IT Ramblings

Ramblings from an IT manager and long time developer.

This is a bunch of command line tools for troubleshooting Microsoft Active Directory. Shared from the website.

FSMO Roles
ntdsutilroles Connections "Connect to server %logonserver%" Quit "selectOperation Target" "List roles for conn server" Quit Quit Quit
[JDH: This is really a series of steps, not a single command

Domain Controllers
Nltest /dclist:%userdnsdomain%

Domain Controller IP Configuration
for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do psexec \\%i ipconfig /all

Stale computer accounts
dsquery computer domainroot -stalepwd 180 -limit 0

Stale user accounts
dsquery user domainroot -stalepwd 180 -limit 0

Disabled user accounts
dsquery user domainroot -disabled -limit 0

AD Database disk usage
for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do dir \\%i\admin$\ntds

Global Catalog Servers from DNS
dnscmd %logonserver% /enumrecords %userdnsdomain% _tcp | find /i "3268"

Global Catalog Servers from AD
dsquery * "CN=Configuration,DC=forestRootDomain" -filter "(&(objectCategory=nTDSDSA)(options:1.2.840.113556.1.4.803:=1))"

Users with no logon script
dsquery * domainroot -filter"(&(objectCategory=Person)(objectClass=User)(!scriptPath=*))"-limit 0 -attr sAMAccountName sn givenName pwdLastSet distinguishedName

User accounts with no pwd required
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=32))"

User accounts with no pwd expiry
dsquery * domainroot -filter"(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=65536))"

User accounts that are disabled
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=2))"

DNS Information
for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do dnscmd %i /info

DNS Zone Detailed information
dnscmd /zoneinfo %userdnsdomain%

Garbage Collection and tombstone
dsquery * "cn=Directory Service,cn=WindowsNT,cn=Services,cn=Configuration,DC=forestRootDomain" -attrgarbageCollPeriod tombstoneLifetime

Netsh authorised DHCP Servers
netsh dhcp show server

DSQuery authorised DHCP Servers
Dsquery * "cn=NetServices,cn=Services,cn=Configuration, DC=forestRootDomain" -attr dhcpServers

DHCP server information
netsh dhcp server \\DHCP_SERVER show all

DHCP server dump
netsh dhcp server \\DHCP_SERVER dump

WINS serer information
Netsh wins server \\WINS_SERVER dump

Group Policy Verification Tool
gpotool.exe /checkacl /verbose

AD OU membership
dsquery computer -limit 0

AD OU membership
dsquery user -limit 0

List Service Principal Names
for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do setspn -L %i

Compare DC Replica Object Count
dsastat ?s:DC1;DC2;… ?b:Domain ?gcattrs:objectclass ?p:999

Check AD ACLs
acldiag dc=domainTree

NTFRS Replica Sets
for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do ntfrsutl sets %i

for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do ntfrsutl ds %i

Domain Controllers per site
Dsquery * "CN=Sites,CN=Configuration,DC=forestRootDomain" -filter (objectCategory=Server)

DNS Zones in AD
for /f %i in (‘dsquery server -o rdn’) do Dsquery * -s %i domainroot -filter (objectCategory=dnsZone)

Enumerate DNS Server Zones
for /f %i in (‘dsquery server -o rdn’) do dnscmd %i /enumzones

Subnet information
Dsquery subnet ?limit 0

List Organisational Units
Dsquery OU

ACL on all OUs
For /f "delims=|" %i in (‘dsquery OU’) do acldiag %i

Domain Trusts
nltest /domain_trusts /v

Print DNS Zones
dnscmd DNSServer /zoneprint DNSZone

Active DHCP leases
For /f %i in (DHCPServers.txt) do for /f "delims=- " %j in (‘"netshdhcp server \\%i show scope | find /i "active""’) do netsh dhcp server\\%i scope %j show clientsv5

DHCP Server Active Scope Info
For /f %i in (DHCPServers.txt) do netsh dhcp server \\%i show scope | find /i "active"

Resolve DHCP clients hostnames
for /f "tokens=1,2,3 delims=," %i in (Output from ‘Find Subnets fromDHCP clients’) do @for /f "tokens=2 delims=: " %m in (‘"nslookup %j |find /i "Name:""’) do echo %m,%j,%k,%i

Find two online PCs per subnet
Echo. > TwoClientsPerSubnet.txt & for /f "tokens=1,2,3,4delims=, " %i in (‘"find /i "pc" ‘Output from Resolve DHCP clientshostnames’"’) do for /f "tokens=3 skip=1 delims=: " %m in (‘"Find /i /c"%l" TwoClientsPerSubnet.txt"’) do If %m LEQ 1 for /f %p in (‘"ping -n1 %i | find /i /c "(0% loss""’) do If %p==1 Echo %i,%j,%k,%l

AD Subnet and Site Information
dsquery * "CN=Subnets,CN=Sites,CN=Configuration,DC=forestRootDomain" -attr cn siteObject description location

AD Site Information
dsquery * "CN=Sites,CN=Configuration,DC=forestRootDomain" -attr cn description location -filter (objectClass=site)

Printer Queue Objects in AD
dsquery * domainroot -filter "(objectCategory=printQueue)" -limit 0

Group Membership with user details
dsget group "groupDN" -members | dsget user -samid -fn -mi -ln -display -empid -desc -office -tel -email -title -dept -mgr

