by David | Jun 3, 2026 | Exchange, Information Technology
Reading Time: 8 minutes
If you are new to Microsoft 365 administration, simple room resources are one of the first things people will ask you to fix. Someone double-booked the big conference room. A meeting got auto-declined for no clear reason. The room shows up in Outlook but nobody can actually book it. All of these come down to one object type: the room mailbox.
A room mailbox is a special kind of resource mailbox in Exchange Online. It has a calendar, it has an email address, and it can accept or decline meeting invites on its own. When you book a room in Outlook, you are really sending a meeting request to that mailbox, and the mailbox decides what to do with it.
This post covers how to create and manage simple room resources two ways: through the Exchange admin center, and through PowerShell. The GUI is fine for getting started. PowerShell is where you get the permission controls that actually solve the messy problems.
What a simple room resource actually is
Strip away the marketing and a room mailbox is three things working together:
- A mailbox object with its own SMTP address, so it can receive booking requests.
- A calendar that holds the bookings.
- A set of booking rules, called calendar processing, that decide how the mailbox responds to requests.
There is a sibling object called an equipment mailbox. It works the same way but is meant for things that are not tied to a location, like a projector, a loaner laptop, or a company vehicle. Everything below applies to both. The only real difference is the resource type you pick when you create it.
One rule to memorize early: never make a room mailbox the organizer of a meeting. A room is something you invite, not something that runs the meeting. Add it to the location or attendee field of the invite and let it respond.
Creating simple room resources in the Exchange admin center
The Exchange admin center, or EAC, is the web console for Exchange Online. You get to it at admin.exchange.microsoft.com, or through the main Microsoft 365 admin center by going to Show all > Exchange. You need to be a Global Administrator or have the Exchange recipient management role to do any of this.
Create a room mailbox
In the EAC, go to Recipients > Resources. This page lists every room and equipment mailbox in the tenant.
Click Add a resource. A panel opens on the right and walks you through four steps:
- Resource setup. Choose Room or Equipment. For a conference room, pick Room.
- General information. Give it a display name, set the email alias, and add the capacity. Capacity matters more than it looks. Outlook’s Room Finder uses it to filter rooms by how many people you are inviting.
- Booking options. This is where you decide whether the room accepts meetings automatically, whether it allows conflicting bookings, and how far out people can book it.
- Review resource. Confirm the settings and click Create.
Give Exchange a few minutes after you create it. The mailbox and its calendar do not always appear instantly.
Edit booking behavior
Back on the Recipients > Resources page, click the room you just made. A details pane opens. The settings you care about live in two spots:
- Under General, you can edit the resource details, capacity, and contact information for the room.
- Under Booking, click Manage booking settings. This is the heart of room behavior.
Inside booking settings you can control:
- Whether to auto-accept meeting requests or send them to a delegate for approval.
- Whether to allow conflicting meetings (almost always leave this off for a real room).
- The booking window, which is how many days in advance someone can reserve the room.
- The maximum duration for a single booking.
- Whether to allow recurring meetings.
Set delegates in the GUI
If you want a person to approve every booking, look for the delegate option inside booking settings. Add the user there, and the room switches from auto-accept to manual approval. Every request will sit in a pending state until that delegate says yes.
That covers the everyday work. The GUI is clean and fast for one room at a time. The trouble starts when you need rules that are more specific than “auto-accept or ask a delegate.” That is where you open PowerShell.
Managing simple room resources with PowerShell
The GUI gives you the common switches. PowerShell gives you all of them, plus the ability to do the same thing to fifty rooms in one command. For permissions especially, PowerShell exposes controls the web console simply does not show you.
Connect to Exchange Online PowerShell
You only need to install the module once.
Install-Module ExchangeOnlineManagement -Scope CurrentUser
Then connect each session:
Connect-ExchangeOnline -UserPrincipalName admin@contoso.com
A browser window opens for sign-in, including multifactor auth if you have it on, which you should. When you are done, run Disconnect-ExchangeOnline to close the session cleanly.
Create a room mailbox
New-Mailbox -Name "Conf Room - Building A" -Room
You can set the capacity and other properties right after with Set-Mailbox:
Set-Mailbox -Identity "Conf Room - Building A" -ResourceCapacity 12
Room lists are PowerShell only
Here is a detail that catches new admins off guard. A room list is a special distribution group that powers the Room Finder in Outlook. It lets users browse rooms by building. You cannot create a room list in the GUI. You have to use PowerShell.
New-DistributionGroup -Name "Building A Rooms" -RoomList
Add-DistributionGroupMember -Identity "Building A Rooms" -Member "Conf Room - Building A"
If your simple room resources are not showing up grouped by building in Room Finder, a missing room list is usually why.
Calendar processing is where the real control lives
Every booking decision a room makes comes from its calendar processing settings. You read them with Get-CalendarProcessing and change them with Set-CalendarProcessing. Run the Get command first so you can see the current state before you change anything.
Get-CalendarProcessing -Identity "Conf Room - Building A" | Format-List
A solid baseline for a normal conference room looks like this:
Set-CalendarProcessing -Identity "Conf Room - Building A" `
-AutomateProcessing AutoAccept `
-AllowConflicts $false `
-BookingWindowInDays 180 `
-MaximumDurationInMinutes 480 `
-AllowRecurringMeetings $true
A few of these are worth explaining.
- AutomateProcessing has three values.
AutoAccept books and declines on its own. AutoUpdate adds tentative holds but does not commit. None turns the automation off entirely.
- AllowConflicts does what it says. For a physical room, keep it
$false so two teams cannot claim the same space.
- BookingWindowInDays stops someone from blocking the room a year out.
