Testing Twitter Influence – Part Three

Read parts One and Two

As mentioned in Part Two, I wanted to test how well paying $5 for a bunch of clicks to your site went. I paid another US$5 for someone selling  ‘I will do social media marketing campaign within my 9M Facebook and Twitter fans’ – sounds rather dubious.

I gave them a URL on my website: http://www.adamfowlerit.com/dirty/ which contains a cute picture of a rabbit, and waited to see what happened.

I can’t find any records of this link being shared in social media, but they somehow managed to generate a bunch of hits, over a 4 day period. Funnily enough, after this there is absolutely zero hits:

Traffic to the URLTraffic to the specific URL

The seller also created a pretty graph via Google Analytics apparently showing where the clicks came from, passing it through a shortened URL:

traffic3Google Analytics of URL traffic

I’m reasonably confident all this traffic was faked, along with the sources, browsers, countries etc. None of that is overly difficult to fake.

Thirdly, here’s the overall traffic to my website with the ‘marketing campaign’ hits rather obviously in the middle:

traffic1Overall Site Hits

Traffic after the campaign ended went back to normal. As a side note, it’s interesting to see the dips on my site over the weekend, versus the buildup during the week to Wednesday. This cycle is consistent unless I publish a popular article, or gets picked up by a news site or reddit (it occasionally happens!).

Two major points I take away from this – it’s easy and cheap to generate ‘traffic’ which appears real and varied, and don’t believe any claim in traffic or hits, even if you see the end results.

Back on the Twitter front, I’ve done absolutely nothing with @AdamFowlerITCom but it’s looking more legitimate to me. I’m getting what appears to be more real followers (or good fake ones) as well as thanks for adding people to a list from an automated method:

twitter1Twitter Notifications

I think I’ve set out what I planned to achieve – showing that it’s very easy to build up an appearance of having huge numbers of followers, and unless someone digs deep it will appear to be legitimate after you get real followers on the account too. Also, fake traffic is incredibly cheap to generate – so take everything with a grain of salt.

Rolling back from a bad KB Update

Microsoft releases buggy patches now and then (more commonly now sadly).

Today’s stuff up is KB3097877 which breaks a bunch of things, including things like causing Outlook to crash when reading HTML emails.

Best practise is to have a target group from WSUS that these patches go to first, before going company wide – but either way, you’ll want to remove the patch from the affected PCs.

How do you do this? This is my recommended safe approach:

Step 1. Disable the patch in WSUS.
Just do this now, before anyone else gets it. You’re not going to break anything by choosing the ‘Decline’ option on a patch in WSUS. Make sure you do it to each OS version or product you manage (e.g. Windows 7 32 bit, Windows 7 64 bit, Windows 8 32 bit etc).

Step 2. Test uninstalling the patch manually
Before you go nuts and try to fix all the things at once, do a quick test or two. If you manually uninstall the patch, does it successfully uninstall? Reboot and make sure the PC seems happy (check event viewer!). Reboots may take a while doing system state backups and rolling back the patch.

Step 3. – Set WSUS to Uninstall the patch.
It’s a bit counter intuitive to approve a patch to then set it to remove, but that’s how WSUS works. Find the patch by searching for the KB, and once you right click ‘Approve’, you’ll get the option to choose ‘Approved for Removal’. Make sure you’re targeting the correct Computer Group. If you can’t use WSUS, work out how to get your PCs to run a command like this: “wusa /uninstall /kb:3097877 /quiet /norestart” – without the /norestart, they’ll restart :)

Step 4 – Test Windows Update uninstall
Test another PC’s ability to use Windows Updates to uninstall the patch. ‘Checking for updates’ either through the Windows Update GUI or the good old ‘wuauclt /detectnow’ command will do the trick. Similar to Step 2, check it uninstalls and reboot. You can also check C:\Windows\WindowsUpdate.log to make sure it’s happy (this doesn’t apply to Windows 10 as that log doesn’t exist).

Step 5 – Trigger your PCs to check for Windows Updates
Depending on your group policies, Windows Updates will check at certain intervals and may auto download or auto patch. Easiest thing to do is trigger all your PCs to check Windows Updates now. There’s an easy PowerShell way of doing this here, but requires WinRM to be enabled – you should have this on if you want to be able to do a bunch of cool stuff to your PCs. Otherwise, try psexec which will have the same result. This can take a long time to do! Optional component – WOL your PCs first.

Step 6 – Reboot
Now that you’re ready to clean up, test reboot a PC or two and make sure the patch goes away. If that happens, then schedule all your PCs to reboot. You should have a way of doing this already – SCCM can do it well, you can create a once off scheduled task and push that out to PCs, or a bunch of other ways.

