|
Woof Blitzer posted:Anyone have any good getting started with SCCM type resources? As a note, I have not actually used SCCM, but I found this when it was possible I would be using it a few years ago: https://www.windows-noob.com/forums/topic/4045-step-by-step-guides-system-center-2012-r2-configuration-manager/
|
#
?
Aug 17, 2019 16:43
|
|
|
|
| # ? Apr 23, 2024 13:25 |
|
|
That's a really good resource, it's where I started from nothing and now I'm where I am now where I've built out multiple instances as large as 20k clients etc etc.
|
|
#
?
Aug 18, 2019 01:40
|
|
|
MF_James posted:As a note, I have not actually used SCCM, but I found this when it was possible I would be using it a few years ago: https://www.windows-noob.com/forums/topic/4045-step-by-step-guides-system-center-2012-r2-configuration-manager/ My man!
|
|
#
?
Aug 18, 2019 16:43
|
|
|
Does anybody else's boss hate OSS? I mean, I get it, open-source software can often be trash, but when my boss asked me to find software to automate an FTP transfer but didn't want me to script it in a bash script because "other sysadmins need to be able to administer it too" therefore requiring a GUI, I suggested WinSCP. My boss asked "how much is it", and I said "free". "But why is it free?" I was asked. I replied, "because it's open-source?". Denied. "Find something corporate" I was told. What the gently caress? So anyway, anyone know a corporate approved piece of software that has a GUI that can automate FTP transfers? kiwid fucked around with this message at 18:59 on Sep 3, 2019 |
|
#
?
Sep 3, 2019 18:29
|
|
|
kiwid posted:Does anybody else's boss hate OSS? start your own llc and resell support subscriptions to OSS also kiwid posted:automate ... requiring a GUI
|
|
#
?
Sep 3, 2019 18:34
|
|
|
Show your boss a quote for IBM Connect:Direct and see if he changes his mind.
|
|
#
?
Sep 3, 2019 18:42
|
|
|
Methanar posted:also It's funny because all the GUI does is generate the script for you. It's still code in the end. Shhh.
|
|
#
?
Sep 3, 2019 18:45
|
|
|
Welp, I've been ordered to email our parent company's security team to get suggestions. I miss working for SMB.
|
|
#
?
Sep 3, 2019 18:54
|
|
|
skipdogg posted:Show your boss a quote for IBM Connect:Direct and see if he changes his mind. Not empty quoting.
|
|
#
?
Sep 3, 2019 18:55
|
|
|
ChubbyThePhat posted:Not empty quoting. We used to be a contractor for SBC/AT&T back in the day and they owned Sterling Commerce at the time, and of course they made us buy a license and use it to transfer data with them. Simple FTP transfer once a day of a CSV file.
|
|
#
?
Sep 3, 2019 18:58
|
|
|
kiwid posted:So anyway, anyone know a corporate approved piece of software that has a GUI that can automate FTP transfers? At a previous job this was used to automate FTP crap. Pay all you want! https://www.ipswitch.com/ftp-client
|
|
#
?
Sep 3, 2019 21:28
|
|
|
kiwid posted:Does anybody else's boss hate OSS? I once had someone ask me to find an NTP client they could pay for.
|
|
#
?
Sep 4, 2019 04:49
|
|
|
I am trying to set up shared-nothing availability groups on SQL Server 2017 and I cannot get it to handle the loss of a member server gracefully. Can anyone point me to a detailed guide on how to do this? I freely admit that I am new to this technology but not to clustering. My experience is with the active/passive same-subnet-shared-SAN-disc cluster model. For the purposes of this example I have three SQL Server 2017 servers running on Windows Server 2019 in three distinct datacenters with distinct subnets. There are no firewalls between them. I would like to set up the three nodes so that I can ETL data into the cluster by a single endpoint and read data from another endpoint (sort of like the RDS Aurora model in AWS FWIW) so that I can have applications in a specific region perform reads locally. The cluster should be able to seamlessly handle the outage of an cluster member and also handle the reintroduction of a repaired cluster member. Is this scenario possible?
|
|
#
?
