How to configure OAuth2.0 using EWS on Microsoft O365

App registration

Upgrading from basic authentication to OAuth is a little harder for many small businesses to configure on the Azure portal. Here are the steps I have done to get our EWS service to get it working. You must have admin rights to do the following.

Create an app registration

You need to log in to your Azure portal: Go to Azure Active Directory>App registrations

Next, click on New registration

Next, fill in the info

This is where you choose your access options, based on the selection, the next screen will have different options, for us, we choose Single tenant and Redirect URI option for Public client/native, if you don’t have a URL you can leave it blank

In case you need to add or change the Authentication platform, you can click on Authentication>Add a platform>Select one that works with your Business needs

Based on your selection, you will need to select the URL option, or your custom URL

Then give API permission

This can be many permissions or just a few, also based on the type of application, you may get different options

Us, we are using EWS service, so we needed office 365 Exchange Online

Then you need to select the type of permission, we are using application permissions

The only thing we can get it working was by giving full_access_as_app

You need to give admin consent to your application, so once you have all permission added, click on Grant admin consent

To create client credentials, click on Overview>Add a certificate or secret

Click on the Clent secrets>New client secret

Enter the name, this could be anything and select the time when it Expires, then click on Add

Before you click out of this screen make sure to copy the value of your secret ID, which you will need for your app. Once you leave this screen, you will not be able to get this value back, so you may need to create a new one in case you have not copied it or you need to change it.

For your application, you will need the following info, which you can find it, here

  • Application ID
  • Directory (tenant ID)
  • Endpoints: authorize and token
    • If you have selected the multi-tenant option, your Endpoints URL will be generic, like these:
      https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize
      https://login.microsoftonline.com/organizations/oauth2/v2.0/token
  • Value of secrets from the step above

That’s all, hope this helps someone out there who is going through these changes in technologies



How to map a network drive via Group Policy

Map network drive via GP

Map a network drive via group policy is a much easier and faster process than manually or logon scripts. user does not have to wait for the logon script to load or if the network path changes it automatically updates. It makes admin and user’s life much better and makes changes to the network without having to update each user. It should plan out the process, users, or groups it’s going to apply this network drive.

This is my process for this post

  1. File server: FileServ1
  2. Share Name: Accounting
  3. Drive Letter: S
  4. Group that’s applying to: Accounting
  5. how-to-delete-policy

Create a new GPO

Start>Windows Administrative Tools>Group Policy Management

or from Server Manager: Tools>Group Policy Management

Right-click on your OU (Organization Unit) where you want to create and link your Group Policy

Select Create a GPO in this domain, and Link it here …

You will see New GPO, name it whatever you want, something that makes sense, I am going to call it Accounting Network Drive

Configure GPO

Right-click on the Group Policy Object and select Edit

Expand User Configuration>Preferences>Windows Settings
Then right-click on Drive Maps and select New>Mapped Drive

Filling the details

You can see there are many options to select from

Based on select above you will see other options

How to Delete policy

First unlink from OU that’s linked

Then Delete from Group Policy Objects:

If you try to delete while still linked GPO, you will get this message, which also works fine too

That’s it, hope this help others



How to fix boot partition free space in Ubuntu

/boot full

Here is how to free up space in the boot partition in Ubuntu, which may cause issues when trying to update or install a new application. Make sure you have a good backup and be careful running some commands, just double check typo before executing it.

To see If you are running out of boot partition space, run the following command:

command: sudo df -h

You will see how much space is in use, in this screenshot, its /boot is 100% used

/boot 100 used

You can try the following command which may clean automatically for you some unused packages.

command: sudo apt autoremove

If the above command gives you an error, then continue do following steps

find your currently active boot image by running the following command:

Command:  sudo uname -r

Output may look something like this: 4.15.0-143-generic

To list all images except for active:

Command: sudo dpkg –list ‘linux-image*’|awk ‘{ if ($1==”ii”) print $2}’|grep -v `uname -r`

Output:

linux-image-4.15.0-151-generic
linux-image-4.15.0-156-generic
linux-image-4.15.0-158-generic

To list of images:

sudo dpkg -l | grep linux-image

To remove unused images:

The numbers are based on the output command above, so if your version numbers are different, make sure you change them to match your output.

Command: sudo rm -rf /boot/*-4.15.0-{151,156,158}-*

If you run df -h command to see how much space is in use, you will it went down from 100% to 31%:

Now that you have some free space, let’s do some clean-up. If you try to clean up using apt autoremove, you may still get errors like these:

fix broken packages
some packages are broken

To Fix broken packages

You will need to fix the broken packages before you can do any other clean up, run the following command:

Command: sudo apt –fix-broken install

fixing broken packages

Now that broken packages are fixed, then re-run the autoremove command you will be able to free up disk space:

free disk space from unused packages
Freeing up disk space from unused packages

Update your system

Then re-check for any updates and install it to secure your system:

Command: sudo apt update && sudo apt upgrade

You want to see: All packages are up to date

That’s it, hope this helped you out



How to update Microsoft Azure Active Directory Connect

Upgrade-Azure-Active-Directory-Connect

If you have your AD sync to Microsoft Azure and have installed the Active Directory connect, you may need to update, and here is how to do that

To see the status of sync, you can log in to the Microsoft admin portal at https://admin.microsoft.com

on the home page, you should see Sync Status, click on the Sync staus to get to the details page

You should see something like this: Click on Microsoft Download Center or this link: https://www.microsoft.com/en-us/download/details.aspx?id=47594

It will bring you to the Download page, read the requirements, and download to your software

When you run the setup you may get an error message if you don’t have the TLS enabled
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-tls-enforcement

PowerShell command to enable TLS 1.2: got it from the link above, copy from Microsoft so you don’t have typo or if you know how to enable yourself do so

New-Item 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null

New-Item 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -name 'SystemDefaultTlsVersions' -value '1' -PropertyType 'DWord' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SOFTWARE\Microsoft\.NETFramework\v4.0.30319' -name 'SchUseStrongCrypto' -value '1' -PropertyType 'DWord' -Force | Out-Null

New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null
New-Item 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -Force | Out-Null

New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'Enabled' -value '1' -PropertyType 'DWord' -Force | Out-Null
New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client' -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null
	Write-Host 'TLS 1.2 has been enabled.'

Then re-run the AD Connect setup:

Note, if you have a big network, this may take some time, so do off-hours, because it will stop the sync of your AD until the upgrade is completed

You should see the upgrade process and synchronization

Then it will ask you for admin credentials:

If everything goes well you should see, Ready to configure, click Upgrade

Then, the configuration complete

now you can check the status on the admin page

That’s it, hope this helps someone