Total DHCP Scopes
find /i "subnet" "Output from DHCP server information" | find /i "subnet"

Site Links and Cost
dsquery * "CN=Sites,CN=Configuration,DC=forestRootDomain" -attr cn costdescription replInterval siteList -filter (objectClass=siteLink)

Time gpresult
timethis gpresult /v

Check time against Domain
w32tm /monitor /computers:ForestRootPDC

Domain Controller Diagnostics
dcdiag /s:%logonserver% /v /e /c

Domain Replication Bridgeheads
repadmin /bridgeheads

Replication Failures from KCC
repadmin /failcache

Inter-site Topology servers per site
Repadmin /istg * /verbose

Replication latency
repadmin /latency /verbose

Queued replication requests
repadmin /queue *

Show connections for a DC
repadmin /showconn *

Replication summary
Repadmin /replsummary

Show replication partners
repadmin /showrepl * /all

All DCs in the forest
repadmin /viewlist *

ISTG from AD attributes
dsquery * "CN=NTDS Site Settings,CN=siteName,CN=Sites,CN=Configuration,DC=forestRootDomain" -attr interSiteTopologyGenerator

Return the object if KCC Intra/Inter site is disabled for each site
Dsquery site | dsquery * -attr * -filter "(|(Options:1.2.840.113556.1.4.803:=1)(Options:1.2.840.113556.1.4.803:=16))"

Find all connection objects
dsquery * forestRoot -filter (objectCategory=nTDSConnection) ?attr distinguishedName fromServer whenCreated displayName

Find all connection schedules
adfind -b "cn=Configuration,dc=qraps,dc=com,dc=au" -f "objectcategory=ntdsConnection" cn Schedule -csv

Software Information for each server
for /f %i in (Output from ‘Domain Controllers’) do psinfo \\%i &filever \\%i\admin$\explorer.exe \\%i\admin$\system32\vbscript.dll\\%i\admin$\system32\kernel32.dll \\%i\admin$\system32\wbem\winmgmt.exe\\%i\admin$\system32\oleaut32.dll

Check Terminal Services Delete Temp on Exit flag
For /f %i in (Output from ‘Domain Controllers’) do Reg query"\\%i\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer" /v DeleteTempDirsOnExit
or each XP workstation, query the current site and what Group Policy info
@dsquery * domainroot -filter"(&(objectCategory=Computer)(operatingSystem=Windows XPProfessional))" -limit 0 -attr cn > Workstations.txt & @For /f%i in (Workstations.txt) do @ping %i -n 1 >NUL & @if ErrorLevel0 If NOT ErrorLevel 1 @Echo %i & for /f "tokens=3" %k in (‘"regquery "\\%i\hklm\software\microsoft\windows\currentversion\grouppolicy\history" /v DCName | Find /i "DCName""’) do @for /f %m in(‘"nltest /server:%i /dsgetsite | find /i /v "completedsuccessfully""’) do @echo %i,%k,%m

Information on existing GPOs
dsquery * "CN=Policies,CN=System,domainRoot" -filter"(objectCategory=groupPolicyContainer)" -attr displayName cnwhenCreated gPCFileSysPath

Copy all Group Policy .pol files
for /f "tokens=1-8 delims=\" %i in (‘dir /b /s\\%userdnsdomain%\sysvol\%userdnsdomain%\policies\*.pol’) do @echo copy\\%i\%j\%k\%l\%m\%n\%o %m_%n.pol

Domain Controller Netlogon entries
for /f %i in (‘dsquery server /o rdn’) do echo %i & reg query\\%i\hklm\system\currentcontrolset\services\netlogon\parameters

WINS Statistics
for /f "tokens=1,2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i show statistics

WINS Record counts per server
for /f "tokens=1,2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i show reccount %i

WINS Server Information
for /f "tokens=2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i show info

WINS Server Dump
for /f "tokens=2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i dump

WINS Static Records per Server
netsh wins server \\LocalWINSServer show database servers={} rectype=1

Find policy display name given the GUID
dsquery * "CN=Policies,CN=System,DC=domainRoot" -filter (objectCategory=groupPolicyContainer) -attr Name displayName

Find empty groups
dsquery * -filter "&(objectCategory=group)(!member=*)" -limit 0-attr whenCreated whenChanged groupType sAMAccountNamedistinguishedName memberOf

Find remote NIC bandwidth
wmic /node:%server% path Win32_PerfRawData_Tcpip_NetworkInterface GET Name,CurrentBandwidth

Find remote free physical memory
wmic /node:%Computer% path Win32_OperatingSystem GET FreePhysicalMemory

Find remote system information
SystemInfo /s %Computer%

Disk statistics, including the number of files on the filesystem
chkdsk /i /c

Query IIS web sites
iisweb /s %Server% /query "Default Web Site"

Check port state and connectivity
portqry -n %server% -e %endpoint% -v

Forest/Domain Functional Levels
ldifde -d cn=partitions,cn=configuration,dc=%domain% -r"(|(systemFlags=3)(systemFlags=-2147483648))" -lmsds-behavior-version,dnsroot,ntmixeddomain,NetBIOSName -p subtree -fcon

