Skip Ribbon Commands
Skip to main content

Xadean's Empirical Musing


Quick Launch

Xadean's contribution to the consulting community through sharing his anthology of lesson's learned and technical insights.
April 25
Enable DirectAccess on Windows 2012 R2
April 04
Accessing Website on the Actual Hosting Windows IIS (Web) Server Does Not Work

As a safeguard for reflection attacks, Microsoft has disabled loopback access to websites on the actual server that is hosting the site when attempting to access with something other than the DNS FQDN (i.e. "localhost" or "hostname of server"). However, it works when the site is accessed externally from another computer. To fix this so that you may access the site from the server, do the following:

  1. Configure the registry settings as prescribed in the following reference links:

    Reference Links:

  2. Ensure that the Internet Options settings of Internet Explorer are using the same protocols as are enabled or disabled on the server. For instance, if the server has TLS 1.0, SSL 2.0, and SSL 3.0 disabled, uncheck TLS 1.0, SSL 2.0 and SSL 3.0 in the Internet Options settings of Internet Explorer. Close the browser and then re-open. Attempt again.
April 04
Using “?” Rather Than “Where-Object” in PowerShell Query

In a PowerShell (PS) query, "?" and "where-object" are aliases. The following is an example of how to use this in a PS command.


The following command will list the users who are not Exchange UM enabled when ran from a Lync / Skype for Business Management Shell:


Get-CsUser | ? {$_.ExUmEnabled -eq "False"} | select DisplayName, ExUmEnabled | sort-object DisplayName

April 03
Exchange (On-Prem) PowerShell Tip #16: Display Users that are UM Enabled

$Mailboxes = Get-Mailbox

$Mailboxes | ForEach { If($_.UmEnabled -Eq $True){$_.Name}}

April 03
Using the LDIFDE Tool to Output AD Attributes of an Object to a Text File

Syntax: Ldifde -f <Filename> -d "<Distinguished Name of AD Object>"

Example: Ldifde -f "C:\test.txt" -d "CN= Test1,OU=Users,DC=contoso,DC=com"

Reference Links:


March 21
Disabling Weak and Enabling Strong Ciphers/Security Protocols
March 20
Block Contacts in Skype for Business
September 13
Windows Hello FingerPrint Enrollment for Domain Account Not Working

Resolution: Add the following Registry key and reboot the computer.


DWORD: AllowDomainPINLogon

Value: 0x00000001 (Hex)

July 22
SharePoint – Apply Master Page to Subsites; Change Top Navigation for Subsites; Enable Tree View


Do the following to maintain a common, consistent look and feel throughout the top-level site and all subsites.

From the Top-Level Site, navigate to the following settings section:

Site Action -> Site Settings -> Look and Feel -> Master page

Site/System Master Pages & Themes: Select radio button "Specify a master page to be used by this site and all sites that inherit from it:" and select desired design. Also, check the box next to "Reset all subsites to inherit this site master page setting".


Do the following to enable tree view on the left navigation area in the SharePoint Online Team Site.

From the Top-Level or Subsite, navigate to the following settings section:

Site Action -> Site Settings -> Look and Feel -> Navigation Elements

Enable Tree View - Specify whether a tree view should be displayed to aid navigation.  The tree view displays site content in a physical manner.


Do the following to change the top navigation links after subsites have been created to hide/unhide them.

From the Subsite, navigate to the following settings section:

Site Action -> Site Settings -> Look and Feel -> Navigation

Global Navigation: Select "Display the same navigation items as the parent site" if you want to see all the other subsite links and be visible on there as well. Also, check "Show Subsites" to have subsites grouped under the main links.

Reference Links:


June 30
Cannot Enable Directory Synchronization After Disabling Due to Extended Deactivation Time


  • On-premises Active Directory 2012 R2
  • Azure AD Connect with Directory Synchronization Enabled
  • Federated Domain Shared Name Space for Skype for Business and Exchange
  • AD FS with Web Application Proxy
  • Office 365 Tenant Subscription w/ E5 Licenses

Description of Issue/Error Encountered:

In performing an AD health check and attempting to cleanup user objects with corrupted AD attributes, we found ourselves in a situation where we needed to disable directory synchronization between on-premises AD & Office 365 Azure AD in order to clear cloud attributes in the user object that cannot be changed from the O365 Admin Center since the on-premises AD owned the management scope. Under the direction of Microsoft Technical Support referencing case number 30126-5865017, I disabled directory synchronization using the following command:

Set-MsolDirSyncEnabled –EnableDirSync $false

After running that command, we waited the 72 hours that Microsoft states it could take up to and it still had not finished deactivating.


The root cause remains unknown. Microsoft stated that this could be due to environments that have over 50,000 objects in Active Directory; however, that was not applicable in our environment.


From my perspective, we had to wait over 120 hours for deactivation to finish. I am told (which I have no evidence to prove or any cmdlets that were executed to validate) that the solution was applying a few internal synchronizations for your organizations to resolve the issue in the backend that can be applied by frontline in the future if it's needed.


Directory synchronization for Office 365, Azure, or Intune can't be activated or deactivated,-azure,-or-intune-can-t-be-activated-or-deactivated

Active Directory Synchronization


1 - 10Next

 Image Viewer


 About this blog

About this blog
Welcome to Xadean's contribution to the consulting community through sharing his anthology of lesson's learned and technical insights.