Make the meeting details readable
By default, a room strips the subject line off accepted meetings and replaces it with the organizer’s name. So the calendar fills up with entries that just say “Booked” or a person’s name, and nobody can tell what is happening in the room. These settings fix that:
Set-CalendarProcessing -Identity "Conf Room - Building A" `
-DeleteSubject $false `
-AddOrganizerToSubject $false `
-DeleteComments $false `
-RemovePrivateProperty $false
DeleteSubject $false keeps the real meeting title. DeleteComments $false keeps the body of the invite. Run these on a shared room and the calendar suddenly becomes useful to look at.
Advanced permission control through PowerShell
This is the part that makes PowerShell worth learning. The GUI gives you “auto-accept” or “send to a delegate.” PowerShell lets you decide who can book the room, who needs approval, and who can see what on the calendar. There are three layers, and they do different jobs.
Layer one: who can book without approval
These settings answer the question “can this person book the room directly, or does it need a sign-off?”
- BookInPolicy is a list of users or groups whose in-policy requests get accepted automatically.
- AllBookInPolicy set to
$true lets everyone book directly as long as the request follows the rules.
- RequestInPolicy sends in-policy requests to a delegate for approval instead of auto-accepting.
- RequestOutOfPolicy lets specific people submit requests that break the rules (too long, too far out) and have a delegate decide.
A common real-world setup: the whole company can book the room normally, but only the leadership group can book it for longer than the usual limit or outside the normal window.
Set-CalendarProcessing -Identity "Conf Room - Building A" `
-AllBookInPolicy $true `
-RequestOutOfPolicy "Leadership Team" `
-AllRequestOutOfPolicy $false
The GUI cannot express that. PowerShell does it in one command.
Layer two: delegates who approve bookings
When you want a person to approve requests, set them as a resource delegate:
Set-CalendarProcessing -Identity "Conf Room - Building A" `
-ResourceDelegates "assistant@contoso.com" `
-AutomateProcessing AutoUpdate
Set AutomateProcessing to AutoUpdate here. If you leave it on AutoAccept, the room books everything on its own and the delegate never gets a say. The delegate then receives the pending requests and approves or rejects each one from their own Outlook.
You can list more than one delegate. Keep in mind that delegates approve, they do not own the calendar.
Layer three: who can see and edit the calendar
This is a different kind of permission, and it confuses people because it does not live in calendar processing at all. It lives on the calendar folder itself, and you manage it with the mailbox folder permission commands.
Use this when an executive assistant needs to actually open the room calendar, move meetings around, or see full meeting details instead of just free or busy time.
Add-MailboxFolderPermission -Identity "Conf Room - Building A:\Calendar" `
-User "assistant@contoso.com" `
-AccessRights Editor
To change an existing permission, use Set-MailboxFolderPermission. To remove one, use Remove-MailboxFolderPermission. The access levels run from least to most access:
- AvailabilityOnly shows free or busy time and nothing else.
- LimitedDetails adds the subject and location.
- Reviewer lets the person read full meeting details.
- Editor lets them read, create, and change items on the calendar.
For most people, Reviewer is enough. Hand out Editor only to the person who genuinely needs to rearrange the room’s schedule.
A note on Full Access
You can grant Full Access to a room mailbox with Add-MailboxPermission, but think twice before you do. Full Access means the user can open the entire mailbox, not just the calendar. For room management, a calendar folder permission is almost always the right and safer choice. Give people the least access that solves the problem.
Putting your simple room resources together
A clean setup usually follows the same path. Create the mailbox, set its capacity, drop it into a room list so Room Finder works, set sensible calendar processing so it books well and keeps readable subject lines, then layer on permissions only where a real person needs them.
Start in the GUI while you are learning the objects. Move to PowerShell the moment you need more than one room handled the same way, or any permission setup more specific than auto-accept. The web console is the front door. PowerShell is the whole house.
What we can learn as a person
There is something worth sitting with here, past the cmdlets and the click paths.
A room mailbox works because it has limits. It knows its capacity. It only takes so many bookings, only so far out, only for so long. When a request breaks the rules, it does not feel bad about it. It declines, or it hands the decision to someone else and moves on.
We are worse at this than a conference room.
Most of us run with auto-accept turned on for everything. Every request, every favor, every late “quick thing” gets booked straight into the calendar, conflicts and all. We say yes past our own capacity, then wonder why we feel scraped out by the middle of the week.
You are allowed to set a booking window, have a maximum duration, and decline a request that falls out of policy, and you do not owe anyone a long apology for it.
You are also allowed delegates. The reason we hand approval to someone else is that one person was never meant to carry every decision. Asking for help is not the system failing. It is the system working the way it was built to.
So take some of the load off your shoulders. Figure out what you can actually hold, set the rules that protect it, and let the rest go to someone who has room. The person who guards their capacity is still standing next year. The one who accepts every booking burns out by Thursday.
The room does not run the meeting. It was never supposed to. Neither are you.
FAQ
What is the difference between a room mailbox and a regular shared mailbox?
A room mailbox is built to accept and decline meeting invites through calendar processing rules. A shared mailbox is built for people to read and send mail together. They are different recipient types, and you should not try to use one as the other.
Why does my room calendar only show “Booked” instead of the meeting name?
By default the room deletes the subject and adds the organizer’s name instead. Set DeleteSubject $false and AddOrganizerToSubject $false with Set-CalendarProcessing to keep the real titles.
Why can people see the room in Outlook but not book it?
Check the calendar processing. If AutomateProcessing is set to None, the room will not respond to requests. Also confirm AllBookInPolicy or BookInPolicy actually includes the people trying to book.
Can I create a room list in the Exchange admin center?
No. Room lists exist only in PowerShell. Use New-DistributionGroup with the -RoomList switch, then add your rooms with Add-DistributionGroupMember.
Should I give someone Full Access to manage simple room resources?
Usually not. Use Add-MailboxFolderPermission on the calendar folder with Reviewer or Editor rights instead. Full Access opens the whole mailbox, which is more than calendar management needs.
by David | May 16, 2026 | Uncategorized
Reading Time: 5 minutes
Every AD environment I’ve inherited has had the same problem. Hundreds of GPOs, half of them doing nothing, and nobody willing to delete any of them because nobody knows which ones are actually in use. So they sit there. They slow down gpresult, or They confuse the next admin. They make troubleshooting a mess because you can’t tell at a glance which policies matter.