Forest/Domain Functional Levels
dsquery * cn=partitions,cn=configuration,dc=%domain% -filter"(|(systemFlags=3)(systemFlags=-2147483648))" -attrmsDS-Behavior-Version
Name dnsroot ntmixeddomain NetBIOSName

Find the parent of a process
wmic path Win32_Process WHERE Name=’notepad.exe’ GET Name,ParentProcessId

Lookup SRV records from DNS
nslookup -type=srv _ldap._tcp.dc._msdcs.{domainRoot}

Find when the AD was installed
dsquery * cn=configuration,DC=forestRootDomain -attr whencreated -scope base

Enumerate the trusts from the specified domain
dsquery * "CN=System,DC=domainRoot" -filter "(objectClass=trustedDomain)" -attr trustPartner flatName

Find a DC for each trusted domain
for /f "skip=1" %i in (‘"dsquery * CN=System,DC=domainRoot -filter(objectClass=trustedDomain) -attr trustPartner"’) do nltest /dsgetdc:%i

Check the notification packages installed on all DCs
for /f %i in (‘dsquery server /o rdn’) do @for /f "tokens=4" %m in(‘"reg query\\%i\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v"Notification Packages" | find /i "Notification""’) do @echo %i,%m

List ACLs in SDDL format
setacl -on %filepath% -ot file -actn list -lst f:sddl

Find out if a user account is currently enabled or disabled
dsquery user DC=%userdnsdomain:.=,DC=% -name %username% | dsget user -disabled -dn

Find servers in the domain
dsquery * domainroot -filter "(&(objectCategory=Computer)(objectClass=Computer)(operatingSystem=*Server*))" -limit 0

Open DS query window
rundll32 dsquery,OpenQueryWindow

ULS Logs and the ULSViewer

u might have stumbled across this blog entry when looking for information on the ULS. If that is the case, while I will not go into great detail on the ULS I can at least tell you that it stands for stands for Unified Logging Service and is a corner stone of SharePoint troubleshooting and it is the first place I recommend looking at to start tracking down the details of any errors you might be encountering. If you are looking for a decent article on the ULS I’d recommend checking out the general MSDN article that gives a general overview.

Now, assuming that you have at least a basic understanding of the ULS and where the files can be found (default is the “SharePoint HIVE”\Logs folder). If you open one of the files up, I am willing to bet that you would find yourself wondering how on earth you can make heads or tails of the information stored in the file and if you have a large farm, how you can pull it all together so you can track down any issues quickly and more efficiently. Well you are in luck as one of the better tools out there is free, full of features, and rather easy to use. This tool is called the ULSViewer and can be downloaded from here or here.

ULSViewer can be used in different modes. The log can be read from log files, real time ULS log, from multiple servers, or even from the clipboard. Here’s some examples:

On a machine running SharePoint 2010, run ULS Viewer. Click File, Open From, then choose ULS (This could also be done by simply press Ctrl+U).


Immediately the logs will be shown in real-time. From here you can do things like filter by message level by click the icons in the of the tool bar


You can ask set filters based on what you are looking for (error message, correlation id, etc). You can do this by clicking on the “filter” icon in the tool bar and then defining 1 or more filters.


Note: One of the great things you can also do is save filters and reuse them. I find that I have a number of filters that I use over and over and this helps save a lot of time!

Another feature that I find really handy is the “Toggle Correlation Tree” button.


clip_image006 When you click on this it opens up a side panel that can show you a list of all of the correlation ids and when you click on one of those nodes you immediately see the main area filters to show only the log entries related to that single correlation id.

The reason why this is so useful is because in SharePoint we use correlation ids to trace a series of events that occurred at once (like a transaction).

For example if you look at the screenshot below you’ll see that I selected the correlation id ‘ce44ed9c-e3b3-c0ad-3409-5e8c8d8d317f’ and this one appears to be related to a UserProfileImport Sync job.


If you’re running this on a development machine or are trying to track down an error that doesn’t happen regularly another good feature is the notifications. You can enable notification by level in side of ULS Viewer (by default it will pop up notification for Critical message). For example in this screenshot, when Health Analyzer checked my machine for a security rule, it wrote a critical message into the log. With ULS Viewer, you can quickly identify the location of the message. If there’s an exception, you can also check the detail of that.


Another great feature is the ability to open up multiple ULS logs from different servers. So if you have a 4 or 5 server farm, you could either review each log individually or you could open them up as a “FARM” and let ULSView take over the complicated work of combining the log files into a single view. You can do this either from the tool bar by clicking on the “farm” icon or by going to File -> Open From -> Farm (Ctrl+ R)

Farm Icon

File -> Open From


Which then opens this dialog


From here you can add all of your servers (NetBios, FQDN, or IP addresses work just fine) and then specify a share that is available on ALL of the servers list.

Tip: The SAME share must be available on all servers for this to work. I normally create a standard share on all of my SharePoint servers called “UlsLogs” and grant read only access to the development and operations teams.

Also another useful feature is that once you have configure ULSView for your environment (include what servers/files are being monitored), you can save everything to a “workspace”. This workspace can be shared with others and opened at any time. This provides a very quick way to start viewing a farm.


Tip: I usually create one workspace per environment and share what with the development and operations team.

