Select Domain Controllers (DCs) Only

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”2″

FILTER 3: Select Member Servers Only

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”3″

FILTER 4: Select Workstations Only

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”1″

FILTER 5: Select Win 2008 Member Servers Only

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”3″ AND Version like “6.%”

What to Do? Exchange Server ContentIndexState Failed or Unknown with DAG

Yep, you’ve seen so many like this one, mostly they will suggest you to stop Exchange searching services, then delete the indexing folder (located inside the database folder) and then restart the searching services.

Well, that would work if you don’t have DAG.

Again, mostly you’ll find suggestions to use the update-mailboxdatabase with -catalogonly key

Yeah, that would work if any of the DAG members have a healthy catalog. Now what if all DAG members doesn’t have it?

You’ve two options, but both are risky and I have no responsibility what so ever happens to your data.

Option 1:

Remove one of the copies of the database from one DAG member

Delete the database folder copy from that member’s disk

Add the database copy again to the DAG member

Database index shows crawling for few hours, then healthy

Finally, you can use this new catalog to update other DAG members

Option 2 (have downtime):

Dismount all database copies on all DAG members

Shutdown Exchange searching services (two services) on all DAG members

Delete the catalog folder from all copies on all members

Restart Exchange searching services (two services) on all DAG members

All servers will start crawling


Import Using CSVDE with Unicode Switch Error

This is an old method, yeh I know. But not everyone moved on to the PowerShell yet.

Anyway, if you’re trying to import a CSV file to Active Directory, and got the error  message says:
Invalid file format. DN Attribute not defined

Just try to remove the Unicode switch “-u” from your command. If that works, then re-save (save as) the CSV file using Notepad, and make sure to select the unicode option, NOT the UTF-8

HTH some1

Reset Exchange Logs without Backup


You may come to a situation where the client is unable to use an Exchange aware backup solution, and for temporary situation, they cannot use the Windows backup. So basically you need to reset the Exchange LOGs without performing any actual backup.

This is applicable to Exch 2010 & 2013 on Windows 2008, 2008R2, 2012, and 2012R2
It works with single server, as well as DAG setups

Open elevated CMD

Run Diskshadow
Type “add volume E:”
(considering E: is the drive where LOG files exists)
Type “begin backup”
Type “create”
(This action will take some time, depending on the number of LOG files exist, and connection speed)
Type “end backup”

You should notice now the LOGs are being deleted

Make a full backup after this to protect the data

Cyberoam VLANs and Cisco Catalyst 500 Express

I can understand Cisco have a problem with Microsoft, but I don’t understand they have a problem with people.

The express switch is not express at all. The interface is extremely limited and annoying with the stupid restrictions they put on it.

I have no idea what happened, but the following scenario was working just fine for couple of weeks, then suddenly decided not to work anymore!!!!

Cyberoam firewall (FW) connected to the switch on trunk interface G1 defined as router type connection

FW is configured with subinterface for voice VLAN

FW running DHCP service for both default and voice VLANs to allow clients connects over VPN to our main office

Now, and for no obvious reason, the switch decided to not allow anyone on VLAN 2 (the voice VLAN) to communicate with IP Phones. Even when I’m configuring the port as “Server” role and set it on VLAN 2

Ford Car Message Center | INTKEY COULD NOT PROGRAM

You may get slow start up with message displayed on the message center says “INTKEY COULD NOT PROGRAM” for few seconds.

Well, it’s as simple as the car telling you to replace the battery 🙂

CUCM LDAP Sync Stopped

First thing to check is the logs
Get into CLI of the callmanager (ssh) and check the files list:
file list activelog cm/trace/dirsync/log4j
then view the latest (by date) log file:
file view activelog cm/trace/dirsync/log4j/
Should the error be clear for verification and guide you in the right direction

RDP Error After Certificate Template Applied

Remote Desktop connections fails to host after configuring RemoteDesktopCertificate template in your internal CA
You’ll have an error in the event log of the target machine like this:

The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205

Most likely this is a Windows 8, 8.1, 2012, or 2012R2

If that is the case, you’ll have to delete the certificate from the system (the one issued for RDP template) and make sure it will NOT generate new one using the same template.

Then restart the machine (or you may try to restart Remote Desktop services only) and you should be able to login again.

If you’re looking for the reason behind it, then you’ll need to read more about the SHA algorithm and the updates pushed into Windows OS in latest versions.

I’d suggest you check this blog which has a nice topic about this subject: http://www.dotnetnoob.com/2013/10/hardening-windows-server-20082012-and.html


Dism Error 0x800f081f

Doesn’t really matter what feature you’re trying to enable, or which Windows OS you’re working on.
This error is common for those who have no Internet access, or slow connection and the offline (/source) key needed.
If you try to use the PowerShell to perform the same operation you’ll get a line in the log similar to this:
FIOReadFileIntoBuffer:(1415): The filename, directory name, or volume label syntax is incorrect

If you got such a thing, then most likely you have a file corruption on the disk. So try the following steps:

  1. chkdsk /r
  2. SFC /scannow

These commands will scan the disk and the system protected files. Then run the following for Dism cleaning:

  1. Dism /Online /Cleanup-Image /StartComponentCleanup
  2. Dism /Online /Cleanup-Image /RestoreHealth

After that you should be able to re-run the enablefeature command again without issues.

UPDATE: you may check article as it helped in other situation http://www.falconitservices.com/support/KB/Lists/Posts/Post.aspx?ID=101




Unable to Take File Ownership

You may get into situation where you’re unable to access (or even see) the files you want to access. Although you have administrative permissions, and you can see the files from within the application Window (in my case this happened with PuTTY). When you click browse from inside the application you can actually see the files are there and there is a lock at the corner of the file icon.


When you right-click the file, select properties and go to security tab, you’ll only be able to see the ACL. But no mater what you do, you will not be able to see the owner or modify the ACL entries, although your account has been granted the full control in the ACL.


The Windows (at least version 7 I’m using) have a nice feature that causes this confusion. The original root of the issue is the UAC feature, which prevent the account from writing inside the program folder even of the user has admin level. In the above case and in order for Windows to not prevent the working process or give an error, it simply create all files in a shadow location. Something like the file pointers in Linux OS.

Browse to (%systemdrive%\Users\%username%\AppData\Local\VirtualStore\%programfiles%\%applicationfolder%)  and you’ll find the file located there.

HTH someone