Skip to main content
Allow This Website To Configure Server Settings

Fix: Allow This Website To Configure Server Settings

Allow This Website To Configure Server Settings

If we use DNS SRV record for Autodiscover, you may get the message “Allow This Website To Configure Server Settings” while opening the Outlook. The detail mentions:

https://Mail.Domain.com/Autodiscover/Autodiscover.xml

“Your account was redirected to this website for settings. You should only allow settings from sources you know and trust.”

Allow This Website To Configure Server Settings

It appears because Outlook has found the SRV record for Autodiscover that is configured for mail.domain.com. The complete SRV record is _Autodiscover._tcp.domain.com. The complete URL for Autodiscover also appears in this notification. This warning message is  expected and we can ignore it by clicking Allow.

Fix for a Single User:

To automatically ignore this warning message for a user, we need to add a registry entry on the User’s PC depending on the Outlook version.

Outlook 2007:

HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover\RedirectServers

Outlook 2010:

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\AutoDiscover\RedirectServers

Outlook 2013:

HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\AutoDiscover\RedirectServers

Outlook 2016:

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover\RedirectServers

RediretServers

Go to the related path and create new string value with the name of the Server we are redirecting in SRV record, for example mail.domain.com.

RediretServers mail.domain.com entry

Close the registry and you will no longer get this prompt again for this user.

 

Fix for multiple users through Group Policy:

If you want to push this registry entry through group policy, you can create a new group policy object and link it to the Users OU. Browse to “User Configuration\Preferences\Windows Settings\Registry” and create new registry item with the following settings:

Action: Update
Hive: HKEY_CURRENT_USER
Key Path: Software\Microsoft\Office\15.0\Outlook\AutoDiscover\RedirectServers
Value name: mail.domain.com
Value type: REG_SZ

Registry entry mail.domain.com

If users have different Outlook versions, then you have to create Registry key for each Outlook version. By just changing the path.

For example for Outlook “Software\Microsoft\Office\15.0\Outlook\AutoDiscover\RedirectServers” for Outlook 2013 and “Software\Microsoft\Office\16.0\Outlook\AutoDiscover\RedirectServers” for Outlook 2016 and so on.

Force Group Policy Update

Force Group Policy Update, The Easier Way

Force Group Policy Update, The Easier Way

For any administrator, it is a regular task to force group policy update when ever the changes are made to the group policy. On a single PC or Server it is easy to run “GPUpdate /force” to enforce the group policy updates immediately. Running GPUpdate manually on multiple PCs or Servers, is time consuming task. Furthermore it requires additional efforts from the Systems Administrators.

Until Server 2008, it was not easy to update the group policy in bulk. But since Server 2012, we can invoke remote group policy update on Servers/ PC’s. As a result this task has become super easy.

There are two methods to do it:

  • Through Group Policy Management Console
  • Through Powershell

Force Group Policy Update through GPMC:

Open the Group Policy Management Console and select the “Organisational Unit” where you want to invoke the group policy update. Right Click the Organisational Unit and select “Group Policy Update”

Force Group Policy Update

The confirmation dialogue box will open, that shows the number of computers that will take the Group Policy Updates. Click Yes to continue.

Force Group Policy Update Confirmation

The Remote Group Policy Update Result dialogue box will open that shows the progress of the updates.

Force Group Policy Update Progress

Wait for the progress bar to complete. You can also see the success and failure for the Computers with the errors if any while the process is running.

Force Group Policy Update through Powershell:

In Powershell the Invoke-GPUpdate command can be used to update the group policy. Here we specify the OU path where we want to run the Invoke command.

The complete command looks like this:

Get-ADComputer –filter * -Searchbase “OU=Servers, DC=Domain,DC=COM” | foreach{ Invoke-GPUpdate –computer $_.name -force}

 I got the following output after running the above command.

Force Group Policy Update Powershell

Note: Any errors, are shown in red, but for the successful updates there is no “Success message”. Hence i prefer to use Group Policy Management Console.

If you want to get more details about the Remote Group Policy Refresh, follow this Technet article

Lastlogontimestamp

Powershell LastLogonTimeStamp and its usage

Powershell LastLogonTimeStamp and its usage

LastLogonTimeStamp is an important property in any Active Directory environment, that keeps the record of when any user or computer last contacted with the Domain Controllers. This information is very helpful while cleaning up the stale computer and users. Because with the time, unused user accounts and computer objects that are no more in the environment keep growing.

We can use Get-AdUser and Ad-Computer commands to get the lastlogontimestamp property of the object. But the result is 64 bit value, that requires conversion to the human readable format.

Here i run the Get-aduser command and get the following result:

Lastlogontimestamp

As we can see, the result is not the date format that we can understand. So we need some sort of conversion to make it readable for us.

 The conversion works as follows:

Lastlogontimestamp Conversion

Yes, you are right, multiple commands for just a small thing. To make things easier, i have written small scripts to make a list of all users and all computers in the domain with lastlogontime stamp converted to readable format, and export them to the CSV. Save each script in .PS1 file and run. You can change output file location.

Lastlogontimestamp for Users:

Import-module activedirectory

# Get all AD Users with lastLogonTimestamp
Get-ADUser -Filter * -Properties LastLogonTimeStamp |

# Output User and lastLogonTimestamp into CSV
Select-object Name,@{Name=”Stamp”; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}} | export-csv D:\UserTimeStamp.csv -notypeinformation

Lastlogontimestamp for Computers:

Import-module activedirectory

# Get all AD Computers with lastLogonTimestamp
Get-ADComputer -Filter * -Properties LastLogonTimeStamp |

# Output Computer and lastLogonTimestamp into CSV
Select-object Name,@{Name=”Stamp”; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}} | export-csv D:\CompTimeStamp.csv -notypeinformation

 

Note: if you get 01/01/1601 as time stamp for user or computer, don’t panic. It means the computer/user object never logged in.