Would you ask in a Sysadmin interview on how to create forests Trusts?
Ive seen people ask about what are forests, forests trusts, etc. But is this a common question?
https://redd.it/1ny229f
@r_systemadmin
Ive seen people ask about what are forests, forests trusts, etc. But is this a common question?
https://redd.it/1ny229f
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Next Steps after Endpoint Engineer
Hey everyone!
I’m looking for some advice from those who are or were Endpoint Engineers — where did you go from here?
A bit about me: I’ve been working as an Endpoint Engineer for about 4 years, with 10 total years in IT (starting at helpdesk and working my way up). I specialize in Microsoft Intune and SCCM, and we recently adopted the NinjaOne platform, which I’ve been exploring. I’m also the final escalation point for help desk and desktop support issues.
In my downtime, I create PowerShell automation noscripts to improve processes and remediate recurring issues. I’ve automated a lot of my day-to-day tasks already. With AI becoming more prominent, I’m trying to figure out the best next step in my career.
Any advice or insight would be greatly appreciated!
Thanks!
https://redd.it/1ny4cgv
@r_systemadmin
Hey everyone!
I’m looking for some advice from those who are or were Endpoint Engineers — where did you go from here?
A bit about me: I’ve been working as an Endpoint Engineer for about 4 years, with 10 total years in IT (starting at helpdesk and working my way up). I specialize in Microsoft Intune and SCCM, and we recently adopted the NinjaOne platform, which I’ve been exploring. I’m also the final escalation point for help desk and desktop support issues.
In my downtime, I create PowerShell automation noscripts to improve processes and remediate recurring issues. I’ve automated a lot of my day-to-day tasks already. With AI becoming more prominent, I’m trying to figure out the best next step in my career.
Any advice or insight would be greatly appreciated!
Thanks!
https://redd.it/1ny4cgv
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Any servicenow sys admins here?
My company is planning to get SN and I'm curious if it's worth actually learning on my free time or should I just learn as I go?
Do you guys have any SN sys admins and what does your day to day look like?
https://redd.it/1ny7z6c
@r_systemadmin
My company is planning to get SN and I'm curious if it's worth actually learning on my free time or should I just learn as I go?
Do you guys have any SN sys admins and what does your day to day look like?
https://redd.it/1ny7z6c
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
New job
Got a new job, about 3 weeks in right now, Microsoft environment (on prem & SCCM for management). Looking for advice and quick tips for software center (end user troubleshooting) and 24h2 upgrade troubleshooting to get this to function. I come from a heavy Apple background
https://redd.it/1nyariw
@r_systemadmin
Got a new job, about 3 weeks in right now, Microsoft environment (on prem & SCCM for management). Looking for advice and quick tips for software center (end user troubleshooting) and 24h2 upgrade troubleshooting to get this to function. I come from a heavy Apple background
https://redd.it/1nyariw
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Looking for advice on sourcing affordable or donated networking equipment for students
Hey everyone,
I’m a new networking instructor at a small school, and I’m trying to build up our lab so students can get hands-on experience. Unfortunately, our budget for hardware is pretty limited, and I want to give them more than just virtual labs.
I’m looking for suggestions on where to find used, surplus, or donated networking gear like old switches, routers, cables, or rack equipment that still has some life left in it. I’ve checked eBay and a few government surplus sites, but I figured this community might know of better options or organizations that help schools get equipment.
If anyone here has been in a similar situation or knows of companies or programs that support educational setups, I’d really appreciate any pointers.
Thanks in advance for taking the time to read this. I’m just trying to give my students the best chance to learn the practical side of networking.
- A hopeful instructor
https://redd.it/1nyarm9
@r_systemadmin
Hey everyone,
I’m a new networking instructor at a small school, and I’m trying to build up our lab so students can get hands-on experience. Unfortunately, our budget for hardware is pretty limited, and I want to give them more than just virtual labs.
I’m looking for suggestions on where to find used, surplus, or donated networking gear like old switches, routers, cables, or rack equipment that still has some life left in it. I’ve checked eBay and a few government surplus sites, but I figured this community might know of better options or organizations that help schools get equipment.
If anyone here has been in a similar situation or knows of companies or programs that support educational setups, I’d really appreciate any pointers.
