How to reconfigure a machines time configuration to sync from the domain hierarchy?

Normally the PDC FSMO at the forest root domain will synchronize from an external time server. All other domain controllers and domain members should synchronize from the domain hierarchy. To configure this on every machine (except the forest root PDC FSMO):

Open an elevated command prompt
Run commands:
w32tm /config /syncfromflags:DOMHIER /update
w32tm /resync /nowait
net stop w32time
net start w32time
If this does not work try again but this time for the resync command add /rediscover.

You can check the time source and state using:

w32tm /query /source
w32tm /monitor


Layer 3 of the OSI Model. Network Layer

Layer 3: Network Layer
The network layer provides the functional and procedural means of transferring variable length data sequences (called packets) from one node to another connected in “different networks”. A network is a medium to which many nodes can be connected, on which every node has an address and which permits nodes connected to it to transfer messages to other nodes connected to it by merely providing the content of a message and the address of the destination node and letting the network find the way to deliver the message to the destination node, possibly routing it through intermediate nodes. If the message is too large to be transmitted from one node to another on the data link layer between those nodes, the network may implement message delivery by splitting the message into several fragments at one node, sending the fragments independently, and reassembling the fragments at another node. It may, but does not need to, report delivery errors.

Message delivery at the network layer is not necessarily guaranteed to be reliable; a network layer protocol may provide reliable message delivery, but it need not do so.


Layer 2 of the OSI Model – Data Link Layer

The 2nd layer of the OSI layer is called the Data Link Layer.  This is where the method of networking is determined.  (wired or wireless or token ring etc)
Data Link Layer (Layer 2)

The second-lowest layer (layer 2) in the OSI Reference Model stack is the data link layer, often abbreviated “DLL” (though that abbreviation has other meanings as well in the computer world). The data link layer, also sometimes just called the link layer, is where many wired and wireless local area networking (LAN) technologies primarily function. For example, Ethernet, Token Ring, FDDI and 802.11 (“wireless Ethernet” or “Wi-Fi’) are all sometimes called “data link layer technologies”. The set of devices connected at the data link layer is what is commonly considered a simple “network as opposed to Internetwork

Data Link Layer Sublayers: Logical Link Control (LLC) and Media Access Control (MAC)The data link layer is often conceptually divided into two sublayers: logical link control (LLC) and media access control (MAC). This split is based on the architecture used in the IEEE 802 Project, which is the IEEE working group responsible for creating the standards that define many networking technologies (including all of the ones I mentioned above except FDDI). By separating LLC and MAC functions, interoperability of different network technologies is made easier, as explained in our earlier discussion of networking model concepts.

Data Link Layer Functions

The following are the key tasks performed at the data link layer:

Logical Link Control (LLC): Logical link control refers to the functions required for the establishment and control of logical links between local devices on a network. As mentioned above, this is usually considered a DLL sublayer; it provides services to the network layer above it and hides the rest of the details of the data link layer to allow different technologies to work seamlessly with the higher layers. Most local area networking technologies use the IEEE 802.2 LLC protocol.

Media Access Control (MAC): This refers to the procedures used by devices to control access to the network medium. Since many networks use a shared medium (such as a single network cable, or a series of cables that are electrically connected into a single virtual medium) it is necessary to have rules for managing the medium to avoid conflicts. For example. Ethernet uses the CSMA/CD method of media access control, while Token Ring uses token passing.

Data Framing: The data link layer is responsible for the final encapsulation of higher-level messages into frames that are sent over the network at the physical layer.

Addressing: The data link layer is the lowest layer in the OSI model that is concerned with addressing: labeling information with a particular destination location. Each device on a network has a unique number, usually called a hardware address or MAC address, that is used by the data link layer protocol to ensure that data intended for a specific machine gets to it properly.

Error Detection and Handling: The data link layer handles errors that occur at the lower levels of the network stack. For example, a cyclic redundancy check (CRC) field is often employed to allow the station receiving data to detect if it was received correctly.

Networking OSI Layers

The part of networking that I always have problems with is the OSI model.  Because of this, I am documenting my study of those layers here.  To help with this, I have copied the Dummies guide description of the explanation.  They always say that typing things out helps in memorization so over the next week or so I am going to translate the “Dummies'” definition to the complete Idiot’s definition that I need to finally understand this stuff.