Step 7 – Report in WSUS
WSUS has some nice client reporting options. Search for the KB again, right click and choose ‘Status Report’. This is usually not too lagged in it’s information, and you can check to make sure none of your PCs have the update any more. If there’s only a few, it may be easier to manually fix the remainder.


Happy cleaning up!


Identifying and Counting Office 365 Cloud vs On Premise Users

How do you easily identify Cloud and On Premise users in your Office 365/Azure AD instance? With PowerShell of course!

Prerequisite – Windows Azure Active Directory Module

Using the ‘get-msoluser -all’ command, you can find all your users in Office 365/Azure AD. Getting the results of which users are cloud only based, or synced via an on-premise LDAP such as Active Directory may not be easy at first glance.

If you expand out all the details possible from a user, the fields are as follows:


None of these are obvious to indicate where the account is primarily located.

After a quick comparison of an on-premise account and a cloud account, I noticed the ‘ImmutableId’ was blank for the cloud users. I found a great blog post about what the value was for here, which proved my guess – the value corresponds to the ‘objectGUID’ of the account, which cloud-only accounts don’t use.

Based on that, the rest is simple. Here’s some example commands:

get-msoluser -all | where immutableid -eq $null
Get a list of all cloud only accounts

get-msoluser -all | where immutableid -eq $null |fl
Get all cloud only accounts with all values

get-msoluser -all | where immutableid -ne $null
Get all synced on-premise accounts (e.g. DirSync, Azure AD Connect, ADFS)

get-msoluser -all | where immutableid -eq $null |measure
Show a count of how many cloud only accounts

get-msoluser -all | where immutableid -eq $null | export-csv cloudusers.csv
Export the list of cloud only accounts to a csv file

Testing Twitter Influence – Part Two

Read Part One Here

It’s been a few weeks since I decided to muck around with Twitter, and it’s been a learning experience to get to the stage I’m at.

I bought 7500 and 8000 followers respectively through fiverr.com – a bad idea to do both at once, since both ‘professionals’ claimed they’d delivered after I got to 7800 followers. I couldn’t prove who did and didn’t do it, or if they’d both half done it… so just bought a third chunk of 7500. I wanted to get over the 10k mark as to me, that appears more impressive than seeing a number like “9,825” followers.

Within the week, I had my 15k followers. The first thing that jumped out at me was that a lot of them were eggs:


Apart from the eggs, there were a lot of non-English style followers. I feel bad because I’m sure these identities have been stolen for fake accounts (as in the photos, I’m sure the names aren’t real). It was at this stage I realised there’d be a bit more work to do, just having 15k followers wasn’t enough.

I checked out IFTTT.com which can automate some Twitter things, but it seems Twitter has blocked a bunch of things I’d hoped to do. First I tried to follow everyone who followed me – I couldn’t find a way to do this at all. There was also no way to automatically follow anyone, nor a way to retweet anything automatically. I was trying to do all of these things to create content and contacts without effort. I dare say the exact reasons I was trying to do this, was the same reasons it’s not allowed.

What I could do, was get IFTTT to search a hastag (e.g. #microsoft) and add that person to a Twitter list. IFTTT will only grab 30 results at a time, so it’s slow – but I figured people like being added to lists, and might follow my account after feeling special enough for being added to a list.

You can see my #Microsoft list here and I did the same for #Windows here. There seems to be a mix of rubbish Twitter accounts along with real ones, so I’d say it’s been semi successful.

I also found a service called  that would retweet tweets from lists. I did this for a little while just to get my tweet count higher, but stopped it. Due to only using the free service, there were some rather heavy limitations, along with a daily “I’m using RoundTeam” tweet they kindly made my account do. I was hoping automatic retweets would do the same as adding someone to a list, while making my feed look useful. The problem I found was, I was often retweeting non-English tweets that used #Microsoft or #Windows which made my feed look pretty crappy.

As a final attempt, I followed only a few tech Twitter accounts, added them to a list, and retweeted their tweets occasionally. This cleaned up my feed a bit, but it wasn’t really doing much to get social media influence.

I then turned off all the automation, apart from the lists as I figured that wasn’t doing anything visibly obvious to anyone, apart from accounts added to the list. I managed to get some legitimate followers though, if you see who follows my account, the first few pages look pretty good.

I have a feeling that if I now treated the account properly, created content and interracted with people it would be seen as a legitimate, popular account. What do you think?

My next step is to create a page and see how many hits I can get to it, probably by paying another spammer $5US to promote a tweet. I’m curious to see how many hits I’ll get…

Azure AD Connect – Password Sync Times

Azure AD Connect is a Microsoft utility that will sync your Active Directory records to Azure AD/Office 365. An introduction to this is available here.