Thanks in advance for taking the time to read this. I’m just trying to give my students the best chance to learn the practical side of networking.
- A hopeful instructor
https://redd.it/1nyarm9
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Windows 10 to 11 Upgrade via GPO
TLDR: Is it possible to upgrade from Windows 10 to 11 directly via GPO?
Hey all,
I'm currently working on getting our last few Windows 10 laptops in-place upgraded to 11 for some fully remote users.
Currently, we are asking users to perform the upgrade themselves, and with the exception of a few devices not being compatible, it's worked out alright.
To clarify, while we have a kinda sorta MDM, it doesn't perform OS upgrades. Neither do we have Intune or similar infrastructure/tools to automatically provide the updates. Additionally, we don't have a domain or any sort on on-prem resources that are traditionally found in a typical business environment.
While thinking about this further, especially since the deadline is fast approaching, I tried updating to 11 via GPO on a test machine and it seemed to work fine. Next I'll try remotely pushing the GPO via our ITAM system.
Has anyone else upgraded to 11 this way? Are there any gotchas that could prevent this from working?
https://redd.it/1nyeapk
@r_systemadmin
TLDR: Is it possible to upgrade from Windows 10 to 11 directly via GPO?
Hey all,
I'm currently working on getting our last few Windows 10 laptops in-place upgraded to 11 for some fully remote users.
Currently, we are asking users to perform the upgrade themselves, and with the exception of a few devices not being compatible, it's worked out alright.
To clarify, while we have a kinda sorta MDM, it doesn't perform OS upgrades. Neither do we have Intune or similar infrastructure/tools to automatically provide the updates. Additionally, we don't have a domain or any sort on on-prem resources that are traditionally found in a typical business environment.
While thinking about this further, especially since the deadline is fast approaching, I tried updating to 11 via GPO on a test machine and it seemed to work fine. Next I'll try remotely pushing the GPO via our ITAM system.
Has anyone else upgraded to 11 this way? Are there any gotchas that could prevent this from working?
https://redd.it/1nyeapk
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
a ticketing system that isn’t a pain to use daily
hi everyone, so every help desk tool I’ve tried feels like it was designed in 2005 and i am currently stuck between Jira Service Management and Freshservice, but both feel so bloated for what my team mates actually need. half my team just ends up DM’ing issues on slack anyway, and im over here trying to keep track of random tickets, half-filled forms, and email threads from 3 weeks ago haha💀
we are a mid-size team (around 300 ppl), so something super enterprisey is overkill, but I still need proper automation + integrations with our stack (Slack, Google Workspace, etc).
does anyone here actually likes their ITSM / internal help desk setup? also would love to hear what’s working for everyone who has one or if there’s a more modern tool I should check out thanks in advance peeps
https://redd.it/1nygtqq
@r_systemadmin
hi everyone, so every help desk tool I’ve tried feels like it was designed in 2005 and i am currently stuck between Jira Service Management and Freshservice, but both feel so bloated for what my team mates actually need. half my team just ends up DM’ing issues on slack anyway, and im over here trying to keep track of random tickets, half-filled forms, and email threads from 3 weeks ago haha💀
we are a mid-size team (around 300 ppl), so something super enterprisey is overkill, but I still need proper automation + integrations with our stack (Slack, Google Workspace, etc).
does anyone here actually likes their ITSM / internal help desk setup? also would love to hear what’s working for everyone who has one or if there’s a more modern tool I should check out thanks in advance peeps
https://redd.it/1nygtqq
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How does IT typically handle a mass layoff?
Few months ago we had a round of mass layoff that pretty much caught everyone by surprise. One random morning all of us got pulled into a pre-recorded “meeting” with the CEO, who announced the layoff. Immediately after the meeting everyone received an email which either says you’re fired or you’re not affected, and by the end of the day those laid off were already removed from all our systems.
According to some of my sources there’s gonna be another round of layoff coming very soon, and it kinda got me curious: From a sysadmin standpoint, how are mass layoffs (and subsequent mass offboarding) typically done and how much time is needed for the planning and coordination? Also are there any places where I can find “clues” about who’s affected (e.g., Active Directory, distribution groups, etc)?
https://redd.it/1nyhu8p
@r_systemadmin
Few months ago we had a round of mass layoff that pretty much caught everyone by surprise. One random morning all of us got pulled into a pre-recorded “meeting” with the CEO, who announced the layoff. Immediately after the meeting everyone received an email which either says you’re fired or you’re not affected, and by the end of the day those laid off were already removed from all our systems.
