When administering a Windows Print Server you might encounter the Account Unknown(S-1-15-3-1024-4044835139-2658482041-3127973164-329287231-3865880861-1938685643-461067658-1087000422) followed by a very long SID. If you are used to administering an Active Directory or a File System you know that some permissions were set and the object was deleted afterward. So, naturally, you clicked the Remove button and Apply like you are used to doing.
A few days pass, and you feel like you made a mistake, but don’t know why. After some thought, you remember that unknown account you deleted a few weeks back: the great and beautiful S-1-15-3-1024-4044835139-2658482041-3127973164-329287231-3865880861-1938685643-461067658-1087000422. Naturaly, your first thought is to add it back. Nope, it doesn’t translate…
After some hair loss and nights without sleep, you decide to use ProcessMonitor. You analyze what happens when you click the Apply button and notice a strange addition to the registry: HKLM\System\CurrentControlSet\Control\Print\ServerSecurityDescriptor
Now you sense that you are onto something and decide TO PRUNE THE FUCKING REGISTRY DATA LIKE YOU ARE THE TVA Remove-ItemProperty -Path HKLM:\System\CurrentControlSet\Control\Print -Name "ServerSecurityDescriptor" One more step, restart the Spooler: Restart-Service Spooler
Guess who is back in the Print Server Properties?
For those who read until here, that SID is a capability SID used by Universal Windows Platform (UWP) apps like Windows Photos. Don’t delete it again.
Please note that you might have some recently created printers that don’t have the SID since you created them after the SID’s deletion. You need to copy SDDL Permissions from a printer with the SID to the ones without it and adjust ACL accordingly: $perm = (Get-Printer "Source Printer" -Full).PermissionSDDL Set-Printer -Name "Destination Printer" -PermissionSDDL $perm
On your server, open a PowerShell with local admin privileges
Type the following command that is generic to all Windows Server versions: Add-PrinterDriver -Name "Microsoft IPP Class Driver"
If it doesn’t work, you can specify the INF file:
Windows Server 2025 Add-PrinterDriver -Name "Microsoft IPP Class Driver" -InfPath "C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_17bb82cc430e1f2e\prnms012.inf"
Windows Server 2022 Add-PrinterDriver -Name "Microsoft IPP Class Driver" -InfPath "C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_e8c8857a2e83a9d9\prnms012.inf"
Windows Server 2019 Add-PrinterDriver -Name "Microsoft IPP Class Driver" -InfPath "C:\Windows\System32\DriverStore\FileRepository\prnms012.inf_amd64_acb6d904135c6a14\prnms012.inf"
If you are reading this, you probably have the same issue as I had.
In my Microsoft Outlook I can go to my calendar and create a New Skype Meeting (via the Skype for Business COM Add-in button) and all the Skype information add themselves to my appointment.
Unfortunately that’s not working for my team’ shared mailbox calendar. Here is the error I get: You cannot schedule the Skype Meeting because you are not UC enabled or there may be configuration issues with your account. Make sure you are signed in to the same account you use for Microsoft Outlook. If the problem continues, please contact your support team.
First thing I did was to google it… not really useful this time (that’s why I’m writing this article, hoping it will help someone).
After some investigation my team and I reduce the scope of possible culprit to something going on in the registry of the current user. And then we found this registry path:
Again I turn to Google for help and not a single result about this X500ToSmtpMap thingy!
I looked at existing parameters and was able to understand from where the value were coming from. Spoiler alert: they all come from the Active Directory. Some from the current user account and some from the shared mailbox user account. Here is the structure where user represent my AD user and sharedmailbox represent my shared mailbox AD user. Key Name sharedmailbox.LegacyExchangeDN + 1 underscore + sharedmailbox.mail (replace the dots by underscores in the email address) Key Value user.mail + semicolon + user.msRTCSIP-PrimaryUserAddress
I manually added a new REG_SZ (that’s a String Value…) that follow that logic. Here is an example :
Key Type = REG_SZ (String Value)
Key Name = "/o=MyOrg/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=<SomeHash>-Support Team_support@root_sx"
Key Value = "support@root.sx;support@sip.root.sx"
Then try to create a New Skype Meeting in the shared mailbox calendar (no need to restart Outlook). Problem solved!
To make it easier to generate this registry value I scripted a PowerShell script that will create a .reg file that you just have to apply on your computer.
<#
.SYNOPSIS
Makes the New Skype Meeting button to work in Microsoft Outlook 2016 or newer calendar.
.DESCRIPTION
This script generate a .reg file containing the mapping settings in order to make Skype Meeting working in Outlook.
You must have the Skype for Business Add-in installed for Outlook.
It works for Shared Mailbox that are added as Account (not in the Advanced tab > Mailboxes > Open these additional mailboxes.)
.PARAMETER UsernameEmail
The AD User Email Address. Not case sensitive.
.PARAMETER SharedMailboxEmail
The AD Shared Mailbox User Email Address. Not case sensitive.
.EXAMPLE
The example below will generate a .reg file to add to you registry and will make the New Skype Meeting button works for a Shared Mailbox.
PS C:\> .\SkypeMeetingForSharedMailbox.ps1 -UsernameEmail user1@root.sx -SharedMailboxEmail support@root.sx
.EXAMPLE
The example below will generate a .reg file to add to you registry and will make the New Skype Meeting button works for the User's Mailbox.
PS C:\> .\SkypeMeetingForSharedMailbox.ps1 -UsernameEmail user1@root.sx -SharedMailboxEmail user1@root.sx
.NOTES
Author: root.sx
Last Edit: 2023-06-09
#>
Param(
[Parameter(Mandatory=$true)]
[string]
$UsernameEmail,
[Parameter(Mandatory=$true)]
[string]
$SharedMailboxEmail
)
Import-Module ActiveDirectory
$UsernameAD = Get-ADUser -Filter {Emailaddress -eq $UsernameEmail} -Properties mail,msRTCSIP-PrimaryUserAddress
$SharedMailboxAD = Get-ADUser -Filter {Emailaddress -eq $SharedMailboxEmail} -Properties mail,legacyExchangeDN
if ( ([bool]$SharedMailboxAD) -And ([bool]$UsernameAD) )
{
"Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Lync\AddinPreference\X500ToSmtpMap]" > SkypeMeetingForSharedMailbox.reg
$UsernameAD | % { '"'+$SharedMailboxAD.legacyExchangeDN+'_'+($SharedMailboxAD.mail).replace(".","_")+'"="'+$_.mail+';'+($_.'msRTCSIP-PrimaryUserAddress' -Split ':')[1]+'"' } >> SkypeMeetingForSharedMailbox.reg
Write-Host -ForegroundColor green "SUCCESS: Registry file generated : $(Get-Location)\SkypeMeetingForSharedMailbox.reg"
} else
{
Write-Error "ERROR: Username or Shared Mailbox email address not found"
Exit 1
}
Nous utilisons des cookies pour vous garantir la meilleure expérience sur notre site. Si vous continuez à utiliser ce dernier, nous considérerons que vous acceptez l'utilisation des cookies.