I’ve stopped trying to clean these up by hand. PowerShell handles it in about thirty seconds, and the safest first move isn’t deletion. It’s renaming. I prefix anything suspect with Review - and let the rename sit for a quarter. If nothing screams, then I delete.
Here’s how I do it.
What counts as a candidate
Two categories I go after first.
Empty GPOs. No user settings, no computer settings. Someone created them, never configured them, and walked away. These are pure noise.
Unlinked GPOs. They have settings, but they aren’t linked to any OU, site, or domain. They don’t apply to anything. Sometimes these were intentionally unlinked during an incident and never cleaned up. Sometimes they were duplicates created during a migration. Either way, if nothing is linked to them, they aren’t doing work.
I do not lump these together in the rename. I want to know which is which when I review later.
What you need
The GroupPolicy module, which ships with RSAT. Run from a domain-joined machine with rights to read and modify GPOs. I usually do this from a jump box rather than a DC, but either works.
Import-Module GroupPolicy
If that fails, install RSAT first. On Windows 11 it’s under Optional Features, RSAT: Group Policy Management Tools.
Finding empty GPOs
The trick here is that Get-GPO doesn’t tell you whether a GPO has settings. You have to look at the XML report and check the user and computer extension data. If both are empty, the GPO has no settings.
$emptyGPOs = @()
Get-GPO -All | ForEach-Object {
[xml]$report = Get-GPOReport -Guid $_.Id -ReportType Xml
$userConfigured = $report.GPO.User.ExtensionData
$computerConfigured = $report.GPO.Computer.ExtensionData
if (-not $userConfigured -and -not $computerConfigured) {
$emptyGPOs += $_
}
}
$emptyGPOs | Select-Object DisplayName, Id, CreationTime, ModificationTime
The ExtensionData node only exists when something is actually configured under that side of the policy. If both come back null, the GPO is empty.
Run it once and review the list before you do anything else. I always find at least one GPO in the list that I created myself months ago and forgot about, which is humbling.
Finding unlinked GPOs
Same approach, different XML node. The LinksTo property tells you where a GPO is linked. If it’s null, nothing points at the GPO.
$unlinkedGPOs = @()
Get-GPO -All | ForEach-Object {
[xml]$report = Get-GPOReport -Guid $_.Id -ReportType Xml
if (-not $report.GPO.LinksTo) {
$unlinkedGPOs += $_
}
}
$unlinkedGPOs | Select-Object DisplayName, Id, CreationTime, ModificationTime
One thing to watch for. A GPO can be linked but disabled at the link level. That’s a different state, and I don’t treat those as unlinked. They were intentionally turned off, usually for a reason. If you want to catch those too, the XML has an Enabled attribute on each LinksTo entry. But for a first pass, I leave them alone.
Renaming, not deleting
This is the part that matters. Don’t delete.
I learned this the hard way years ago. Deleted what I thought was a dead GPO, found out two weeks later it was applying a registry setting to a single workstation that nobody had documented, and spent an afternoon rebuilding it from a backup. Now I rename and wait.
The rename is one line per GPO:
foreach ($gpo in $emptyGPOs) {
$newName = "Review - $($gpo.DisplayName)"
Set-GPO -Guid $gpo.Id -DisplayName $newName
Write-Host "Renamed: $($gpo.DisplayName) -> $newName"
}
foreach ($gpo in $unlinkedGPOs) {
$newName = "Review - $($gpo.DisplayName)"
Set-GPO -Guid $gpo.Id -DisplayName $newName
Write-Host "Renamed: $($gpo.DisplayName) -> $newName"
}
A few notes on the rename itself.
I use Review - with a space, hyphen, space because it sorts cleanly in GPMC. Everything you flag bunches together at the top of the list, which makes it obvious at a glance what’s pending review.
I don’t add a date or my initials in the rename. The GPO already tracks modification time, and you can see who last touched it in the change history. Adding metadata to the display name just makes it harder to read.
If a GPO is both empty and unlinked, my script renames it twice and you end up with Review - Review - GPO Name. Worth deduplicating before the loop if you care:
$candidates = ($emptyGPOs + $unlinkedGPOs) | Sort-Object Id -Unique
Back up before you rename
This should be obvious but I’ll say it anyway. Back up every GPO you’re about to rename. The rename itself is reversible, but if you’re going to come back later and delete, you want the backups ready.
$backupPath = "C:\GPOBackups\$(Get-Date -Format 'yyyy-MM-dd')"
New-Item -Path $backupPath -ItemType Directory -Force | Out-Null
foreach ($gpo in $candidates) {
Backup-GPO -Guid $gpo.Id -Path $backupPath | Out-Null
}
Each backup gets its own folder under the dated parent, and Restore-GPO can pull any of them back if you need to.
The review window
After the rename, I leave it alone for about 90 days. Long enough to catch monthly and quarterly processes. If something breaks because a renamed GPO was actually doing work, I’ll hear about it, and the GPO is still there with its settings intact.
At the 90-day mark, I pull the list of Review - GPOs:
Get-GPO -All | Where-Object { $_.DisplayName -like "Review - *" }
Anything still on that list with no complaints attached gets backed up one more time and deleted. Anything that did get flagged during the window gets renamed back to its original name (or a better one) and properly documented this time.
Why this works
The rename approach gives you a passive audit. You aren’t asking anyone to confirm whether a GPO is in use, because nobody will know, and the people who do know are usually gone. You’re letting the environment tell you. If nothing breaks for a quarter, the GPO wasn’t doing anything that mattered.
It also makes the cleanup defensible. When someone asks why you deleted a GPO six months later, you can point to the rename date, the review window, and the backup. That’s a much better conversation than I thought it was dead.
