ITExperience.NET Rotating Header Image

“Couldn’t find object” in Get-DistributionGroup while modifying Message Delivery Restrictions

The other day, I was asked to add a user to the allow-send-list of a Distribution Group in Exchange 2010. The usage of this group was constrained to only a few users, because it would address all users in the company.

Normally this is an easy operation:

  1. Double click the Distribution Group
  2. Go to tab “Mail Flow Settings
  3. Double click “Message Delivery Restrictions
  4. Click Add… and find the user you want to grant permission
  5. Click OK, OK, OK, and we’re done.
1 Couldnt find object in Get DistributionGroup while modifying Message Delivery Restrictions

Message Delivery Restrictions – Exchange 2010


However, today was not a usual day. So, I got this error:

Microsoft Exchange Error
The following error(s) occurred while saving changes:

Couldn’t find object “FQDN/OU1/OU2/User1″. Please make sure that it was spelled correctly or specify a different object.

The user specified in the error was a disabled user, and the user was not listed in the GUI of the Message Delivery Restrictions. So I decided to remove the user using Powershell.

Add user to the AcceptMessagesOnlyFrom list of a Distribution Group using Powershell:

Get-DistributionGroup -id "%DistrGroup1" | Set-DistributionGroup -AcceptMessagesOnlyFrom @{Remove="User1"}

This cmdlet however also returned an error that object could not be found.

Couldn’t find object “User1″. Please make sure that it was spelled correctly or specify a different object.
+ CategoryInfo          : NotSpecified: (:) [], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : 643A74EF

The trick in this situation was to

  1. enable the Active Directory user, and then
  2. (re)create a mailbox for the specific user. Since the user is Exchange-enabled again,
  3. you can now remove the user from the AcceptMessagesOnlyFrom list.

Note that the user is still not visible in the GUI, so you need to remove the user using the cmdlet.
If you recently disabled the mailbox in Exchange, it may still exist in the “Disconnected Mailbox” node in the Exchange Management Console -> Recipient Configuration -> Disconnected Mailbox. If so, try to reconnect the mailbox (right click -> Connect…)

Don’t forget to disable the user’s mailbox again in the Exchange Management Console, and disable the user in Active Directory afterwards.

In Exchange 2010 SP2 and later, the @{Remove=} and @{Add} is a new feature in the cmdlet.

You can, for example, remove a user from the AcceptMessagesOnlyFrom:

Get-DistributionGroup -id "DistrGroup1" | Set-DistributionGroup -AcceptMessagesOnlyFrom @{Remove="User1"}

Or add a user to the list:

Get-DistributionGroup -id "DistrGroup1" | Set-DistributionGroup -AcceptMessagesOnlyFrom @{Add="User1"}

or you can also combine multiple users and Add/Remove actions::

Get-DistributionGroup "DistrGroup1" | Set-DistributionGroup -AcceptMessagesOnlyFrom @{Add="User1"; Remove="User9","User10"}


“The ActiveSyncDevice cannot be found” in Exchange 2010 while removing a

Users prefer to sync their email with all their devices. The total of home and work devices can easily exceed the default limit of 10. Especially when they are ‘techy’ and buy/sell new devices whenever they want. :)
When users have linked a total of 10 devices (including retired devices), they can remove unneeded / retired devices by using OWA.
However, if a user is moved in Active Directory between the moment they set up partnership with their mobile Phone and the moment they want to remove the partnership, they may receive an error.

If you, as an Exchange administrator, want to remove the device partnership using the Administrator Console (GUI), you will also receive the error:

The ActiveSyncDevice fqdn/ou/ou/username/ExchangeActiveSyncDevices/iPhone§ApplXXYYZZ cannot be found.
Click here for help…
Exchange Management Shell command attempted:
Remove-ActiveSyncDevice -Identity ‘fqdn/ou/ou/username/ExchangeActiveSyncDevices/iPhone§ApplXXYYZZ’

ok The ActiveSyncDevice cannot be found in Exchange 2010 while removing a

Exchange 2010 error remove mobile phone

This error occurs because the device has moved to another location in Active Directory.
The trick in this issue is to remove the device on its GUID.

