ADModify.NET and custom LDAP
ADModify.Net tool is one of the best tool I came across to do mass changes to AD. It’s very simple to use and very efficient, while at the same time allowing for revert of operation even a months after (as long as you kept the xml file 
).
However one of most common changes I had to do is to add people to AD group. in order to do that you have to use custom LDAP filter, if you want the tool to only select user account in the LDAP filter option box you have to enter:
(&(objectClass=user)(objectCategory=person))
once that’s entered the select all only chose the user accounts leaving computer and groups behind.
Hope that helps
Microsoft and WPAD file
As you might read in Microsoft TMG autodiscovery deployment it advise you to use CNAME for WPAD, however for most of people it won’t work, because WPAD DNS record have to be an A-record. Once I did that change all started to work again.
However you most likely going to have issue number 2 where you IE won’t pickup the new WPAD file, the only way around it is to run .reg file that will have following text:
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad]
that deletes the cached WPAD files and get IE to download the file again. Leave it as part of your logon script for few days and than you should be done.
Killing a “Starting” or “Stopping” service
If you ever have trouble with a service being stuck in a ‘starting’ or ‘stopping’ state, you can run a couple of simple commands to kill the service.
1.Query the process
To kill the service you have to know its PID or Process ID. To find this just type the following in at a command prompt:
sc queryex servicename
Replace ‘servicename’ with the services registry name. For example: Print Spooler is spooler.
2.Identify the PID
After running the query you will by presented with a list of details. You will want to locate the PID.
3.Run the Taskkill command
Now that you have the PID, you can run the following command to kill the hung process:
taskkill /f /pid [PID]
You might have to wait few seconds for the task to be fully killed.
SharePoint 2010 WebApps stuck on Loading when trying to open Office files
I just deployed a SharePoint 2010 farm and run into issue when created sites and uploaded Office files to it. When I try to open them you get Loading screen but nothing happen. What the problem turns out to be is related to following Microsoft KB: http://support.microsoft.com/kb/2596582. If you don’t want to install it alternative is to just create site on the root of the SharePoint. For some reason it require that and you can’t get it working any other way. Was strange error but performing that have solved any issues.
Configuring Microsoft TMG Server Web Proxy to Prompt Authenticated Users
When the ISA firewall is configured as a forward proxy server, the web proxy listener is configured to use integrated authentication by default.
A web proxy client makes its initial request anonymously. If there are no policies allowing anonymous access to the requested destination, the ISA firewall responds with a challenge for authentication in the form of an HTTP 407 response (proxy authentication required).
The client then resubmits the request, this time providing credentials to the firewall. This transaction is completely transparent to the end user. The credentials supplied to the ISA firewall are that of the current logged on user. If the user does not have permission, the ISA firewall denies the request without prompting. This behaviour is by design.
However if you you want to allow custom devices (Mobile phone, guest laptops) without enabling the Basic authentication you have to edit the value of the the ReturnAuthRequiredIfAuthUserDenied property of the web proxy listener to ‘true’. When configured, the TMG firewall will prompt authenticated users for credentials when they are denied access. This change cannot be made via the management console; it can only be configured programmatically. The MSDN reference for this property contains a VBScript that is used for changing this setting, or you can download the script here. Run the script from the command line on the ISA firewall with the argument ‘true’ to enable prompting for authenticated users who are denied access and ‘false’ to disable it.
For example…
ReturnAuthRequiredIfAuthUserDenied.vbs true
…enables the prompting of authenticated users who are denied access, and…
ReturnAuthRequiredIfAuthUserDenied.vbs false
…disables it.
Forefront TMG: SQL Express (logging instance) could not be installed
I just been trying to install Forefront TMG on brand new Windows 2008 R2 system. I have actually rebuild system 3 times just to make sure you eliminate all problems. However every time I tried to install I come into following problem:
Microsoft SQL Express 2008 (logging instance) could not be installed. As a result, Forefront TMG installation cannot be completed.
I have searched far and wide for options many suggested removing already installed packages (however in my situation none got installed) or running only TMG setup without the SQL logging. The last solution is valid but you than have to go through pain of getting all configured afterwards manually… however the solution was very simple and is a two step:
1. Disable User Access Control – it’s very bizarre that even Microsoft products are not happy to work with that being enabled, and as best practise on Servers disable it full stop.
2. Navigate to FPC folder in the location of your setup and right click on the setup.exe and chose: Run as Administrator
That have solved the issue for me and made sure I didn’t had any more problems.
External LDAP lookup through Forefront TMG 2010
Over last 2 weeks I have been trying to get external LDAP service to connect to my internal server. My first attempt was to create Access rule, and Network rule that would NAT the traffic between, however that have proved not to be successful. When I enabled the log i could see that this rule was skipped and went straight to Deny All. After number of attempts and changes to configuration nothing seem to work. In the end the correct steps are:
1. Create Publish non-web server