Project Server and Synchronizing Users to Project Sites

Original post found here

This blog post looks at some slight behavior differences between Project Server 2010 and Project Server 2013 regarding user synchronization to project sites.  One key part of this change should be taken into account when migrating – as there is one 2010 setting that no longer has UI to change it – and if it is disabled before migration it cannot be turned on again in 2013.  I’ll get into details of that setting and a workaround later, but first I will set the scene for how the settings and behavior have evolved. 

In Project Server 2010 we had a checkbox in Server Settings, Project Site Provisioning Settings for Project Site Permissions – labeled “Check to automatically synchronize Project Web App users with Project Sites when they are created, when project managers publish projects, and when user permissions change in Project Server. When the check box is cleared, Project Server users are never synchronized with Project Sites.”:


In my example it is unchecked – this is reflected in the published database in the MSP_WEB_ADMIN table in the WADMIN_AUTO_ADD_USER_TO_SUBWEB column – which has 0 when unchecked and 1 when checked.


If I create a new project and add some resources and then publish – I see just the following jobs in the queue and I don’t see any permissions set for the resources in my plan.

Project Save from Project Professional  
Start Workflow Success
Project Publish Notifications
Project Publish Success
Reporting (Project Publish)
Project Site Create
Reporting (Project Sync)
Reporting (Enterprise Project Type and Workflow Information Sync)

If I go to Server Settings, Project Sites and select the project, then click Synchronize in the header:


then I see a couple of queue jobs executed:

Project Site Membership Synchronization
Reporting (Project Sync)

However, I still do not see my expected users added to my site.  Only when I check the checkbox in the first screenshot, and then click Synchronize on the Project Sites page do I see my users get added.  So this checkbox controls the addition of users to my subweb.

There are some other settings in 2010 that had no UI, but could be set programmatically (or by editing the database and were documented in the article and the table was the same MSP_WEB_ADMIN, but this time the column is WADMIN_USER_SYNC_SETTING:


As you can see, mine is set to 0, which means all synchronizations are enabled.  If I change this to 2, this still has no effect on the site synchronization as long as the checkbox is checked.  Sync happens both on site creation and also using the Synchronize button.

Now lets jump forward to 2013.  The dialog in my first screenshot has no equivalent in 2013, and in a new installation the database setting for WADMIN_AUTO_ADD_USER_TO_SUBWEB  is defaulted to 1.  The WADMIN_USER_SYNC_SETTING now has some UI – under Server Settings, Project Permission Sync Settings.  I should add that this only appears when you are using Project Server Permissions mode.  The dialog looks like this:  , and if you are interested in the behind the scenes activity in the pub.MSP_WEB_ADMIN table the values for :


If you are interested in the behind the scenes activity in the pub.MSP_WEB_ADMIN table the values for WADMIN_USER_SYNC_SETTING follow the numbers documented at like so:

Enabled                            Value=0.       Enable all synchronizations.

DisablePWA                     Value=1.       Disable synchronization with Project Web App.

DisablePWS                     Value=2.       Disable synchronization with project sites.

DisableEmailSync             Value=3.       Disable email synchronization.

DisableAll                         Value=4.       Disable all synchronizations.

DisableVisbilityProjects    Value=8.       Disable Visibility projects synchronization only.

DisableEverything            Value = 255. Disable everything.

Unchecking Enable Project Site Sync will give me a value of 10 in the database – as it disables project site sync and sync with SharePoint Task List Project (or visibility projects as they are sometimes called).

With these settings, which are equivalent to the ones described in the final 2010 test above  (DB value was 2 rather than 10 as visibility projects didn’t exist),  if I create a new project and publish, and/or if I click Synchronize on the Connected SharePoint Sites page I DO NOT see any synchronize queue jobs and NO users are added to my site.  In 2013 there is no longer a single click option to synchronize sites if I have used the new UI in front of the WADMIN_USER_SYNC_SETTING values to turn off site sync.

The other gotcha, and the piece that got me looking deeper into this topic in the first place is the issue I alluded to in the intro.  What if I am using 2010 and have that box unchecked – then migrate to 2013?  In this case it can leave you confused as to why your users aren’t able to access their sites after you create a project.  The behavior you will see is that on initial publish of a project, assuming you create a site, then even if you have ‘Enable Project Site Sync’ enabled you will still not see your users added – and neither will you see the expected additional ‘Project Web App Synchronized’ groups – you will just see the default members, Owners and Visitors if you go to Site Settings, Site Permissions:


If you click on the Synchronize option you will see things put right – and the new groups will get added and your users added.  So we still take notice of the old DB setting which carried over from migration – but only on the project publish.


This last piece is certainly a bug – not sure at this point how it will be addressed, but we will be updating our upgrade documents to suggest checking that box before migration.  If you have migrated from 2010 (or earlier!) and are not seeing permissions on sites set as expected when you publish a plan then take a look at the database (change ProjectWebApp to the name of your database),


should return a 1.  If it shows a zero then you could run

Update [ProjectWebApp_PPM].[pub].[MSP_WEB_ADMIN]

This will show (1 rows(s) affected) as it resets the value.

We are reviewing this behavior change – so I will update if we do make any changes here.

For Project Online this last piece can never be an issue – as it will always be a 1 – and Project Online now has new defaults for the other Project Permissions Sync Settings – so by default we don’t sync anything.  And like 2013, if you have this sync turned off then Synchronize in Connected SharePoint Sites does nothing.