According to some of my sources there’s gonna be another round of layoff coming very soon, and it kinda got me curious: From a sysadmin standpoint, how are mass layoffs (and subsequent mass offboarding) typically done and how much time is needed for the planning and coordination? Also are there any places where I can find “clues” about who’s affected (e.g., Active Directory, distribution groups, etc)?
https://redd.it/1nyhu8p
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Oracle EBS CVE-2025-61882
Oracle sent an email a few hours ago about a new critical vulnerability in EBS that seems to be related to the Cl0p extortion emails. More info here -> https://www.oracle.com/security-alerts/alert-cve-2025-61882.html
https://redd.it/1nyk62q
@r_systemadmin
Oracle sent an email a few hours ago about a new critical vulnerability in EBS that seems to be related to the Cl0p extortion emails. More info here -> https://www.oracle.com/security-alerts/alert-cve-2025-61882.html
https://redd.it/1nyk62q
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Is KodeKloud platform worth it for the Cloud Engineer path, and If not, what are better alternatives and why?
Hey everyone, hope yall doing great.
I’m currently learning Cloud Engineering and have been considering KodeKloud to strengthen my hands-on skills, especially for AWS, Linux, Docker, and Terraform.
I’ve seen mixed opinions online — some say it’s amazing for labs and practical DevOps/cloud experience, while others suggest there are better (or cheaper) options out there.
So I wanted to ask those of you already working in cloud or DevOps roles:
* Is **KodeKloud** actually worth the subnoscription for someone on the **Cloud Engineer track**?
* If you’ve used it, what did you like or dislike about it?
* And if not KodeKloud, what other platforms would you recommend instead (like A Cloud Guru, Coursera, Skill Builder, or others) — and why?
I’m mainly focused on getting real hands-on experience and eventually landing a Cloud Engineer role, so any advice or personal experiences would be really helpful
Thanks in advance!
https://redd.it/1nyllml
@r_systemadmin
Hey everyone, hope yall doing great.
I’m currently learning Cloud Engineering and have been considering KodeKloud to strengthen my hands-on skills, especially for AWS, Linux, Docker, and Terraform.
I’ve seen mixed opinions online — some say it’s amazing for labs and practical DevOps/cloud experience, while others suggest there are better (or cheaper) options out there.
So I wanted to ask those of you already working in cloud or DevOps roles:
* Is **KodeKloud** actually worth the subnoscription for someone on the **Cloud Engineer track**?
* If you’ve used it, what did you like or dislike about it?
* And if not KodeKloud, what other platforms would you recommend instead (like A Cloud Guru, Coursera, Skill Builder, or others) — and why?
I’m mainly focused on getting real hands-on experience and eventually landing a Cloud Engineer role, so any advice or personal experiences would be really helpful
Thanks in advance!
https://redd.it/1nyllml
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
What do you consider normal SLA for a p1/p2 ticket ?
Do you consider same day (8 hours) solution for p1/ p2 tickets reasonable ? As production floor down or major systems not available .How do you usually track your tickets SLA and what do you do to improve them ?
https://redd.it/1nyouf9
@r_systemadmin
Do you consider same day (8 hours) solution for p1/ p2 tickets reasonable ? As production floor down or major systems not available .How do you usually track your tickets SLA and what do you do to improve them ?
https://redd.it/1nyouf9
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Any good events or meetups for sysadmins in Berlin?