I run this whole workflow about once a year on environments I own. The first run usually catches 20 to 40 dead GPOs in a medium-sized environment. After that it’s smaller, but it’s never zero. Stuff accumulates.
Tying it back
In my last post I wrote about working inside the structure the company gives you instead of fighting it. This is what that looks like at the keyboard. I’m not pitching a new product to solve GPO sprawl, or asking for budget. I am not building a case for a third-party tool that does the same thing in a prettier UI. I’m using PowerShell, which is already on the box, against AD, which is already running, with a workflow that’s reversible at every step.
That’s most of the job, honestly. The improvements that actually stick come from understanding what you already own and making it work better. Renaming a dead GPO doesn’t make for a great war story, and you won’t get a Slack shoutout for it. But the next admin who inherits this environment will be able to read the GPMC console without squinting, and that’s worth more than most of the bigger projects I’ve been asked to pitch.
Work inside the structure. Use the tools you have. Document what you changed. The rest takes care of itself.
by David | May 16, 2026 | Blog, Information Technology
Reading Time: 5 minutes
Working Within the System: Notes from a Sysadmin
I’ve been doing this work long enough to watch the same pattern play out over and over. An admin gets handed a problem, sees a cleaner way to solve it, and instead of working the problem inside the structure they were hired into, they go around it. Sometimes that means downloading a tool the company hasn’t vetted, or it means buying a license on a personal card and expensing it later. Sometimes, in the worst cases I’ve seen, it means using the helpdesk team as leverage against management or escalating to outside lawyers to force a policy change.
I want to talk about why that approach is wrong most of the time, when it might be right, and what working inside the system actually looks like day to day.
The job, as I understand it
Our role as system admins is to support the company and grow it. That’s the whole thing. We aren’t here to force the company to our will. We’re here to make the tools work, keep the lights on, and give end users a stable place to do their jobs. When we forget that, the work goes sideways fast.
I see new admins get this backward all the time. They come in with strong opinions about how things should be configured, what the right MDM is, which ticketing system is correct, and they start treating disagreement with management as a problem to route around. It isn’t. Disagreement is normal. The question is what you do with it.
Making changes inside the structure
Most of the meaningful improvements I’ve made for end users happened inside Intune, inside Group Policy, inside the existing licensing. Not by bringing in something new.
Example. A few months back the helpdesk was drowning in BitLocker recovery tickets because users were getting prompted after firmware updates and nobody had documented the recovery key location for them. I didn’t need a new tool. I needed an Intune configuration profile that pinned the recovery key to a self-service portal the user already had access to, and a one-page doc the helpdesk could send. Ticket volume on that issue dropped by about 80% in two weeks. Management was happy. The helpdesk was happy. I didn’t have to fight anyone.
Another one. Printer deployment was a mess. Users were calling in to get drivers installed every time they moved desks. Instead of pitching a third-party print management product (which is what the previous admin had been pushing for, unsuccessfully, for a year), I built out Universal Print through the existing M365 licensing the company already paid for. It wasn’t perfect. It had some quirks. But it was inside what we already owned, so the approval conversation was short.
The pattern is the same in both cases. Find the pain point. Look at what you already have. Configure your way out of the problem before you try to buy your way out. When you do have to buy something, you’ve already shown management you exhaust the existing options first, which makes the next ask credible.
When management gives you a bad instruction
This is the part most admins get wrong, and I’ve gotten it wrong myself more than once.
Sometimes you get an instruction that’s going to cause harm. Maybe it’s a policy that’s going to flood the helpdesk with tickets they can’t resolve, or it’s a security setting that’s going to lock out a department that needs the access. Maybe it’s a rollout timeline that’s not survivable.
The wrong move is to weaponize the helpdesk. I’ve seen admins quietly tell their team to “just follow the policy and let the tickets pile up so management sees the impact.” That’s using your own people as pawns. They get the angry phone calls, they take the heat, and you get to say I told you so at the next staff meeting. It’s cowardly and it damages the team’s trust in you, which you can’t easily get back.
The right move, in my experience, is to push back through the channels the company gives you.
- Bring it to management directly, in writing if you can. Lay out the technical reasoning, the expected impact on the helpdesk, and what you’d recommend instead.
- If management chooses to continue, ask whether you can take it up the line. Most companies have an escalation path, even if it’s informal. Use it.
- If the company doesn’t allow further escalation, or the answer comes back the same, then you implement the instruction.
That last step is the one people choke on. But here’s the thing. If you’ve done steps 1 and 2 honestly, and management has made the call with full information, your job is to execute. You don’t get to overrule the company because you think you know better. That’s not what the role is.
Minimize harm, plan for the recovery
If you do end up implementing something you flagged as harmful, that doesn’t mean you implement it dumbly. You minimize the blast radius, phase the rollout and pre-stage your rollback. You write the helpdesk a runbook before the tickets start coming in, not after.
And you have a backup plan ready for when the issue surfaces. Because it will. And when it does, the person who said here’s what we tried, here’s what happened, here’s how we fix it now is in a very different position than the person who said I told you so. The first one gets trusted with bigger problems. The second one gets quietly worked around.
I’m not saying document everything to cover yourself, exactly. I mean, do that too. But the real reason to document the pushback and the plan is so that when the company is ready to course-correct, you’re the one ready to drive it.
The line
There’s a line, and I want to be clear about where I think it sits.
If you’re being asked to do something illegal, something that violates compliance in a way that puts the company or its customers at real risk, something that’s clearly unethical, you don’t quietly implement it and plan the recovery. You refuse, you document the refusal, and you escalate to legal, compliance, or HR. If those paths don’t exist or are compromised, then yes, external options become real. Whistleblowing exists for a reason. So do regulatory bodies.
But that’s the extreme case. I’ve seen admins reach for outside legal action because management wouldn’t approve a tool they wanted, or because a coworker got a promotion they thought they deserved. That isn’t the line. That’s using legal leverage as a weapon to force the company to do what you want, which is the same failure mode as using the helpdesk as pawns, just with bigger stakes.
