Microsoft MVP for another year: Thank you!

Just a few hours ago, I got the confirmation that I was awarded the 2019-2020 Microsoft Most Valuable Professional (MVP) award.

It’s a yearly award granted by Microsoft to community leaders and influencers who passionately share their knowledge and drive the MS community.

For some it’s the ultimate goal to get in the MVP program, but as the reward is granted year after year again, based on your impact of last year, it’s never sure you’re in for the next round.
It’s not about the award, but about the drive and mindset to build community. You can’t simply keep up if you don’t have the drive.

But more important, you simply can’t keep up without support.

So I’m proud to receive this award.

And I’m utterly grateful that lots of people around support me in this, very close and very far.

Thank you, my dearest wife and kids to keep me alive.

Thank you, dearest Microsoft TechNet Wiki Geeks (TOO MANY to list here), you keep me going.

Thank you, Ed Price, the greatest Wiki Wizz Kid,

Thank you Tina for supporting the MVP BeNelux and Nordic Community manager.

And many many others, … without you I could not do this!
I dedicate this award to you.

Thank you.

Using SPF to block mail account spoofing


Did you ever got a mail from yourself, but you’re sure you did not send it?

This week I got that mail from a mail alias I’m using, so it’s actually not a native mailbox, but a mail forwarder address, which makes the claim that “the mailbox is hacked” pretty silly…

But if you got this message from a native mailbox, it does sound scary, isn’t it?

I already had some similar symptoms on other mail addresses in the same domain.


You get a mail from your own mail address… which is called mail spoofing.
And it looks like:


Spoofed mail message content


As you may have noticed, I sent you an email from your account.
This means that I have full access to your account.

I’ve been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence.

Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks.
I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this,
transfer the amount of $778 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”).

My bitcoin address (BTC Wallet) is: 1GoWy5yMzh3XXBiYxLU9tKCBMgibpznGio

After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.

Best regards!

Root cause

The DNS setting of your domain is missing SPF records, that counter mail spoofing (an unauthorized mail server, user or hacker sending mail as “you”)…


When looking at the mail properties it’s pretty difficult (if not impossible) to find out who actually has sent the mail….


Basic domain settings

Add an SPF record to your domain DNS settings.

To get started, look up your mail provider or hosting provider’s name + SFP.

FYI, I’m hosting my domains at, they’ve got some straight forward advise to configure the DNS. For any other domain, at any other provider it’s similar.

Office 365

When you buy a domain, but host your mail on O365, there are some additional settings to configure. But Office 365 will explain.

The easy part, logon to your O365 tenant, and check your domain health (see video below)

For more info, check these documents:


SPF tooling

Other security options

See also

Hotmail/ Solving Mass Mailing Delivery Issues

Short URL: Http://

While SPF is the first step, you should also consider DMARC and DKIM.

Latest update: 2020-12-28

Using Powershell to generate eventviewer statistics and event exports

During FIM health checks we need to have a good overview of the event viewer on the FIM Servers.
In almost any case the event viewer is a good measure of the server’s health.

The more red and yellow you see, the more errors and warnings, the more work you’ll have to get your server in a healthy state.

First goal is to have a general temperature of the health.
Second goal is to have the details to fix the issues.

I’ve created a Powershell to analyse the event viewer logs.

Instead of posting the Powershell in this blog, I’ve published it on TechNet Gallery, over here:

There is a companion Wiki article with some guidance and configuration manual.

In short, the Powerscript below is a modular script that offers following functions:

  • display the event log properties
  • analyse number of events per category
  • analyse number of events per severity
  • overview of error events with source, severity and sample message
  • detailed list of last event per eventID

You can configure the script:

  • choice of event logs
  • history length (period of events to report on)
  • enable/disable logging
  • enable/disable result export to file


Before you start

  • validate your script execution policy
  • copy the script to a separate folder where you can execute the script
  • validate the script parameters

Script configuration parameters

  • $enableLogging
    • $TRUE = create a transcript of the script during run (does not work in ISE)
    • $FALSE = do not create a verbose log
  • $ExportEnabled
    • $FALSE = do not export the result to file
    • $TRUE = export the results, statistics and event details to file
  • $EventLogList
    • Default: ‘System’,’Application’,’Setup’,’Forefront Identity Manager’,’Forefront Identity Manager Management Agent’
  • $startdate
    • Defines from which point in time the event logs must be analysed
    • HINT: on a system with a large size of event logs, it’s advised to limit the history to x days or x weeks. A large volume event log will impact the usage of script memory.