Setting Up Neo4j 2.0 on an Ubuntu Server

Authored by Steven Hall

Neo4j 2.0 is an awesome release of Neo Technology's great graph database.  There are some significant new features and some changes to the data model that, I think, make it more accessible.  You can install it locally to play around and do some testing, but I wanted to create a remote server that I could use as a back-end for data visualization projects.  Below are some notes on getting Neo4j installed on Ubuntu 12.04. 

There are some real gotchas that took some time to figure out, but if you follow this step-by-step procedure you should have the browser application bundled with Neo4j up and running in less than 15 minutes.

I should note that the Neo4j website has instructions for setting up on debian based systems, but those instructions, which are very helpful, are incomplete and in some cases just don't work for Ubuntu 12.04 (at least at the time I am writing this post).

Start from Fresh Ubuntu 12.04 Install

Neo4j is a Java application and in order to run the 2.0 version of the db server you need to have Java 7 installed before installing Neo4j.  Ubuntu does not officially support Java 7 so this becomes at little bit of a headache.  To install it using apt-get you need to add a repository and, incredibly, the command for adding repositories was unintentionally left out the latest versions of Ubuntu, so we need to correct that first.

You can add "sudo" (e.g. sudo apt-get update) to the following commands as applicable.  In my case, I installed as the root user on the server.

Install Java 7

Add the "add-apt-repository" command (important):

apt-get update
apt-get install python-software-properties

Install Java 7:

add-apt-repository ppa:webupd8team/java
apt-get update
apt-get install oracle-java7-installer

Install Neo4j:

Note:  this largely the same as Neo4j recommends, but I had to change a few things.

wget -O - | apt-key add -
echo 'deb stable/' > /etc/apt/sources.list.d/neo4j.list
apt-get update
apt-get install neo4j

Start the Server:

/etc/init.d/neo4j-service start

Increasing Max Files

You'll notice when you start the server that you get warning saying:

WARNING: Max 1024 open files allowed, minimum of 40 000 recommended.

Let's correct that.  The instructions for handling this on the neo4j website did not work for me without a little modification.  Here's what to do:

1. Edit /etc/security/limits.conf and add these two lines:
root   soft     nofile  40000
root   hard    nofile  40000

The neo4j recommends "neo4j" in place of "root" here.  That does not work.

2. Edit /etc/pam.d/su and uncomment or add the following line:
session    required

A restart is required for the settings to take effect.

Optionally Allow External Connections

If you want to be able to open the browser app and interact with the graph db on the remote server you need to allow remote connections.  Note that if you allow any IP address to connect then anyone can access your database, but if you just want to play around with the browser app this is what you do:

Edit /etc/neo4j/ and uncomment the following line:


That will allow connections from any IP address, but you can also specify your current IP to limit to just that one.  That will make it a little bit safer, but if your IP changes you need to update the file accordingly.

So now just restart the database server and open the browser application in your web browser by going to:



Removing All Data from Neo4j

A couple more quick notes.  If you are playing around with the neo4j database and just want to clear it out and start over again, there are two things you can do:

1. Run a cypher query like this:

match n
with n
optional match n-[r]-()
delete r,n

This will remove all the nodes and relations in the db. However, a lot of meta-data remains and, in my experience, if have a lot of data in the db it will fail or take a long time to run (or both).

2. Recreate the Data Directory

If you really want to get the job done, it's better to wipe out the entire data directory and make a new one.  The default directory is set in the /etc/neo4j/ file to data/graph.db.  On Ubuntu this directory will be located at :


To wipe out the data the process would be:

/etc/init.d/neo4j-service stop         //Stop the Server
cd /var/lib/neo4j                           // Change to directory
rm -rf data                                    // Remove data/
mkdir data                                  // Make a new data/
chown neo4j data                     // Make sure neo4j can write to it
/etc/init.d/neo4j-service start    // Restart - Neo4j will make new graph.db etc

Hope that helps someone out there.


English Pronunciation -- a very cool poem

If you can pronounce correctly every word in this poem, you will be speaking English better than 90% of the native English speakers in the world. After trying the verses, a Frenchman said he’d prefer six months of hard labour to reading six lines aloud.