The line isn’t I disagree with this decision. The line is this decision causes harm that the company itself, fully informed, would not sanction. Those are very different bars.
What bad actors look like
I want to flag this because I’ve watched it happen. There are people in this field who enjoy the leverage the role gives them, and they look for engineers they can use to do harm to a company they’re frustrated with. They’ll frame sabotage as principled resistance. They’ll talk about “making management feel it” or “letting things break so they learn.” Finally, they will pitch you on going around the structure because the structure isn’t fair.
Some of that frustration is legitimate. Companies do treat IT badly sometimes. Management does make decisions without input that should have been gathered. None of that justifies using your access to cause harm, and none of it justifies pulling your team into a fight they didn’t sign up for.
If someone is pushing you in that direction, they aren’t an ally. They’re a liability, and probably a future legal problem.
The boring conclusion
Most of the time, the job is patient. You configure what you can configure. Ask for what you need to ask for. You document the things you disagreed with so they’re available later when the conversation comes back around. You support the company you work for, even on days when you’d rather not.
It isn’t dramatic. It doesn’t make for good war stories. But over a career, the admins I’ve watched do this consistently are the ones who end up with the authority to actually change things. The ones who tried to force it usually ended up somewhere else, telling a different story about why their last company didn’t appreciate them.
by David | Apr 16, 2026 | Information Technology
Reading Time: 5 minutes
Over the past 5 years, I have heard the conversation of how do we move our AD to the cloud. Oh the cloud, loud, mild, my child, it’s not as easy as you think. There are things in older environments that can tur some people’s feathers if it ever glitch or goes down. I once saw a IIS app stop working with ldap, the app was a proxy for the ceo to look at adult materials while at work…. he wasn’t happy when it said, “Username and password are incorrect.” I wrote about ADDS a while back, and it led to questions finally. How do I know what touches LDAP?
LDAP What is it?
First for the young kids in the room, talking to you Justin. LDAP is a lightweight directory access protocol. It’s an open vendor-neutral protocol designed to access and manage directory information. (Wow, that sounded professional). Basically, it lets you query and interact with things like AD. I have mainly used LDAP for VPN access. Meraki loves LDAP and its group policy-based VPN stuff.
So how does it work?
This is the normal 4-step LDAP process:
- Session Connection – Knocks on the door.
- Request – Asks for Justin’s distinguished name. We will call him Pastor Justin.
- Response – LDAP says, yeppers, we have him.
- Completion – The connection is made.
LDAP can do a lot more than just do connection requests. It can add, delete, search, compare, modify, etc. It’s most commonly used for searching. Things like VPNs really love LDAP.
LDAP lives on port 389. So, if you monitor that port, you should get some good traffic.
LDAPS!
LDAP with an s just means secure ldap. It uses ssl or tls to enrypt the data. It lives on port 363. LDAPS can be a challenge to setup with older tech. For example, as400….. That is some old green screen tech there. So, a lot of manufacturing doesn’t use ldaps. It also requires a directory server to establish trust. A lot of smaller companies just don’t have the resources for this. Finally, the over head of traffic on the network. In our area, most companies are ran by a Sir Justin and they just don’t want to dig into it.
HOWEVER, if you can, you should, if you are going to be continuing the use of ldap. With that said, how do you determine what is hitting your ldap server? What touches LDAP?
What touches LDAP
Ok, you know me, it’s time for PowerShell. Firstly, We need to establish which logs. The logs will give us what’s already happened. What’s going on and such. The problem with ldap, is names change, IPs change, mac addresses change. A lot happens.
Ldap Logs
Event Viewer → Applications and Services Logs → Directory Service
This is where you usually see the LDAP diagnostic events people talk about, especially:
- 2886: server is configured in a way that allows unsigned/simple LDAP binds and is warning you about it.
- 2887: summary count of how many unsigned LDAP binds happened since the last 24-hour reporting window.
- 2888: summary count of clients that would be rejected if LDAP signing were required.
- 2889: the useful one. It can show the client IP and the account identity used for an unsigned LDAP bind attempt, but only after you enable the 16 LDAP Interface Events diagnostic setting to at least Basic.
- 1644: logs certain LDAP queries, especially expensive, inefficient, or slow ones when diagnostic logging is enabled. Microsoft also notes this event is used for visibility into LDAP activities on domain controllers. AKA the machine behind the machine.
LDAPS logs are the same but you can look for the the security logs and system logs for tls.
Powershell
if you are like me, you hate digging for logs. This is why I like my powershells. They make life easier. Since 2889 is the one that will give us the most useful information, this PowerShell is for that log.
Function Get-LDAPUnsignedBindEvents {
[CmdletBinding()]
param (
[string[]]$ComputerName,
[int]$DaysBack = 7,
[System.Management.Automation.PSCredential]$Credential
)
$StartTime = (Get-Date).AddDays(-($DaysBack))
foreach ($Computer in $ComputerName) {
try {
$FilterHash = @{
LogName = 'Directory Service'
Id = 2889
StartTime = $StartTime
}
if ($PSBoundParameters.ContainsKey('Credential')) {
Get-WinEvent -ComputerName $Computer -Credential $Credential -FilterHashtable $FilterHash |
Select-Object MachineName, TimeCreated, Id, LevelDisplayName, Message
}
else {
Get-WinEvent -ComputerName $Computer -FilterHashtable $FilterHash |
Select-Object MachineName, TimeCreated, Id, LevelDisplayName, Message
}
}
catch {
Write-Warning "Unable to pull LDAP events from $Computer. $_"
}
}
}
Looking at the process
The other way to find what touches LDAP is by looking at the process itself. Here is the PowerShell for that.