I’m more than happy if you would test the script and provide me feedback to improve the script.


TechNet Wiki Summit – Calling IT Professionals | Register Now! #TNWIKISummit15


The International TechNet Wiki Summit 2015 aka TNWiki Summit15 will be a landmark in the TechNet Wiki history!

This Summit edition will be a unique conference to be held by Community members, based only on TechNet Wiki articles created to share problems and solutions, providing the opportunity to acquire knowledge and strengthen contacts between IT Professionals and Developers, to improve their professional growth.

Let’s thank what has been accomplished on TechNet Wiki and encourage Attendees to share ideas and knowledge about different articles.

Note-to-self: Internet, privacy and copyright (blogs, #TNWIKI, …)

While working on TechNet Wiki Governance, I stumbled into some useful links.

Saving it to my external memory for quick reference:

How to Use PowerShell to create a TN Wiki catalog page

While the Microsoft Technet Forums have become the base for a very vibrant community, it’s not really THE platform to build, share and maintain documentation.

The Technet Wiki fans know that the TNWiki is a very interesting platform that perfectly complements the Technet Forums for that purpose.

Most of the people publishing on the Technet Wiki like to get an overview of their articles, once in a while.
Although the Wiki offers nice features, it’s very hard to get a concise, quick overview of your articles.

One of the tricks to achieve this, is using a personal tag. (eg. pgtag 😉
But as you can see, its not a condensed view.

Therefore I created a powershell script that does it for you.

Just take a look at this page: How to Use PowerShell to create a Wiki catalog page (feel free to copy the code and use offline for customization)

Another example (pure results of the script) is the list below:

Current ADFS Resources (Peter Geelen, 17 feb 2011)
Current Certificate Lifecycle Manager Resources (Peter Geelen, 24 sep 2010)
Current Identity Lifecycle Manager resources (Peter Geelen, 5 apr 2010)
FIM 2010 Software Solutions from Partners (Peter Geelen, 31 okt 2010)
FIM 2010 Wiki Articles (Peter Geelen, 5 jul 2011)
Forefront Identity Manager (FIM) 2010 Webcasts and Videos (Peter Geelen, 19 jul 2010)
Forefront Identity Manager Resources (Peter Geelen, 15 mrt 2010)
Get Help with ILM and FIM (Peter Geelen, 24 nov 2010)
How to Automate FIM 2010 Sync Engine Run Profile Execution (Peter Geelen, 7 dec 2010)
How to Automatically Add a Table of Contents (TOC) to Your Wiki Article (Peter Geelen, 30 mei 2011)
How to Extend the GALSync to Provision Target Objects in Sub OUs Using a Configuration File (Peter Geelen, 7 nov 2010)
How to License FIM 2010 (Peter Geelen, 17 mrt 2011)
How to Post an ILM Experts Corner Article Announcement (Peter Geelen, 28 nov 2010)
How to Set Trace for ERPMA (Peter Geelen, 9 mrt 2010)
How to Solve SQL MA Schema Update Error: ‘Attribute ‘<deleted attribute>’ could not be located in the schema’ (Peter Geelen, 22 jun 2010)
How to Use PowerShell to create a Wiki catalog page (Peter Geelen, 19 sep 2011)
ILM : How to Get Attribute Data from a Referenced Object (Peter Geelen, 7 jun 2010)
ILM 2007 FP1 / FIM 2010 Synchronization Glossary (Peter Geelen, 11 jul 2010)
ILM ERPMA with SAPRouter (Peter Geelen, 9 mrt 2010)
ILM/FIM Forum Playbook (Peter Geelen, 21 feb 2011)
ILM/FIM Run Profile Definitions (Peter Geelen, 6 jul 2010)
Troubleshooting ILM Group Populator Language Dependencies (Peter Geelen, 9 jun 2010)
Troubleshooting ILM/FIM Extensions (Peter Geelen, 24 nov 2010)
Troubleshooting ILM/MIIS with SAP Load Balancing Connection String (Peter Geelen, 9 mrt 2010)
Troubleshooting PCNS (Peter Geelen, 13 okt 2010)