Dearest creature in creation,
Study English pronunciation.
I will teach you in my verse
Sounds like corpse, corps, horse, and worse.
I will keep you, Suzy, busy,
Make your head with heat grow dizzy.
Tear in eye, your dress will tear.
So shall I! Oh hear my prayer.
Just compare heart, beard, and heard,
Dies and diet, lord and word,
Sword and sward, retain and Britain.
(Mind the latter, how it’s written.)
Now I surely will not plague you
With such words as plaque and ague.
But be careful how you speak:
Say break and steak, but bleak and streak;
Cloven, oven, how and low,
Script, receipt, show, poem, and toe.
Hear me say, devoid of trickery,
Daughter, laughter, and Terpsichore,
Typhoid, measles, topsails, aisles,
Exiles, similes, and reviles;
Scholar, vicar, and cigar,
Solar, mica, war and far;
One, anemone, Balmoral,
Kitchen, lichen, laundry, laurel;
Gertrude, German, wind and mind,
Scene, Melpomene, mankind.
Billet does not rhyme with ballet,
Bouquet, wallet, mallet, chalet.
Blood and flood are not like food,
Nor is mould like should and would.
Viscous, viscount, load and broad,
Toward, to forward, to reward.
And your pronunciation’s OK
When you correctly say croquet,
Rounded, wounded, grieve and sieve,
Friend and fiend, alive and live.
Ivy, privy, famous; clamour
And enamour rhyme with hammer.
River, rival, tomb, bomb, comb,
Doll and roll and some and home.
Stranger does not rhyme with anger,
Neither does devour with clangour.
Souls but foul, haunt but aunt,
Font, front, wont, want, grand, and grant,
Shoes, goes, does. Now first say finger,
And then singer, ginger, linger,
Real, zeal, mauve, gauze, gouge and gauge,
Marriage, foliage, mirage, and age.
Query does not rhyme with very,
Nor does fury sound like bury.
Dost, lost, post and doth, cloth, loth.
Job, nob, bosom, transom, oath.
Though the differences seem little,
We say actual but victual.
Refer does not rhyme with deafer.
Foeffer does, and zephyr, heifer.
Mint, pint, senate and sedate;
Dull, bull, and George ate late.
Scenic, Arabic, Pacific,
Science, conscience, scientific.
Liberty, library, heave and heaven,
Rachel, ache, moustache, eleven.
We say hallowed, but allowed,
People, leopard, towed, but vowed.
Mark the differences, moreover,
Between mover, cover, clover;
Leeches, breeches, wise, precise,
Chalice, but police and lice;
Camel, constable, unstable,
Principle, disciple, label.
Petal, panel, and canal,
Wait, surprise, plait, promise, pal.
Worm and storm, chaise, chaos, chair,
Senator, spectator, mayor.
Tour, but our and succour, four.
Gas, alas, and Arkansas.
Sea, idea, Korea, area,
Psalm, Maria, but malaria.
Youth, south, southern, cleanse and clean.
Doctrine, turpentine, marine.
Compare alien with Italian,
Dandelion and battalion.
Sally with ally, yea, ye,
Eye, I, ay, aye, whey, and key.
Say aver, but ever, fever,
Neither, leisure, skein, deceiver.
Heron, granary, canary.
Crevice and device and aerie.
Face, but preface, not efface.
Phlegm, phlegmatic, ass, glass, bass.
Large, but target, gin, give, verging,
Ought, out, joust and scour, scourging.
Ear, but earn and wear and tear
Do not rhyme with here but ere.
Seven is right, but so is even,
Hyphen, roughen, nephew Stephen,
Monkey, donkey, Turk and jerk,
Ask, grasp, wasp, and cork and work.
Pronunciation (think of Psyche!)
Is a paling stout and spikey?
Won’t it make you lose your wits,
Writing groats and saying grits?
It’s a dark abyss or tunnel:
Strewn with stones, stowed, solace, gunwale,
Islington and Isle of Wight,
Housewife, verdict and indict.
Finally, which rhymes with enough,
Though, through, plough, or dough, or cough?
Hiccough has the sound of cup.
My advice is to give up!!!

English Pronunciation by G. Nolst Trenité


Remove and Re-add product key for Office 2013 and Office 365

Having been on Microsoft Office 365 for a few months now, we started to notice that when users who had activated software on a PC were removed from Office 365, the software would go into "grace period" and would continually notify the new user of the PC that there was a problem. The trouble was I could not figure out how to reassign the software license to the new user. Finally I have found steps that will accomplish this without having to repair/reinstall office.

Open Command Prompt on PC
Open a Command Prompt window, and then take one of the following actions:

  • If you installed the 64-bit version of Office 2013, move to the following folder: C:\Program Files\Microsoft Office\Office15
  • If you installed the 32-bit version of Office 2013, move to the following folder: C:\Program Files (x86)\Microsoft Office\Office15

Display the Current License(s)
Type the following command to display the license status. Note the last five characters of any and all license keys that display in the output:

cscript ospp.vbs /dstatus

Remove the License(s)
Now run the following command as many times as needed to remove all of the license keys you noted from the previous step.

cscript ospp.vbs /unpkey:[LAST 5 numbers of existing product key]

Restart the Computer

Once the remove commands are successfull, close the command prompt and restart the PC.

Reactivate MS Office 2013 with New Account

Launch one of the MS Office 2013 applications (I like to use Word). The application should prompt you to reactivate the by providing your sign-on ID. Enter in the new user's credentials and the software will now be licensed under their ID.

Project 2013 and Project Server 2013 Technical Training Links

Microsoft Training Links

Project 2013 training for IT pros and developers

General Link:

Development Links

Administration Links:

Office Web Apps 2013 Server Install and Configuration

Copied from here

Installing Office Web Apps

Office Web Apps 2013 is a stand-alone server web application that provides capabilities to open and render a Microsoft Office Word, Excel, PowerPoint, or OneNote document as a web page. Microsoft SharePoint 2013, Exchange 2013, and Lync 2013 can share the rendering service to display Office documents in those applications as a web page. Additionally, when accessed from within a SharePoint 2013 farm, Office Web Apps also enables rich editing features for those documents.

Note: You cannot install Office Web Apps on the same server as SharePoint 2013

Please follow the server preparation process in the following sections for the appropriate server, either Windows Server 2008 R2 or Windows Server 2012.