Sep 4, 2019 04:53
|
|
|
FISHMANPET posted:I once had someone ask me to find an NTP client they could pay for. There just might be a market for a company that offers paid/re-branded versions of non-problematic open/free standards and software. A support contract for software like Putty would straight-up print money.
|
|
#
?
Sep 4, 2019 05:20
|
|
|
Agrikk posted:I am trying to set up shared-nothing availability groups on SQL Server 2017 and I cannot get it to handle the loss of a member server gracefully. Sounds like maybe you're not using WSFC? Even though you're not using shared volumes it's still needed for handling the failover orchestration between SQL instances. The AlwaysOn part is really just database mirroring. This is for 2012 but I don't think much changed for 2017. Your scenario is possible. SQL Enterprise edition is required for readable secondary nodes. Asynchronous replication will prevent heavy reads from impacting the primary, but you'll need monitoring to ensure it doesn't fall too far behind. All of your apps' SQL connection strings will want to add Multisubnetfailover=true, and even then expect 5-15s blips during a failover. Your read-only apps can use ApplicationIntent=ReadOnly in their connection string to get to the right node. Cluster management is still old-fashioned trash -- there's lots of ways a repaired node won't be automatically reintroduced; there's no built-in node configuration management (i.e. having the same SQL logins on every node) so DSC it or something; SQL Agent is completely cluster-unaware. Depending on how heavy your Reporting needs are it might be worth checking out something like Snowflake.
|
|
#
?
Sep 4, 2019 06:19
|
|
|
Extremely Penetrated posted:Sounds like maybe you're not using WSFC? Even though you're not using shared volumes it's still needed for handling the failover orchestration between SQL instances. The AlwaysOn part is really just database mirroring. This is for 2012 but I don't think much changed for 2017. Thanks for the confirmation that the scenario is possible. That's a good start.  And I've got the WSFC cluster built and a copy of SQL Enterprise installed on each of the three nodes.I've seen that doc before, and what's frustrating is that it is basically, step one: gather information step two: run cloudformation template step three: finished! While this is a great advertisement for CloudFormation, but doesn't help me understand the steps on how to build the thing.  I haven't been able to find something that is literally a step by step guide from soup to nuts.
|
|
#
?
Sep 4, 2019 14:41
|
|
|
klosterdev posted:There just might be a market for a company that offers paid/re-branded versions of non-problematic open/free standards and software. A support contract for software like Putty would straight-up print money. There would be. Enterprise IT is 80% covering your rear end in my experirence. Fun semi-related story. The small software development office close to me needed something like 25 copies of beyond compare software. Purchasing didn't have a procedure for buying software from a small company like that. Couldn't put it on a credit card and expense it, and couldn't paypal the company. I have the VAR we used at the time buy the licenses via PayPal for us, and then mark it all up 15% to cover his time and fees. We paid his invoice through normal channels no problem.
|
|
#
?
Sep 4, 2019 16:09
|
|
|
Question for those who migrated from exchange on prem to O365 (hybrid.) - Did you leave you hybrid server up? From the documents I read, I heard you should and there is no real direction on what to do with it to get rid of it. - Since everyone is migrated, when you have a new user/new hire, do you just go ahead and provision the new accounts in O365 (no longer creating on prem then migrating to O365)
|
|
#
?
Sep 6, 2019 02:55
|
|
|
1. Yes, and running without an exchange server is currently unsupported. MS has made noises about fixing this but nothing real has happened in a couple years. 2. Any mailbox that is created in o365 first will be missing a bunch of exchange related ad attributes. Creating them on prem and moving them does not have this issue. It is possible to manually set those attributes in adsi or PowerShell.
|
|
#
?
Sep 6, 2019 03:42
|
|
|
The Fool posted:1. Yes, and running without an exchange server is currently unsupported. MS has made noises about fixing this but nothing real has happened in a couple years. So is ir safe to say then everyone is creatingnew users on prem and migrating to them?
|
|
#
?
Sep 6, 2019 03:59
|
|
|
lol internet. posted:So is ir safe to say then everyone is creatingnew users on prem and migrating to them? You don’t need to create them on-prem and then migrate, look at remote mailboxes.
|
|
#
?