Function Find-LDAPConnections {
[CmdletBinding()]
param (
[string[]]$ComputerName = $env:COMPUTERNAME,
[System.Management.Automation.PSCredential]$Credential
)
$Ports = 389,636,3268,3269
foreach ($Computer in $ComputerName) {
try {
$ScriptBlock = {
$Ports = 389,636,3268,3269
$Connections = Get-NetTCPConnection -State Established |
Where-Object {
$_.RemotePort -in $Ports -or $_.LocalPort -in $Ports
} |
Select-Object `
@{Name = 'ComputerName'; Expression = { $env:COMPUTERNAME } },
@{Name = 'Direction'; Expression = {
if ($_.RemotePort -in $Ports) { 'Outbound to LDAP' }
elseif ($_.LocalPort -in $Ports) { 'Inbound LDAP' }
else { 'Unknown' }
}},
State,
LocalAddress,
LocalPort,
RemoteAddress,
RemotePort,
OwningProcess,
@{Name = 'ProcessName'; Expression = {
try {
(Get-Process -Id $_.OwningProcess -ErrorAction Stop).ProcessName
}
catch {
'Unknown'
}
}}
$Connections | Sort-Object ProcessName, RemoteAddress, RemotePort
}
if ($Computer -eq $env:COMPUTERNAME) {
& $ScriptBlock
}
else {
if ($PSBoundParameters.ContainsKey('Credential')) {
Invoke-Command -ComputerName $Computer -Credential $Credential -ScriptBlock $ScriptBlock
}
else {
Invoke-Command -ComputerName $Computer -ScriptBlock $ScriptBlock
}
}
}
catch {
Write-Warning "Unable to capture LDAP connections from $Computer. $_"
}
}
}
Proxy
The next way to do is is setup a proxy before the ldap server to see what is hitting it. like a man in the middle. In terms of What touches LDAP, I think this is the best approach. here are hundreds of tutorials out there for that one.
Your Firewall
The next thing you can do is look into your firewall logs. look for the ports and marry it to other items.
What can we learn as a person
As we move forward with newer technologies, we have to adapt and adjust. In a world of fast-moving data and AI, things are changing faster than us humans can keep up. This scares people. Older products like LDAP slowly fade into oblivion, and it’s a race to keep up. This speed was going to happen whether we liked it or not. The number of humans who have been on this planet just keeps adding up. Our brains were not designed to keep up with it all. So sometimes, it’s best to target one thing and work on that one thing instead of 1000 things.
The next 15 years is going to be insane. Things will change every day. We will have leaders that will act out because of the chaos. The old ways will die, and if you can’t adapt, then you will fall into the death spiral. This is just history repeating itself. Each time it has happened, it’s gotten more extreme. When the wheel came about, the world changed; it was very small, but it grew. Those who didn’t use the wheel to plow their fields were outdone by those who had them. The chariots changed how we got from place to place. The written word allowed us to share knowledge. The printing press took the written word from a small handful of people to most of the world. The phone and steam engine changed how we connected ideas. The internet and computers gave us… so so much. The nuclear power gave us the ability to jump into something much greater. Each time we move, it’s always been, Power, Communication, and Transportation.
the world of AI
We are now entering a new phase. The last phase interconnected the world in a way that has never happened and created full cultures and markets that never existed before and closed a lot of smaller local items like mom-and-pop shops. It also gave everyone on earth access to It gave us the ability to travel across the world within a week. Now we are here with AI and electric cars. The only thing missing to push us forward is power. Power is also what is costing us the most right now. Within the next 15 years, we will see massive changes. It will take away from so many but give back to so many. when it’s said and done, we are still going to be around each other. It’s important to see each other as we are and not shame each other.
by David | Mar 19, 2026 | Uncategorized
Reading Time: 11 minutes
I want to do a little write-up about a fantastic product called QuillBot. As you know, I am dyslexic. I have spent years battling and growing. I have used different tools. QuillBot has really stood out. So, we will go over the tools and services it provides. Let’s dissect QuillBot, concentrating on the paraphrasing feature.
Paraphraser
Since QuillBot prides itself on making things unique, I had GPT write up a small blurb about its paraphraser. We will be using different options.
Original
QuillBot’s Paraphraser is an AI-powered writing optimization solution designed to transform existing text into clearer, more fluent, and more stylistically aligned language in seconds. Users can paste in text and have it rewritten while preserving core meaning, making it useful for refining tone, improving readability, strengthening vocabulary, and adapting content for academic, professional, or everyday communication. QuillBot positions the tool as flexible rather than one-size-fits-all, with free access to Standard and Fluency modes and additional rewrite styles available through Premium.
From a feature standpoint, the Paraphraser is built to support both light editing and deeper rewriting. QuillBot says free users can paraphrase up to 125 words at a time with no daily paraphrase limit, while Premium expands access to unlimited input, 10+ paraphrasing styles, and added controls such as the Synonym Slider, unlimited Custom modes, and Freeze Words for preserving specific terms during rewrites. In practice, that makes the tool feel less like a basic rewording app and more like a configurable AI text refinement engine.
At a broader level, QuillBot’s Paraphraser functions as part of a larger AI writing ecosystem that also includes grammar support, summarization, translation, and Word integration. That positioning makes it appealing for users who want a connected workflow where drafting, rewriting, polishing, and editing can happen inside the same platform. The overall value proposition is speed, adaptability, and polished output, especially for people who want their writing to sound more natural, concise, formal, or audience-ready without rebuilding every sentence from scratch.
Oh, So AI. So, we copy and pasted this into the paraphrasing tool. Here is what we got.
Humanize
QuillBot’s Paraphraser is an AI-powered tool that can quickly change existing material into English that is clearer, more fluent, and more in line with the style of the original. Users can paste in text and have it rewritten while keeping the main idea. This is helpful for changing the tone, making it easier to read, expanding vocabulary, and changing content for school, work, or everyday use. QuillBot says that the tool is adaptable and not a one-size-fits-all solution. Standard and Fluency modes are free, and Premium users can choose among more rewrite styles.