Windows Server 2008 R2 Preparation

Start by installing the following prerequisite software for Windows Server 2008 R2:

Open a PowerShell command running as an Administrator and execute the following commands to install the required roles and services for Office Web Apps.

Import-Module ServerManager
## Run the following command as a single line
Add-WindowsFeature Web-Server,Web-WebServer,Web-Common-Http,Web-Static-Content,Web-App-Dev,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,Web-Security,Web-Windows-Auth,Web-Filtering,Web-Stat-Compression,Web-Dyn-Compression,Web-Mgmt-Console,Ink-Handwriting,IH-Ink-Support

Please continue with the “Office Web Apps Installation” section below.

Windows Server 2012 Preparation

To begin, open a PowerShell command running as an Administrator and execute the following commands to install the required roles and services for Office Web Apps.

Add-WindowsFeature Web-Server,Web-Mgmt-Tools,Web-Mgmt-Console,Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Static-Content,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Security,Web-Filtering,Web-Windows-Auth,Web-App-Dev,Web-Net-Ext45,Web-Asp-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,InkandHandwritingServices

Please continue with the “Office Web Apps Installation” section below.

Office Web Apps Installation

Open and run the Office Web Apps setup.exe media to launch the setup wizard.

  1. In the Office Web Apps Server 2013 Wizard, on the Read the Microsoft Software License Terms page, select I accept the terms of this agreement and then select Continue.
  2. On the Choose a file location page, select the folder where you want the Office Web Apps Server files to be installed (for example, C:\Program Files\Microsoft Office Web Apps), and then select Install Now. Note that, if this folder does not exist, Setup will create it for you.
    The Choose a file location screen on the Office Web Apps install wizard.

    The Choose a file location screen on the Office Web Apps install wizard.

  3. When Setup finishes installing Office Web Apps Server, choose Close.

After installing the Office Web Apps 2013 server software, you are ready to install any additional add-ins and updates. You can also install any language packs your farm requires. To install the language packs, run the setup media for each of the language packs you desire.

If applicable, install the latest service pack Microsoft has released for Office Web Apps 2013 and then apply the latest service packs Microsoft has released for Office Web Apps 2013 language packs.

Finally, check for updates on Microsoft Update in the server’s control panel.

Configuring Office Web Apps

This section describes how to configure an Office Web Apps farm and join servers to it.

Important: Low memory conditions can cause Office document previews to fail in Office Web Apps. Verify that any servers that run Office Web Apps have sufficient memory.

On the first server for the Office Web Apps farm, execute the following PowerShell command to provision the farm:

New-OfficeWebAppsFarm -InternalUrl "" -ExternalUrl "" -SSLOffloaded –EditingEnabled

The SSLOffloaded command switch configures Office Web Apps for hardware load-balancing, where the load-balancing device manages the SSL certificate and then relays the request to an Office Web Apps server over HTTP unencrypted traffic. This improves the overall performance but does require a secure network between the load-balancer and the Office Web Apps servers.

The following image provides an example of the expected output from the PowerShell command.

PowerShell results from configuring an Office Web Apps farm

PowerShell results from configuring an Office Web Apps farm

Critical: Before you can use the Office Web Apps farm, you must add your domain to the list of allowed hosts.

Run the following PowerShell command to add your domain to the list of allowed hosts, substituting your domain for “”

New-OfficeWebAppsHost -Domain

Once you have provisioned an Office Web Apps farm and allowed your domain, you can join additional Office Web Apps servers to the farm. To join additional servers, install the Office Web Apps software by following the steps in the previous section and then execute the following PowerShell command.

New-OfficeWebAppsMachine –MachineToJoin “

You can test the Office Web Apps configuration by navigating to this URL and verifying it displays a Web app Open Platform Interface (WOPI)-discovery XML file:

Note: For more information on deploying and configuring Office Web Apps, please see this TechNet article:

Configuring the Windows Firewall for Office Web Apps Traffic

On each Office Web Apps 2013 Server, you will need to set a firewall rule to allow Office Web Apps inter-farm traffic and HTTP/HTTPS traffic. Alternatively, you can disable the Windows Firewall if you choose and if you have another firewall solution.

You can set the Windows Firewall rules by navigating to the Control Panel, then click System and Security, then click Windows Firewall, and finally click Advanced settings. In the Inbound Rules area, ensure that the server allows connections on port 80 (HTTP) and port 443 (HTTPS). Add the port for the Office Web Apps inter-farm communication by following these steps:

  1. In the Windows Firewall with Advanced Security window, click Inbound Rules.
  2. In the Actions panel, click New rule…
  3. In the New Inbound Rule Wizard window, select Ports as the Rule Type and click Next.
  4. Select TCP and enter “809” for the Specific local ports. Click Next.
    Windows Firewall Port Rule for Office Web Apps communication

    Windows Firewall Port Rule for Office Web Apps communication

  5. Click Next. On the Profile screen, uncheck Public and click Next.
  6. On the Name screen, enter “Office Web Apps Inter-Farm Communication” and click Finish.

Configuring a SharePoint 2013 Farm for Office Web Apps

Logon to the SharePoint application server that hosts Central Administration and open the SharePoint 2013 Management Shell (PowerShell), running it as an administrator. Next, enter the following PowerShell command:

New-SPWOPIBinding -ServerName “

Run the following PowerShell command to enabled OAuth over HTTP.