  1. First, open the Exchange Management Shell
  2. Run the following cmdlet: Get-ActiveSyncDeviceStatistics -Mailbox
  3. Find the device you want to remove, and copy paste the GUID
  4. Run the following cmdlet: Remove-ActiveSyncDevice -Id 0215da00-227e-4470-a498-e4a44615a223  (replace the guid with your GUID)




An Active Directory Domain Controller (AD DC) for the domain “” could not be contacted (Windows Azure)

When you attempt to join a Windows 2012 R2 server to a domain in Windows Azure, you may receive the error An Active Directory Domain Controller (AD DC) for the domain “” could not be contacted

If you click Details, the relevant part of the explanation is:

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain “”:
The error was: “DNS name does not exist.”
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for”

In most cases, the domain controller is reachable. If you have enabled PING to your DC, you can try to ping and you will probably get an answer back. In that case, this error can easily be resolved by manually adding a DNS Server Address in the Advanced TCP/IP settings of the network adapter.

There’s a screenshot below (click to enlarge!) that visualizes the following steps to fix this problem:

First, logon to the machine that you want to join to the domain (your client)

  1. Go to your Network and Sharing Center
  2. Click the Network Adapter that you use to join the domain (typically there is only one adapter, but in some scenarios you may have multiple NICS connected to your network)
  3. In the window “Network Adapter” Status, click Properties
  4. In the new window, select the Internet Protocol Version 4 (TCP/IPv4)
  5. Then click Properties
  6. In the Internet Protocol Version 4 (TCP/IPv4) window, click Advanced…
  7. In the Advanced TCP/IP Settings, select the tab DNS
  8. Beneath the “DNS Server addresses, in order of use” click Add…
  9. A small window pops up. Enter the IP address of your Domain Controller, and click OK
  10. Close all Windows with the OK button. It may be necessary to restart the computer. Retry to join the domain.
image thumb An Active Directory Domain Controller (AD DC) for the domain “” could not be contacted (Windows Azure)

DNS name does not exist

“The version does not support this version of the file format” in Hyper-V Manager

While building a lab environment in Hyper-V, the following error occurred when I tried to start a VM with a preconfigured VHD from the Microsoft website:

“Win2012-DC1” failed to start.

Microsoft Emulated IDE Controller (Instance ID x) Failed to Power on with Error ‘The version does not support this version of the file format’.

Failed to open attachment …

image thumb “The version does not support this version of the file format” in Hyper V Manager

The solution is easy: make a copy of the VHD file, remove the original VHD from the VM and then attach the copy to the VM.

Offering WIFI profiles as a “GPO preference” in Windows 7

WIFI profiles can be configured very easily by using Group Policies. However, using GPOs to set WIFI settings limits the user in defining his own preference. A setting like “Auto connect to this network when in range” is set by the system administrator and cannot be unset by a user.

image thumb Offering WIFI profiles as a “GPO preference” in Windows 7

To avoid this problem, I was thinking about a “WIFI offering”. A computer should be provisioned by the right WIFI settings to connect to that SSID. However, if a user wants to modify the setting to its own desires, he should be able to to this. In addition, I also wanted to have the WIFI profile recreated in case the user accidentally deleted the profile.

The solution for this scenario is much easier than I thought, but I think it’s still useful to blog :)

1. First, we need to configure the “recommended” WIFI settings on a Windows 7 laptop. You can do this in the Network and Sharing Center. To quickly open the Network and Sharing center, enter the following command in a command prompt:

control.exe /name Microsoft.NetworkAndSharingCenter

2. After having the WIFI connection configured as desired, you should export these settings to an XML-file, using the netsh command. Type the following command in a command prompt:

netsh wlan export profile my-first-wifi folder=c:\

3. The netsh command above has now created a Wireless-Network-Connection-my-first-wifi.xml file in C:\ . Save this file to a network location that is accessible to all domain computers. For example your NETLOGON directory

4. Next, we need to create a batch file with the following commands:

netsh wlan show profiles | find /i "my-first-wifi"
if errorlevel 1 (
netsh wlan add profile filename="\\\netlogon\Wireless-Network-Connection-my-first-wifi.xml" user=all

This command will first check whether “my-first-wifi” exists. If it does exist (“if errorlevel 0”), do nothing. If the WIFI profile “my-first-wifi” does not exist (“if error level 1”), it creates the profile with “netsh wlan add profile …”

5. Now since you have created the BATCH file and have exported the XML file with WIFI settings, the only thing you need to do is run the batch-script at computer startup. I prefer doing this in the Computer Configuration of a Group Policy in “Windows Settings –> Scripts (StartUp/Shutdown)”, but configuring at “Administrative Templates –> System –> Scripts” will do fine too.

And we’re done! Steps above will:

  • supply new domain computers with a pre-configured WIFI profile
  • allow users to modify the profile in their own needs
  • re-create the profile in case a user accidentally deletes the profile
  • allow Service Desk to quickly help a user “repairing the WIFI profile”: simply delete the wireless configuration and restart the computer!