Sep 6, 2019 04:20
|
|
|
lol internet. posted:So is ir safe to say then everyone is creatingnew users on prem and migrating to them? Create user in AD, let propagate, use Enable-RemoteMailbox on the on-prem, assign O365 licenses Probably something similar for already-existing users during the migration itself, minus creating them.
|
|
#
?
Sep 6, 2019 04:34
|
|
|
Anyone have experience with cleaning up AD? Our AD was created in Server 2000 and upgraded all these years leaving junk accounts, groups, OUs, etc. Also, we used to run our own exchange so I definitely remember editing random ADSIedit things. I was thinking of maybe cleaning this up. Any tools out there to help with this?
|
|
#
?
Sep 6, 2019 14:02
|
|
|
kiwid posted:I was thinking of maybe cleaning this up. Any tools out there to help with this? You can use powershell to query AD to spit out various useful bits of information about your objects if you can think of anything you want out of your AD. (eg computer objects that haven't authenticated against AD in a year) Most important thing you can probably do when cleaning up your AD is planning before you do it, and making sure what you're going to do will be consistent now, and maintainable from hereon out. Identify bad practices in what you do now (eg granting everyone write/full control to a share with a single security group that's grown significantly in scope, or adding users to a share instead of using groups at all) and figure out how you can improve it to no longer be terrible (create read/write security groups, or for shares with broad purposes, create some folders with disabled inheritance in the share and apply separate read/write security groups to those folders) Or create nested groups that apply to the employee's job function! Additionally, remember Chesterson's fence. There might be a stupid hacky reason something nonsensical exists you won't learn the purpose of until its gone.
|
|
#
?
Sep 7, 2019 03:48
|
|
|
kiwid posted:Anyone have experience with cleaning up AD? Fire. I'm only half-kidding. It may actually make more sense to start fresh, especially if/when you're making a big upgrade push. Another easy target is users and computer objects that haven't authenticated in over a year. Those are good targets for disabling and moving to a morgue OU.
|
|
#
?
Sep 7, 2019 06:49
|
|
|
The Fool posted:1. Yes, and running without an exchange server is currently unsupported. MS has made noises about fixing this but nothing real has happened in a couple years. Has MS changed their tune to provide a path to migrate from hybrid to full O365 or am I simply lost in how many times this has changed?
|
|
#
?
Sep 9, 2019 16:25
|
|
|
For as long as I have been following it (roughly 3 years) the message I've been getting from Microsoft has been "We want to provide this migration path but there are some technical hurdles and fixing them is not a priority" You might be able to find more info in ignite roundups from 2017 and 2018, but real information has been hard to come by, and the official policy hasn't changed.
|
|
#
?
Sep 9, 2019 17:24
|
|
|
I know they say you should keep an exchange server in the environment but what are you really losing? I've done a few hybrid to O365 only migrations and haven't witnessed any terrible repercussions
|
|
#
?
Sep 10, 2019 13:21
|
|
|
Ours serve two purposes, both load balanced: On-Prem ECP/Powershell for running enable-remotemailbox during our user provisioning process. On-prem SMTP relay for devices, applications, monitoring, etc. It forwards all traffic to proofpoint, which then makes the decision to deliver to our O365 tenant or out to the internet.
|
|
#
?
Sep 10, 2019 13:56
|
|
|
snackcakes posted:I know they say you should keep an exchange server in the environment but what are you really losing? If you're using AADConnect it's an unsupported configuration (for what that is worth for you). You're manually editing (either through tools or scripts) attributes that Microsoft doesn't want you changing and could cause problems down the line. If you don't need password sync (or have some other scheme to do that), go nuts.
|
|
#
?
Sep 10, 2019 17:09
|
|
|
Wizard of the Deep posted:I'm only half-kidding. It may actually make more sense to start fresh, especially if/when you're making a big upgrade push. If we ever did decide to start on a fresh AD, is there any way to avoid creating new local profiles on users machines and let them continue using the one they have? Wizard of the Deep posted:Another easy target is users and computer objects that haven't authenticated in over a year. Those are good targets for disabling and moving to a morgue OU. Ooo I like that.
|
|
#
?