$config = (get-spsecuritytokenserviceconfig)
$config.allowoauthoverhttp = $true

Run the following PowerShell command to change the WOPI zone to external-https.

Set-SPWOPIZone –zone “external-https”

Finally, verify that Office Web Apps is working by navigating to a SharePoint 2013 document library and verify that you can open a document as a web page.

Note: For more information on how to configure a SharePoint 2013 farm to use Office Web Apps and for troubleshooting information, please see this TechNet article:


System.ServiceModel.ServiceActivationException: The service ‘/SecurityTokenServiceApplication/securitytoken.svc’ cannot be activated due to an exception during compilation.

Re-post from here

I had performed an in-place upgrade of a Team Foundation Server from Windows Server 2012 to Windows Server 2012 R2. Overall, no issues detected until a couple of weeks later when all the Developers came back to work (after XMas break) and informed me that Documents were not available via the Visual Studio 2012 application. The following error was occurring in Visual Studio; Please contact your administrator. There was an error contacting the server.Technical information (for administrator): HTTP code 200: OK
So off to the TFS Server it was….

First stop was the Event Viewer and there were two errors that I believe were related and occurring.

Error 1 – Event ID 3 System.ServiceModel WebHost failed to process a request. 

Sender Information:System.ServiceModel.ServiceHostingEnvironment+HostingManager/4032828 
Exception: System.ServiceModel.ServiceActivationException: The service ‘/SecurityTokenServiceApplication/securitytoken.svc’ cannot be activated 
due to an exception during compilation. 

The exception message is: Exception has been thrown by the target of an invocation.. —> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. —> System.ArgumentNullException: Value cannot be null. Parameter name: certificate at System.IdentityModel.Tokens.X509SecurityToken..ctor(X509Certificate2 certificate, String id, Boolean clone, Boolean disposable) at System.IdentityModel.Tokens.X509SecurityToken..ctor(X509Certificate2 certificate) at Microsoft.SharePoint.Administration.Claims.SPSecurityTokenServiceManager.ConfigureTokenHandlerCollection(SPSecurityTokenServiceManager manager, SecurityTokenHandlerCollectionManager collectionManager, String key, SecurityTokenHandlerCollection& tokenHandlerCollection) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenServiceConfiguration.ConfigureTokenHandlerCollectionForLocalIssuer(SPSecurityTokenServiceManager manager, SecurityTokenHandlerCollectionManager collectionManager, String key) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenServiceConfiguration..ctor() — End of inner exception stack trace — at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean&bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark) at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark) at System.Activator.CreateInstance(Type type, Boolean nonPublic) at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, StackCrawlMark& stackMark) at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceHostFactory.CreateSecurityTokenServiceConfiguration(String constructorString) at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses) at Microsoft.SharePoint.IdentityModel.SPSecurityTokenServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses) at System.ServiceModel.ServiceHostingEnvironment.HostingManager.CreateService(String normalizedVirtualPath, EventTraceActivity eventTraceActivity) at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(ServiceActivationInfo serviceActivationInfo, EventTraceActivity eventTraceActivity) at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath, EventTraceActivity eventTraceActivity) — End of inner exception stack trace — at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath, EventTraceActivity eventTraceActivity) at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath, EventTraceActivity eventTraceActivity) Process Name: w3wp Process ID: 5664

Error 2 – Error ID 8306 SharePoint Foundation

An exception occurred when trying to issue security token: 
The requested service, ‘http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc’ could not be activated. 
See the server’s diagnostic trace logs for more information.. 

Error 3 – Error ID 6398

The Execute method of job definition Microsoft.Office.Server.UserProfiles.LMTRepopulationJob (ID 1b0c4725-fbcf-476d-af60-3aeabbdbd35c) threw an 
exception. More information is included below. System.ServiceModel.ServiceActivationException 

The common problem here appeared to me to be with relation to the SecurityTokenServiceApplication, which can be sussed out within IIS… First I check that the Application Pool was configured with correct TFS Account and started…check Next went to browse the SecurityTokenServiceApplication web page itself (IIS Manager –> Sites –> SharePoint WebServices –> SecurityTokenServiceApplication, click on ‘Content View’ down at the bottom, right click on Securitytoken.svc and click Browse)…ERROR Basically you get a ‘Server Error in ‘/..’ Application + Error 1 above, or Internet Explorer cannot display the webpage etc.
From here I knew that the only way to fix this was to focus on the SecurityTokenServiceApplication web service but I wasn’t really sure where to start except that I knew this would be easy with PowerShell. :)

Thanks to gurus such as Syed and Abhishek Saigal, this is what fixed my issue.

The below PowerShell commands re-provisions all the SharePoint Web Services.
Don’t worry about losing any data/applications on SharePoint, all will remain intact.
Run the following commands one by one on SharePoint PowerShell:

$h = Get-SPServiceHostconfig 
$services = Get-SPServiceApplication 
foreach ($service in $services) { $service.provision(); write-host $} 

The output will take a little time and display each service one after another, patiently wait until it finishes.
Perform an IIS Reset and give another shot to browsing ‘http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc’ This page then displayed correctly, e.g. no error messages and Documents then worked within Visual Studio.