I’ve been trying to find more local events for sysadmins and IT people. Always nice to exchange ideas with people who actually keep systems running :)
Only one I have seen so far is Infra Night Berlin mid of October.
https://redd.it/1nyqmcq
@r_systemadmin
I’ve been trying to find more local events for sysadmins and IT people. Always nice to exchange ideas with people who actually keep systems running :)
Only one I have seen so far is Infra Night Berlin mid of October.
https://redd.it/1nyqmcq
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Roll call - Windows 10 EOL
I run IT for a small (<100 person) org. With a week and change to go, here’s where we are:
- 50% of our machines are on Windows 11
- 20% of our machines are on Windows 10 but will (hopefully) be upgraded to 11 by Oct 14
- 20% can’t make the jump and will be replaced in the next week or so
- 10% can’t make the jump and will get ESU because they either (a) run well as is and this is a cost effective way to extend their life, or (b) are hooked up to ancient but critical hardware and it’s just easier to let those sleeping dogs lie
How are you doing?
https://redd.it/1nyrz0k
@r_systemadmin
I run IT for a small (<100 person) org. With a week and change to go, here’s where we are:
- 50% of our machines are on Windows 11
- 20% of our machines are on Windows 10 but will (hopefully) be upgraded to 11 by Oct 14
- 20% can’t make the jump and will be replaced in the next week or so
- 10% can’t make the jump and will get ESU because they either (a) run well as is and this is a cost effective way to extend their life, or (b) are hooked up to ancient but critical hardware and it’s just easier to let those sleeping dogs lie
How are you doing?
https://redd.it/1nyrz0k
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
PSA for non-profits: Windows 10 extended support is $2 for the first year on Tech Soup
This was discussed in the comments of another thread, but thought it deserved its own post.
Microsoft is not offering discounts on extended support for Windows 10, just a $61 fee through their volume licensing program that goes up in the second and third year. I just found, though, that Tech Soup has the licenses for $2/machine/year (going up to $3 and $5 in the second and third years). Not bad!
https://www.techsoup.org/products/windows-10-extended-security-updates-l-60323-
https://redd.it/1nyu08m
@r_systemadmin
This was discussed in the comments of another thread, but thought it deserved its own post.
Microsoft is not offering discounts on extended support for Windows 10, just a $61 fee through their volume licensing program that goes up in the second and third year. I just found, though, that Tech Soup has the licenses for $2/machine/year (going up to $3 and $5 in the second and third years). Not bad!
https://www.techsoup.org/products/windows-10-extended-security-updates-l-60323-
https://redd.it/1nyu08m
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Cleaning up a mess-where to begin?
Asking for a friend, I promise 😉
Context: outgoing CIO focused entirely on supporting staff using insanely complex, industry specific software while a lowly IT Director did sysadmin, helpdesk, cyber security, and damn near everything else. The IT Director is a hero, but spent years just trying to keep the place afloat. New CIO reached out for advice and… my head hurts.
Among the challenges:
- No role-based anything, everything done ad-hoc
- No documentation or written protocols for anything
- Rampant password and license sharing
- No updated list of machines
- SharePoint sight with twice as many sites as employees (when they migrated from on-prem, it looks like they created a site for every folder in their main directory)
- All SharePoint site access configured as-hoc
- Intune, Defender, etc never fully implemented, still on default/out-of-the-box configuration
- Global Admin access handed out like candy
- No realization that anything is wrong because, technically, “everything works”
Where would you start? Is there a framework to use for triage/prioritization in situations like this?
All advice (except where to look for a new job) is appreciated!
https://redd.it/1nysm9r
@r_systemadmin
Asking for a friend, I promise 😉
Context: outgoing CIO focused entirely on supporting staff using insanely complex, industry specific software while a lowly IT Director did sysadmin, helpdesk, cyber security, and damn near everything else. The IT Director is a hero, but spent years just trying to keep the place afloat. New CIO reached out for advice and… my head hurts.
Among the challenges:
- No role-based anything, everything done ad-hoc
- No documentation or written protocols for anything
- Rampant password and license sharing
- No updated list of machines
- SharePoint sight with twice as many sites as employees (when they migrated from on-prem, it looks like they created a site for every folder in their main directory)
- All SharePoint site access configured as-hoc
- Intune, Defender, etc never fully implemented, still on default/out-of-the-box configuration
- Global Admin access handed out like candy
- No realization that anything is wrong because, technically, “everything works”
Where would you start? Is there a framework to use for triage/prioritization in situations like this?