Sep 10, 2019 18:34
|
|
|
kiwid posted:If we ever did decide to start on a fresh AD, is there any way to avoid creating new local profiles on users machines and let them continue using the one they have? The Forensit User Profile Wizard will do that. It allows you to transfer profiles to/from local machines and between domains. It is also fairly easy to automate. There is a free version and a licensed version, but the license is cheap and well worth the money.
|
|
#
?
Sep 10, 2019 18:38
|
|
|
Any application/server dependency mapping tool available? Ie. Diagram showing this web server talks to this Sql server cluster and also tells the uptike/availability.
|
|
#
?
Sep 11, 2019 03:01
|
|
|
Subject line related. I'm doing a report for a client that currently has a 2 x win2k12r2 server situation, but was migrated from SBS (I know this because I looked at GPOs and the SBS GPOs are there, but not linked to anything). It's a 20-person company with no IT staff. My questions: 1) Do they need to carpet bomb this domain? 2) If they do, why? 3) I'm kinda leaning for this size org just go full azure AD, workstation join that way, and screw the local domain. How do you feel about my feelings?
|
|
#
?
Sep 12, 2019 15:00
|
|
|
I've never done this, supported it, or been responsible for it, but I'm of the opinion now that for small companies of less than 50 or even 100 people there's really no reason to have a full blown domain anymore. I say this as a guy who makes a living supporting MSFT environments. YMMV, every situation is different, but with platforms like OneLogin, Okta, JumpCloud, Azure AD + EMS bolt ons, it doesn't make sense to have that sort of setup anymore. Especially with 99% of people already outsourcing email to a cloud provider. It makes MSP people really cranky when I say things like that, especially on reddit, but I just don't see the need. I'd take a step back, ask what the domain is actually doing for them? What does it cost to maintain? What would they lose by moving to a different platform? Is there a lot of on prem servers or file shares configured for the domain? Without knowing all the details I would lean towards blowing it up though, move everything to Azure AD, look at maybe some sort of MDM platform that suits their needs.
|
|
#
?
Sep 12, 2019 15:49
|
|
|
Is this where I ask about sharepoint? If not, please point me to the right thread, TIA. Also, I'm not in IT and this is just something that bothers me so I'm also happy to be pointed to a relevant kb article or something about my question if it's common. We have workflows set up to approve documents. After the workflow runs, it shows up as approved and the last modified is the person who uploaded the document. But after some time, the "approved" disappears (looks like the workflow never ran) and the modified changes to "System Account". What is up with that? Is that how it's supposed to be? Doesn't seem right to me..
|
|
#
?
Sep 12, 2019 16:15
|
|
|
What are the growth perspectives of that company? I'd rather start with a well organized AD and then have it when needed than going with some provisional solution and then having to domain join 1000 devices. Besides, I hate Azure AD as an actual AD, it's really unstable when linked with Windows 10, from my experience.
|
|
#
?
Sep 12, 2019 16:18
|
|
|
skipdogg posted:I've never done this, supported it, or been responsible for it, but I'm of the opinion now that for small companies of less than 50 or even 100 people there's really no reason to have a full blown domain anymore. I say this as a guy who makes a living supporting MSFT environments. I'm completely with you my friend, and I don't know why it makes MSPs cranky when their RMM can do all the gpo-like stuff anyway. I had to stop reading /r/msp and /r/sysadmin, I've googled enough powershell commands to feel like I can just live in /r/programmerhumor and pretend like I get the jokes
|
|
#
?
Sep 12, 2019 16:21
|
|
|
orange sky posted:Besides, I hate Azure AD as an actual AD, it's really unstable when linked with Windows 10, from my experience. Does unstable mean people can't log in to their workstation or does it mean policies don't get applied consistently
|
|
#
?
Sep 12, 2019 16:22
|
|
|
|
| # ? Apr 23, 2024 13:25 |
|
|
NevergirlsOFFICIAL posted:Does unstable mean people can't log in to their workstation or does it mean policies don't get applied consistently I've had passwords not sync when changed using W10, people locked out of workstations for no apparent reason, computers disconnecting from AAD (device no longer registered) misteriously... I might just be unlucky, I guess! I'm talking from a user perspective, for about 1 and a half years I haven't been administering Microsoft stuff. But yeah, the user's perspective is arguably the most important thing.
|
|
#
?
Sep 12, 2019 16:26
|
|