AdminDroid LDAP Explorer

Use Admindroid LDAP Explorer to explore Active Directory (AD).  Free.

https://admindroid.com/admindroid-ldap-explorer

DNS Lockdown on Unifi UDM Pro and AD

Block DNS over HTTPS and force use of UDM-defined DNS server exclusively

Updated 19-Dec-2025.  Version: Unifi OS 4.4.6, Network 10.0.162

Part 1. Unifi Configuration

Step 1: Cybersecure settings

    Cybersecure > Protection

        Encrypted DNS: Predefined

        Select Cloudflare-family and NextDNS

    Cybersecure > Traffic Logging

        Flow Logging: All

        Check Gateway DNS

        Check Unifi Services

    Cybersecure > Content Filter

        Select Default Content Filter

        To the Blocklist, add these domains:

            edge.microsoft.com

            dns.google

            chrome.cloudflare-dns.com

            doh.opendns.com

            cloudflare-dns.com

            mozilla.cloudflare-dns.com

            dns.quad9.net

Step 2: Create List of domains to block

    Settings > Overview > Network Lists

        Name: DoH Bypass IPs

        Add these addresses:

            1.1.1.1

            1.0.0.1

            1.1.1.2

            1.0.0.2

            1.1.1.3

            1.0.0.3

            8.8.8.8

            8.8.4.4

            208.67.222.222

            208.67.220.220

            9.9.9.9

            149.112.112.112

Step 3: Firewall Rules

    Settings > Policy Table

        1. Block QUIC

            Source: Internal/Any

            Action: Block

            Destination: External/Any/Port=HTTPS (443)

            IP Version=Both, Protocol=UDP

        2. Block Port 853 (DNS over TLS)

            Source: Internal/Any

            Action: Block

            Dest: Any

            Port: Specific: DNS-TLS (853)

            IP: Both

            Protocol: All

        3. Block IPv6 Out

            Source: Internal/Any

            Action: Block

            Dest: External/Any

            Port: Any

            IP Version: IPv6

        4. Block Canary Domain

            Source: Internal/Any

            Action: Block

            Dest: Domain

            Domain name: use-application-dns.net

            Port: Any

        5. Block DoH Providers

            Source: Internal/Any

            Action: Block

            Dest: External / IP / List (select list of IPs you created above)

            Port: Any

        6. Allow ICMP Ping (so can still ping 8.8.8.8 for testing)

            Source: Internal/Any

            Action: Allow

            Dest: Any

            IP Version: IPv4

            Protocol: Custom / ICMP / Any

            

Part 2. Group Policy / AD Configuration. Disable DoH in Edge.

Step 1: Login to your DC and quit GPMC

Step 2: Get Edge Admin templates for AD and install on your DC

Go to the Edge for Business Page.

Scroll down to the "Windows 64-bit" download button.

Under that, click on the "Download Windows 64-bit policy"

It is a .cab file. Open it. Inside is a .zip file.  Open that.

Put the .admx files in C:\Windows\PolicyDefinitions.  If you have more than one DC, Google where to put the files so all of your DCs can find them.

Put the .adml files in C:\Windows\PolicyDefinitions\en-US

Step 3: Start GPMC

Create a new policy, named "Block DNS over HTTPS"

Go to Computer config > Policies > Administrative Templates > Microsoft Edge

Control the Mode of DNS-over-HTTPS: Enabled / "Disable DNS-over-HTTPS"

Part 3: Test

Go to https://test.nextdns.io (should not show anything about DoH)

Go to https://1.1.1.1/help (should fail completely)

MSP Open Service Initiative, OpenUEM, and MeshCentral

The Open Service Initiative is all about providing TRULY free, open-source, tools and complete platforms to MSPs. AGPLv3, MIT, and Apache 2 licensed tooling.

https://github.com/Open-Service-Initiative

OpenUEM is an Open-Source Unified Endpoint Manager that is multi-tenant, self-hosted and lets you manage your IT assets thanks to its agents

https://openuem.eu/

The open source, multi-platform, self-hosted, feature packed web site for remote device management. 

https://meshcentral.com/

Penpot open source website prototyping

Penpot is the open source alternative to Figma.  (Figma is a cloud-based design and prototyping tool for websites)

https://github.com/penpot/penpot

Video editing Software

IVS Edit has a free and pro version. The Free version is feature-rich and probably enough for most people.

Powershell

Connect to your 365 instance.

You have to do connect first, always.  Powershell ISE can't be used.  If you try you'll get a "A window handle must be configured" error.  Use regular Powershell.

Here's an example of connecting, then removing a user's auto-reply.

PS C:\> import-module exchangeonlinemanagement

PS C:\> connect-exchangeonline -UserPrincipalName admin@contoso.com

PS C:\>Get-MailboxAutoReplyConfiguration -Identity user@contoso.com

PS C:\> Set-MailboxAutoReplyConfiguration -identity user@contoso.com -AutoReplyState disabled
PS C:\> Set-MailboxAutoReplyConfiguration -identity user@contoso.com -ExternalMessage $null
PS C:\> Set-MailboxAutoReplyConfiguration -identity user@contoso.com -internalMessage $null

 

 

DiskGenius and Hasleo Backup

DiskGenius is an all-in-one utility for disk partition management, OS migration and file recovery.

https://www.diskgenius.com/

Hasleo offers completely free backup and cloning. This free one even does Windows Server, which is rare.

https://www.easyuefi.com/