One of the benefits of Azure AD is being able to use it as your point of authentication for users over the internet, without having to poke holes in your on-premise firewall. I was considering this for a 3rd party solution – but I had a concern.

How Do Passwords Work in Azure?

Azure AD/Office 365 stores passwords for users created ‘On Cloud’ – i.e. the primary record for them exists in Azure AD/Office365. For the ‘On Cloud’ users, password resets are instant, because the same system that hosts the user, manages their password.

Azure AD/Office 365 does not store passwords for your on-premise users. Instead, it uses a password hash. To learn more about this, read Mircosoft’s article on Understanding Office 365 identity and Azure Active Directory. This only functions if you’ve actually enabled password sync, which is a tickbox configurable from the Azure AD Connect side of things.

This means an on-premise user still authenticates against Azure AD/Office 365, but details are synced using Azure AD Connect on a scheduled basis. Someone’s phone number changes? That’ll be pushed to the cloud on the next sync. By default, that sync is every 3 hours. Personally I prefer every hour, but this is going to be dependent on the size of your AD environment if that makes sense.

What about Password changes?

Password hashes are different though. They occur every few minutes – sometimes within seconds. Event logs on the server that hosts Azure AD Connect will show three different events occuring.

The first is the ‘Password Change Request’ Event ID 656. From this you’ll see which user it is, as well as when the password change was actually made according to AD.

Second is the batch count, Event ID 651. This shows that it’s finished collecting details of password changes.

Finally, the Password Change Result record, Event ID 657. This should show the user affected again, and the result of the password change (which is hopefully Success):


I was hoping passwords would almost be instant (within a few seconds) and my original testing showed that, but after more testing I found mixed results. More often it would take a minute or two.

Real World Impact

This means that if you have any application that authenticates against Azure AD, there is a chance of up to a roughly 3 minute delay before Azure AD knows of the new password, and won’t create a great experience for end users depending what applications they use, even first party.

Consider if you had Sharepoint Online for something staff accessed, and someone logs onto their domain connected PC. Their password has expired, so they change it and continue logging in. First thing they do is try and get to the SharePoint Online website, and get prompted for credentials. They try their new password, and it doesn’t work! So they try their old password… but in between these two attempts, their password in Azure AD has now updated. The old password doesn’t work either! From an end user perspective, that’s incredibly confusing.


The real solution to all of the above is to not use Azure AD Connect, and instead use ADFS. Instead of syncing passwords, password requests come from Azure AD back to your on-premise ADFS environment to authenticate a user. This will be immediately aware of a password change, and authenticate the user with the right credentials. You get the added benefit of pass-through authentication to Azure/Office 365 resources, which means users don’t need to keep authenticating to online resources (such as my SharePoint Online example above).

Any questions/comments/disputes on the above? Comment below!

Thanks to @Froosh for confirming my tests on this.


Testing Twitter Influence – Part One

I have some theories and questions around Twitter, follower counts and reach – so I thought I’d put some stuff to the test. Each social network is different, and in turn will attract both people trying to make a quick buck as well as people looking to exploit it.

I plan to try a few different cheap methods of social influence on Twitter, and see what happens. I’ve been curious about it for a while, but honestly I don’t really trust anything out there as there’s usually an angle someone’s pushing for (such as selling SEO type services) and trying to make money for themselves. I’m not, which hopefully is clear from this write up.

I also don’t want to discount the idea of value from influencing. I am personally an influencer in a few programs, but all this means is I have access to products and information that I can share how I please, because I have a perceived audience who will listen. It definitely works – an example off the top of my head is Oprah’s Book Club. Any book she recommends hits all the top sellers lists once she recommends it. The Oprah effect is real and valuable, and I’m happy with this method as long as it really reflects’s the person’s views and they’re honest in what they say. For myself, I only go into programs of products I actually like, and as long as the other side is aware that I’m not going to blindly praise anything I get – it will be honest and fair comments made publicly.

My preconceived ideas:

  • A lot of people have huge followers on Twitter, and I think many buy followers for influence.
  • Buying followers is cheap and easy.
  • Getting influence through lots of fake followers, and getting fake accounts to write something for you actually gives you hits to your website.
  • People will see the amount of followers you have being huge, and think you actually have a big influence, which will lead to real opportunities.

Questions I have are:

  • Is it actually as easy as I think to get thousands of followers?
  • How long will it take?
  • How many hits can I get to a blog post by solely getting it tweeted out by a bunch of fake accounts?
  • How much will this cost?
  • Is any of this better than what an ‘SEO Expert’ will do, costing many times more?