The Paraphraser has features that let you do both minor editing and extensive rewriting. QuillBot says that free users can paraphrase up to 125 words at a time and there is no daily limit on how many times they can do it. Premium users, on the other hand, can input as much text as they want, use more than 10 different paraphrasing styles, and get extra controls like the Synonym Slider, unlimited Custom modes, and Freeze Words, which keep certain words the same during rewrites. In real life, that makes the tool feel more like an AI text refining engine that you can change than a simple rewording software.
On a larger scale, QuillBot’s Paraphraser is just one aspect of a bigger AI writing ecosystem that also includes Word integration, grammatical assistance, summarization, and translation. This positioning makes it appealing to people who desire a connected workflow where they can draft, rewrite, polish, and edit all on the same platform. The main selling points are speed, flexibility, and polished output, especially for people who want their writing to appear more natural, concise, official, or suitable for an audience without having to rewrite every sentence from scratch.
Thoughts
This is an amazing tool. You can still tell it’s written by ai, and that’s helpful for us readers. You can take it to another level though. What would happen if we fed the humanized back into it over and over again? How long will it take for it to become all messed up?
Level 1
QuillBot’s Paraphraser is an AI-powered application that can instantly turn existing text into English that is clearer, flows better, and is more like the original. People can copy and paste text into the program, and it will rewrite it while maintaining the core idea. This is useful for changing the tone, making things easier to read, adding new words to your vocabulary, and adjusting content for school, work, or everyday use. QuillBot argues that the tool may be changed to match different needs and is not a one-size-fits-all solution. Standard and Fluency modes are free, while Premium customers can pick among additional rewrite styles.
You can use the Paraphraser to make small changes or rewrite a lot of text. QuillBot promises that free users can change the meaning of up to 125 words at a time and can do this as many times as they want each day. Premium users, on the other hand, can write as much as they like, use more than 10 different ways to rephrase, and gain extra options like the Synonym Slider, infinite Custom settings, and Freeze Words, which preserve some words the same when they are rewritten. In real life, that makes the tool feel more like an AI text refining engine that you can change than just a program that changes words.
QuillBot’s Paraphraser is simply one part of a greater AI writing ecosystem that also has Word integration, help with grammar, the ability to summarize, and the ability to translate. This placement makes it attractive to users who want a connected workflow where they can write, rewrite, polish, and edit all on the same platform. Speed, versatility, and polished output are the primary selling advantages, especially for people who want their writing to look more natural, concise, formal, or appropriate for an audience without having to rewrite every line from scratch.
Level 2 (28% Human)
QuillBot’s Paraphraser is an AI-powered program that can quickly change existing text into English that is easier to understand, flows better, and is more like the original. People can copy and paste text into the application, and it will rewrite it while keeping the basic idea. This is helpful for changing the tone, making things easier to read, learning new words, and changing content for school, work, or everyday use. QuillBot says that the tool may be customized to fit varied purposes and is not a one-size-fits-all solution. Standard and Fluency modes are free. Premium clients can choose from several rewriting styles.
You can use the Paraphraser to tweak a few words or rework a whole piece of writing. QuillBot says that free users can change the meaning of up to 125 words at a time and do this as many times as they wish each day. Premium users, on the other hand, can write as much as they like, use more than 10 different ways to rephrase, and get extra features like the Synonym Slider, endless Custom settings, and Freeze Words, which keep some words the same when they are redone. In real life, that makes the tool seem more like an AI text refining engine that you can change than just a program that modifies words.
QuillBot’s Paraphraser is just one part of a bigger AI writing system that also includes Word integration, grammatical guidance, the ability to summarize, and the capacity to translate. This location is appealing to customers who desire a connected workflow where they can write, rewrite, polish, and edit anything on the same platform. The main selling points are speed, flexibility, and polished output. This is especially true for writers who want their writing to look more natural, concise, formal, or acceptable for an audience without having to rewrite every word from start.
Level 5 (57% Human)
QuillBot’s Paraphraser is an AI-powered tool that can swiftly convert material that is already there into English that is simpler to read, flows better, and is more like the original. You can copy and paste text into the program, and it will change it while preserving the main idea. This is useful for changing the tone, making things simpler to read, learning new vocabulary, and adjusting things for school, work, or everyday use. According to QuillBot, the tool may be changed to match different needs and is not a one-size-fits-all solution. You don’t have to pay for the Standard and Fluency modes. There are a variety of different ways for premium clients to rewrite.
You can edit just a few words or the full thing using the Paraphraser. QuillBot says that anybody who use the service for free can change the meaning of up to 125 words at a time and do this as many times as they want each day. People who subscribe for the service, on the other hand, can write as much as they want, use more than 10 different ways to rephrase, and get extra tools like the Synonym Slider, infinite Custom settings, and Freeze phrases, which retain some words the same when they are rebuilt. In real life, that makes the tool seem more like an AI text refining engine that you can change than just a program that modifies words.
QuillBot’s Paraphraser is simply one part of a larger AI writing system that can aid you with grammar, summarizing, translating, and using Word. Customers like this area because it lets them write, rewrite, polish, and edit everything in one place. The primary selling elements are how fast, easy, and good the result is. This is especially true for writers who want their work to look more natural, short, formal, or appropriate for an audience but don’t want to have to start over and modify every word.
Level 7 (what?)
QuillBot’s AI Paraphraser swiftly rewrites English text to make it better, easier to read, and extremely comparable. Put text into the application. It might change the words but not the message. This will modify the tone, make things clearer, help you learn new words, and make everything better, whether you’re writing for school, job, or fun. QuillBot doesn’t think there is a “one size fits all” answer because the tool can be changed. The Standard and Fluency modes are free to use. There are various methods for premium customers to modify.
The Paraphraser can modify the complete text or just a few words. You can alter 125 words per day with QuillBot’s free version. Customers who pay can change terms in more than ten ways and use it as often as they want. The Synonym Slider, limitless Custom settings, and Freeze phrases are some of the other features. These tools keep some rebuilt words. The program changes words and makes writing better, like an AI.