All advice (except where to look for a new job) is appreciated!
https://redd.it/1nysm9r
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
samba file server not working with short dns name
hello. i have 2 domains test.domain.com (AD) and test2.domain.com (samba AD DC) they have trusted relationshit
i had fileserver on windows server (joined test.domain.com and trying to migrate to debian (joined test2.domain.com) i succesfully configured all
i can connect to shares only using FQDN, and short name not working from both domains clients
\\\\srv-share.test2.domain.com\\ === works
\\\\srv-share === not works
dns suffix is configured
ip address the same and resolving correctly
date/time is ok
what should i do?
i can see in smbd.log
https://redd.it/1nytd64
@r_systemadmin
hello. i have 2 domains test.domain.com (AD) and test2.domain.com (samba AD DC) they have trusted relationshit
i had fileserver on windows server (joined test.domain.com and trying to migrate to debian (joined test2.domain.com) i succesfully configured all
i can connect to shares only using FQDN, and short name not working from both domains clients
\\\\srv-share.test2.domain.com\\ === works
\\\\srv-share === not works
dns suffix is configured
ip address the same and resolving correctly
date/time is ok
what should i do?
i can see in smbd.log
GENSEC backend 'fake_gssapi_krb5' registered[2025/10/05 21:20:00.483077, 1] ../../source3/librpc/crypto/gse.c:712(gse_get_server_auth_token)gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/srv-share@TEST.DOMAIN.COM(kvno 145) in keytab MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)][2025/10/05 21:20:00.483197, 1] ../../auth/gensec/spnego.c:1242(gensec_spnego_server_negTokenInit_step)gensec_spnego_server_negTokenInit_step: gse_krb5: parsing NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE[2025/10/05 21:20:00.483320, 3] ../../source3/smbd/smb2_server.c:3961(smbd_smb2_request_error_ex)https://redd.it/1nytd64
@r_systemadmin
What is better for mdm? Jamf or addigy?
Been watching videos on apple support to get a better idea since I never had to use mdm for apple . Not even in intune.
But I figured id ask this group sinxe some use either and would like some feedback.
https://redd.it/1nyuy29
@r_systemadmin
Been watching videos on apple support to get a better idea since I never had to use mdm for apple . Not even in intune.
But I figured id ask this group sinxe some use either and would like some feedback.
https://redd.it/1nyuy29
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Crestron UC system with no vendor documentation
We have a Crestron teams room setup installed by a vendor who has since closed down. It's a Crestron UC system with an OptiPlex 7080 as the MTR device, Crestron TS-1070, Crestron UC Soundbar and Crestron Touchpanel-770-T.
The password on the touch panel has been set to an unknown value and the default Admin password on the UC system has also been set to an unknown password.
Teams Pro Portal has recently started giving us warnings about low disk space, time sync issues and USB Peripheral Power Drains so I figured it's time I reset these units, enroll them into Intune and start managing them properly.
I know how to do a factory reset on the Touchpanel-770-T, for the UC system, can I boot that into Windows Recovery mode and do a software reset on that (and then configure and enroll in Autopilot)? Ideally I'd prefer to reload the OS from scratch but I don't have access to the Win 11 24H2 iOT ISO (working on it) so is this my only option?
https://redd.it/1nyz2v4
@r_systemadmin
We have a Crestron teams room setup installed by a vendor who has since closed down. It's a Crestron UC system with an OptiPlex 7080 as the MTR device, Crestron TS-1070, Crestron UC Soundbar and Crestron Touchpanel-770-T.
The password on the touch panel has been set to an unknown value and the default Admin password on the UC system has also been set to an unknown password.
Teams Pro Portal has recently started giving us warnings about low disk space, time sync issues and USB Peripheral Power Drains so I figured it's time I reset these units, enroll them into Intune and start managing them properly.
I know how to do a factory reset on the Touchpanel-770-T, for the UC system, can I boot that into Windows Recovery mode and do a software reset on that (and then configure and enroll in Autopilot)? Ideally I'd prefer to reload the OS from scratch but I don't have access to the Win 11 24H2 iOT ISO (working on it) so is this my only option?
https://redd.it/1nyz2v4
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Hostname conflict killed DNS/AD - Now the original IP Addr is unusable on the AD. Ideas?
tl;dr hostname conflict spanned across two FQDN's and now DNS breaks if the IP of the device that lost the hostname fight is in use.