Wish me luck

The layers of the OSI model

Under its official name, the Open Systems Interconnection Reference Model, or the OSI model, was developed by the International Organization for Standardization, which uses the abbreviation of ISO. And, yes, the full acronym of the OSI is ISO OSI.
The OSI model is a layered model that describes how information moves from an application program running on one networked computer to an application program running on another networked computer. In essence, the OSI model prescribes the steps to be used to transfer data over a transmission medium from one networked device to another. The OSI model is a seven-layer model developed around five specific design principles:
Whenever a discrete level of abstraction is required, a new layer should be created.
Each layer of the model should carry out a well-defined function.
The function of each layer should define internationally standardized protocols.
The boundaries of the layers should be placed to minimize the flow of information across interfaces.
There should be a sufficient number of layers defined to prevent unnecessary grouping of functions and the number of layers should also be small enough so that the model remains manageable.

Moving down through the layers

The OSI model breaks the network communications process into seven separate layers. From the top, or the layer closest to the user, down, these layers are:
Layer 7, Application: The Application layer provides services to the software through which the user requests network services. Your computer application software is not on the Application layer. This layer isn’t about applications and doesn’t contain any applications. In other words, programs such as Microsoft Word or Corel are not at this layer, but browsers, FTP clients, and mail clients are.
Layer 6, Presentation: This layer is concerned with data representation and code formatting.
Layer 5, Session: The Session layer establishes, maintains, and manages the communication session between computers.
Layer 4, Transport: The functions defined in this layer provide for the reliable transmission of data segments, as well as the disassembly and assembly of the data before and after transmission.
Layer 3, Network: This is the layer on which routing takes place, and, as a result, is perhaps the most important OSI layer to study for the CCNA test. The Network layer defines the processes used to route data across the network and the structure and use of logical addressing.
Layer 2, Data Link: As its name suggests, this layer is concerned with the linkages and mechanisms used to move data about the network, including the topology, such as Ethernet or Token Ring, and deals with the ways in which data is reliably transmitted.
Layer 1, Physical: The Physical layer’s name says it all. This layer defines the electrical and physical specifications for the networking media that carry the data bits across a network.

Other interesting OSI layer stuff

Layers 5 through 7 are generally referred to as the upper layers. Conversely, Layers 1 through 4 are collectively called the lower layers. Seems obvious, but you’ll see these references on the test.
You need to know the seven layers in sequence, either top-to-bottom or bottom-to-top. Here are some mnemonic phrases to help you remember the layers of the OSI model:
“Please Do Not Throw Salami Pizza Away” — this works for bottom-to-top. If you don’t like salami pizza, then how about seafood or spinach pizza instead?
“All People Seem To Need Data Processing” — a top-to-bottom reminder.
“APS Transports Network Data Physically” — APS refers to Application, Presentation, and Session. This one separates the upper and lower layer groups.
“Please Do Not Tell Secret Passwords Anytime” — Shh! Another bottom-to-top phrase.

Packaging the data

Each layer of the OSI model formats the data it receives to suit the functions to be performed on that layer. In general, the package of data that moves through the layers is called a Protocol Data Unit (PDU). However, as the data is reformatted and repackaged, it takes on unique names on certain layers. Table 1 lists the name each layer uses to refer to a message.


Here are sample CMPivot Queries that I have come across since it was introduced in 1806


SCCM Client Log Collection added to Tech Preview 1912

Client Log Collection
You can now trigger a client device to upload its client logs to the site server by sending a client notification action from the Configuration Manager console.

Permissions for client log collection
To collect client logs, your administrative user needs:

Notify resource permission on the Collection
The Full Administrator and Operations Administrator built-in roles have this permission by default.
Log files

Collect client logs
In the Assets and Compliance workspace, go to either the Devices or Device Collections node.

Right-click on a device, or a device collection.

Select Client Diagnostics, then select Collect Client Logs.

Collect client logs from the console

A client notification message is sent to the selected clients to gather the CCM logs. The logs are returned using software inventory file collection. You can also select Collect Client Logs under Client Diagnostics from either the Device Collections or Devices node using the ribbon.

View client logs
From the Devices node, right-click on the device you want to view logs for.
Select Start, then Resource Explorer.
From Resource Explorer, click on Diagnostic Files.
In the Diagnostic Files list, you can see the collection date for the files. The name format of the client logs is
Right-click on the zip file and select one of the following options:
Open Support Center: Launches Support Center.
Copy: Copies the row information from Resource Explorer.
View file: Opens the folder where the zip file is located with File Explorer.
Save: Opens a Save File dialog for the selected file.
Export: Saves the Resource Explorer columns shown in Diagnostic Files.
Refresh: Refreshes the file list.
Properties: Returns the properties on the selected file.
Review and save client logs from Resource Explorer

Command Line Equivalent of wuauclt in Windows 10 / Windows Server 2016

Windows Update with Windows 10 & Windows Server 2016 was modified so that it could be integrated with the new UI. The old Windows Update is now gone from Control Panel (I am so sad…) and if you have to view updates, all you can do is