QuillBot’s Paraphraser is an advanced AI writing tool that can spell, summarize, translate, and work with MS Word. Customers enjoy this part since it has everything they need to write, edit, and finish. Selling depends on how quickly, simply, and well it works. You can change the length, tone, or style of your work without having to rewrite it.QuillBot’s AI Paraphraser swiftly rewrites English text to make it better, easier to read, and extremely comparable. Put text into the application. It might change the words but not the message. This will modify the tone, make things clearer, help you learn new words, and make everything better, whether you’re writing for school, job, or fun. QuillBot doesn’t think there is a “one size fits all” answer because the tool can be changed. The Standard and Fluency modes are free to use. There are various methods for premium customers to modify.
The Paraphraser can modify the complete text or just a few words. You can alter 125 words per day with QuillBot’s free version. Customers who pay can change terms in more than ten ways and use it as often as they want. The Synonym Slider, limitless Custom settings, and Freeze phrases are some of the other features. These tools keep some rebuilt words. The program changes words and makes writing better, like an AI.
QuillBot’s Paraphraser is an advanced AI writing tool that can spell, summarize, translate, and work with MS Word. Customers enjoy this part since it has everything they need to write, edit, and finish. To sell, you need to know how well, swiftly, and effortlessly it works. You don’t have to rewrite your work to change its style, tone, or length.
Thoughts
As you see, as we feed the response back to itself, it decays pretty quickly. I am going to do this 100 times. At level 7, it took 45 seconds. Notice each time, the count of words change randomly and widely. At 25 times, the word count goes from around 300 to 500. When we hit 50 times, we went from 300 words to almost 900 words. It also took 1 minute each time. This is where I choose to stop as it was eatting so much time. It also started to repeat itself over and over again. Which is super weird.
Level 50
The QuillBot AI Paraphraser can quickly change English text to make it easier to read and more interesting, all while keeping the original meaning. It might be a good idea to think about adding another function to the app. You can modify how the sentences are understood, but you can’t change the words themselves. Doing this on a daily basis would definitely help you become a better writer, which will help you convey your thoughts more clearly and provide you more words to use. One may fairly expect that enhancements will occur in all other domains as a direct result of this advancement. No matter whether you write for fun, school, or work, it’s a good idea to think about this part carefully. QuillBot says that there is no one-size-fits-all way to use the tool since there are so many different ways to do it. You don’t have to spend any money to use either the Standard mode or the Fluency mode. If premium users choose to, they may change the scene in many different ways.
You may use the Paraphraser tool to change all or part of the text, depending on what you need and want. The free version of QuillBot lets users change up to 125 words every day. People who pay for the service may change the rules in more than 10 different ways. Also, customers have the freedom to use the service to its fullest extent as they see fit. At this point, you have a lot more choices than before. These include the new Synonym Slider, the opportunity to make as many Custom settings as you like, and the ability to Freeze phrases to make them easier to use. We fully support your right to make more purchases anytime you want. The language analysis tools being spoken about keep a close eye on and record the specific words that have changed a lot in different situations. The application works like artificial intelligence since it changes the words used to improve the quality of the whole thing.
The QuillBot Paraphraser is a very advanced and powerful AI writing tool with a lot of features. It has several capabilities that make it useful for improving the writing process, such as spell checking, translation, summary, and easy interface with Microsoft Word. A lot of people really like this phase since it offers everything they need to write, revise, and finish their work in a thorough way. The company may improve its operational efficiency by doing jobs more quickly and with fewer workers as its revenues rise. If you want to change the tone, length, or style of your work, you don’t have to start again.QuillBot’s AI paraphraser is amazing since it can quickly and accurately rephrase English text. This tool makes things clearer and easier to understand while still looking a lot like the original. It could be a good idea to think about adding another feature to the app. The phrases’ meaning may vary, but the words themselves must stay the same. Doing this often will definitely make your writing better, clearer, and a lot longer. It is a fair assumption that, along with other variables, all other factors will also become better with time. No matter whether you’re writing for fun, school, or work, it’s a good idea to think carefully about this issue. QuillBot says that there is no one-size-fits-all way to use the tool since it may be used in many different ways. You don’t have to spend any money to use either the Standard mode or the Fluency mode. Premium users may change the scene in many different ways if they want to.
You may use the Paraphraser tool to change all of the text or just some of it, depending on what you need. The free version of QuillBot lets users change 125 words every day. People that pay for the service may change the rules in many ways, more than ten different ways, so they can use the service to its maximum potential based on their own requirements and preferences. You have a lot of choices, such as the Synonym Slider, the ability to make a wide range of Custom settings that suit your needs, and the ability to Freeze phrases so that you can utilize them more easily. If you want, you can buy more things whenever you want. These gadgets keep a close eye on changes to different phrases and keep track of them. The software improves writing by changing words, which is similar to how artificial intelligence works in many ways.
The QuillBot Paraphraser is an amazing AI writing tool that works really well with Microsoft Word. This platform has a lot of tools to help with writing, such as spell check, translation, and summary. People in this group get the most joy from it since it gives them all the tools and resources they need to do their jobs well, make any changes that need to be made, and finish their assignments. To properly promote the product and make sure it meets high standards, you need to know everything about how well it works, how fast it works, and how easy it is to use. If you want to change the tone, length, or style of your work, you don’t have to start over from scratch.
Final Thoughts
It’s amazing how AI can do things. I thought this was interesting and how it works. It only costs $99 a year, and it’s a good price for all that it does. It does have limits. I just thought this would be a cool random thing to try out. My only complaint is customer service treats you like a robot and refuses to budge. Other than that, it has some amazing tools and can really add to your blogs. I personally like how it underlines everything and says to fix it. It’s very helpful for people like myself.
I hope you all like this randomness today.