I’m hoping the results of this will give a little less credit to many who abuse the system, and highlight that the quality of followers you have on Twitter is much more important than the actual number. Maybe I’ll be completely wrong, my tests will work amazingly well, we shall see.

I’ll probably find other interesting things to try in this process also, I’ll keep everything transparent as I continue through it.

Step One – Create a Twitter Account

I’ve already put step one into action. I’ve created @adamfowleritcom which has zero followers and zero followings. Zero tweets too. I’ve changed the picture from Twitter’s egg to a very unexciting text about my website. I don’t want to actually use this account at the end of this test for my blog as I believe this to be ethically wrong, and I use my normal Twitter account @AdamFowler_IT anyway – but I may leave it untouched so readers can see the results.

Step Two – Buy Followers

I’m not sure the best place to even buy followers. I could search on Twitter for all the accounts that spam ways of getting followers, but instead I’ve decided to use Fiverr. This way, it’s going to cost $5US a shot, and I’ll pick someone who has actual feedback. I don’t want to promote who I choose, because I’m not doing this to promote the actual usage of buying followers. It’s a very small amount of money and maybe there’s cheaper out there…

There’s a lot to choose from, so I picked one that promised 7500 followers, and another that promised 7000 followers. 14,500 total, and it takes 1 – 2 days to deliver. If they don’t deliver, I can just get a refund from Fiverr and try again.

I feel a little dirty already from doing this, like I need a shower dirty. I’ll wait a few days and provide an update.


Source: http://news.xinhuanet.com/english/photo/2015-04/28/c_134190146.htm

Source: http://news.xinhuanet.com/english/photo/2015-04/28/c_134190146.htm


Intel 6th Gen CPU Launch

I was given the opportunity to attend the launch of Intel Asia Pacific’s 6th Generation CPU in Sydney, 14th October 2015.

Sydney Opera HouseSydney Opera House

The event was held in the Sydney Opera House, which I’d never been in before. Great building, but not so great for phone reception – luckily Wi-Fi was readily available. The event was also live streamed so people around the world could watch and see what Intel had to say. If you missed out, you can still watch a reply of it here.

20151014_173053Intel On Stage

The hashtag for the event was #Experience6thGen and you can check out what people were saying on Twitter – including myself as I live tweeted points I found interesting.

Take home messages from the event for me were:

  • Intel are releasing 48 different CPUs for the 6th Generation – ranging from CPUs designed for convertibles, laptops, gaming PCs and servers
  • Skylark is the code name for the 6th Gen CPU
  • Gaming CPUs are selling great, Intel are seeing a resurgence of console gamers coming back to PC. Intel is focusing more on gamers now along with eSports sponsoring
  • CPU sales are still on a slight downward trend, but as an example Q3 2015 was better than Q2 2015, and Intel are hoping this new CPU along with Windows 10 and the new devices coming out help drive growth
  • Thunderbolt 3 is supported with the new CPU which is 8x faster than USB 3.0
  • RealSense is awesome – 3D Camera support which most laptops will come with. This enables secure face scanning for login via Windows 10 along with a bunch of other cooler things – think 3D printing/copying! Sheldon Cooper can tell you all about it.
  • Intel has some crazy new storage technology on the way for 2016 – Intel Optane
  • There’s a lot of new devices on their way!

Some of the devices were on display. To get to them, I had to sneak past a robot:

RobotIntel Robot

…then I had to avoid detection of some Stormtroopers:

StormtroopersLooking for droids?

… and I finally managed to make my way to Lenovo’s showcase of devices, with Intel’s new CPU inside.

I spotted:

ThinkPad Yoga 260Lenovo ThinkPad Yoga 260

Lenovo P50Lenovo P50

YogaLenovo Yoga 500

Miix 700Lenovo Miix 700

Sorry about the photo angles, it was very crowded! Personally, I’m most interested in the P50/P70 series of Lenovo laptops because they’re really a decent server in laptop form, go read about them! The ThinkPad Yoga 260 is also interesting for a business user, as a lot of the Yogas lately have been consumer. They all look like decent laptops though, and have their own target audience.

There was also a gaming desktop set up, but I only managed to snap a photo of the awesome red keyboard:

20151014_175307Lenovo Gaming Keyboard

It’s nice to see a focus from both Lenovo and Intel on the gaming community again, which combines with so many people wanting a grunty PC as rich media content creator and editor.

CRQzC7bU8AAYGR6Hi from the event! (I’m 3rd from left)

Thanks for the invite Intel, had a great time and got to catch up with a variety of great people all with an interest in what Intel does. Hopefully I’ll have my hands on a 6th Gen CPU myself, so I can put it through the paces.