Start -> Settings -> Update & Security -> Windows Update

With earlier versions of Windows, there used to be utility wuauclt but that does not work anymore since it does not update the UI which is accessed through Settings.exe

Now, if you try typing the following command in an Administrator command prompt on Windows 10 or Windows Server 2016, nothing will happen – wuauclt /detectnow

Now, in order to force check Windows Update, follow the below instructions –

  1. Open a Command Prompt with Administrator privileges.
  2. Type in usoclient StartScan
  3. You will see that Windows Update in Settings.exe will start refreshing

Note: USOClient.exe is located in C:\Windows\System32

This will also force the client to report its status to the WSUS server (if configured).

On using Sysinternal’s Strings on UsoClient.exe, I found that there are more switches which can be used –

  • StartScan Used To Start Scan
  • StartDownload Used to Start Download of Patches
  • StartInstall Used to Install Downloaded Patches
  • RefreshSettings Refresh Settings if any changes were made
  • StartInteractiveScan May ask for user input and/or open dialogues to show progress or report errors
  • RestartDevice Restart device to finish installation of updates
  • ScanInstallWait Combined Scan Download Install
  • ResumeUpdate Resume Update Installation On Boot

Note – Attempting to run the Interactive mode if WU is configured to be solely non-Interactive, or on a non-Interactive server, should trigger an error (something along the lines of “AU Can not perform non-interactive scan if AU is interactive-only”).

Recently, I was working with the Windows Update API on Server 2016 and initially this caused a lot of trouble because patches were installed but were not being reported properly in the UI. I found this executable by checking out the following –


Task Scheduler -> Microsoft -> Windows -> Update Orchestrator

Manually remove SCCM client

To manually remove the sCCM client all of the following must be removed

1. SMS Agent Host Service

Stop service

from elevated command line enter (not powershell)

SC Delete ccmexec

2. CCMSetup service (if present)


3. \windows\ccm directory


4. \windows\ccmsetup directory


5. \windows\ccmcache directory


6. \windows\smscfg.ini


7. \windows\sms*.mif (if present)


8. HKLM\software\Microsoft\ccm registry keys


9. HKLM\software\Microsoft\CCMSETUP registry keys


10. HKLM\software\Microsoft\SMS registry keys

Query to find duplicate Mac addresses in SCCM

found on consolidating here for my own records

Using SCCM to query the ConfigMgr database to find clients with duplicate MAC addresses.


We discovered an issue on a client site where multiple distinct clients could have the same MAC address. In this case the end-point would not behave as expected as the deployments the client would receive may not be the ones you expected.


There are many ways to skin this particular cat but this seemed like a viable scenario to demo a how to query the ConfigMgr database to scan for instances where a client had a particular MAC Address.


Update 04/06/2015:
Having a browse around turns out this functionality already exists!

  1. Open the SCCM (ConfigMgr) console
  2. Click the Monitoring tab
  3. Click Reports
  4. Search for mac


Option 2

  1. Open the SCCM (ConfigMgr) console
  2. Click the Monitoring tab
  3. Create new Query wizard
    > Right click Queries
    Create Query
  4. General Query Settings
    > Name: All Systems – Find Clients with a given MAC Address
    > Comments: Brief description of what the query is for
    > Click Edit Query Statement
  5. Query Statement
    > Click Show Query Language
    > Paste the following query into the Query Statement

    SELECT SMS_R_System.Name, SMS_R_System.MACAddresses
    FROM  SMS_R_System
    WHERE SMS_R_System.MACAddresses = ##PRM:SMS_R_System.MACAddresses##

    > Click Ok

  6. Summary
    > Click Close
  7. Test your new query
    > Right click new query
    > Click Run
  8. MAC Address prompt
    > Enter the MAC Address you would like to query
    > Click Ok
  9. You will be presented with the results for a particular MAC address

Query Statement Explained

SELECT SMS_R_System.Name, SMS_R_System.MACAddresses

The SELECT statement is used to decide what information you would like retrieved by the Query in this case the following:

SMS_R_System.Name Name of client
SMS_R_System.MACAddresses MAC Address of Client

You can use the query builder to add/remove fields to your preference.

FROM  SMS_R_System

FROM statement indicates which table the information is stored in, in this case SMS_R_SYSTEM

WHERE SMS_R_System.MACAddresses = ##PRM:SMS_R_System.MACAddresses##

The WHERE statement is the condition by which results are filtered.

##PRM: ##  will prompt the user to enter information, the message prompt and data type will match that of the field you have targeted.

In this case System.Resource.MACAddresses and data type text