Long story short I have been slowly picking apart a mess of a network and some fun nonsense happened this evening. We have $DC1.domain.com (DC1) and $DC2.domain.com (DC2)- both also acting as primary and secondary DNS. DCname1 suddenly stopped reporting to our antivirus dashboard and an uptime indicator. Got into it with vcenter thinking it was powered off. It was on. Ran dcdiag and found an alert that $IPaddr is preventing $dcname1 hostname from being claimed by this PC(DC1).
Tracked down that IP and it was not supposed to be connected - but located it, We have an older network on an isolated subnet that is also $DC1.differentdomain.com (DC3) and $DC2.differentdomain.com (DC4), and I knew this may bite us eventually but them being in different subnets in different buildings and different FQDNs, and domain.com only having servers that are static IP assignments I was sort of putting it off.
Fearing that $DC2 would do the same thing if it conflicted with $DC2 I quickly renamed the differentdomain DC's (3&4) using netdom and verified they stayed working.
Now back to the main domain, I rebooted DC1.domain and still no dice. It throws a tantrum with nbtstat but other devices now properly ping and it returns expected results with tracert. DNS is acting like it is still dead though, and all reporting tools that use hostname for identification report the server as offline. I really don't want touch anything else until Monday, but if I give DC1 a different static IP and reboot it, nbtstat works, and every hostname based dashboard shows the device as online again. If I put it back to its correct IP that it had before this mess started, everything breaks. I also re-registered the DNS on DC1 and still nop dice.
What am I missing here? Any ideas on google paths to go down on Monday?
https://redd.it/1nz1dt4
@r_systemadmin
tl;dr hostname conflict spanned across two FQDN's and now DNS breaks if the IP of the device that lost the hostname fight is in use.
Long story short I have been slowly picking apart a mess of a network and some fun nonsense happened this evening. We have $DC1.domain.com (DC1) and $DC2.domain.com (DC2)- both also acting as primary and secondary DNS. DCname1 suddenly stopped reporting to our antivirus dashboard and an uptime indicator. Got into it with vcenter thinking it was powered off. It was on. Ran dcdiag and found an alert that $IPaddr is preventing $dcname1 hostname from being claimed by this PC(DC1).
Tracked down that IP and it was not supposed to be connected - but located it, We have an older network on an isolated subnet that is also $DC1.differentdomain.com (DC3) and $DC2.differentdomain.com (DC4), and I knew this may bite us eventually but them being in different subnets in different buildings and different FQDNs, and domain.com only having servers that are static IP assignments I was sort of putting it off.
Fearing that $DC2 would do the same thing if it conflicted with $DC2 I quickly renamed the differentdomain DC's (3&4) using netdom and verified they stayed working.
Now back to the main domain, I rebooted DC1.domain and still no dice. It throws a tantrum with nbtstat but other devices now properly ping and it returns expected results with tracert. DNS is acting like it is still dead though, and all reporting tools that use hostname for identification report the server as offline. I really don't want touch anything else until Monday, but if I give DC1 a different static IP and reboot it, nbtstat works, and every hostname based dashboard shows the device as online again. If I put it back to its correct IP that it had before this mess started, everything breaks. I also re-registered the DNS on DC1 and still nop dice.
What am I missing here? Any ideas on google paths to go down on Monday?
https://redd.it/1nz1dt4
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Audit and revoke all existing accounts that currently have add/remove computer permission
Hey everyone,
I am looking for some advice on how to properly audit and lock down who can add or remove computers from an Active Directory domain. I want to make sure only a dedicated service account (used by MDT for workstation deployments) has the ability to join or remove machines, and that no other users or groups can do it. I’m mainly trying to figure out the best way to audit all existing accounts that currently have this permission, whether it’s through Group Policy (SeMachineAccountPrivilege) or delegated OU permissions for creating/deleting computer objects.
I’d also like to know how experienced sysadmins typically implement this restriction—should I rely entirely on GPO, or also check and remove any inherited or delegated ACEs in Active Directory? Basically, I want a clear and repeatable way to identify every account or group with join/remove rights and then enforce a least-privilege setup using MDT.
Any recommended noscripts, best practices, or methods to audit and tighten this would be greatly appreciated.
Thank you.
https://redd.it/1nz48ue
@r_systemadmin
Hey everyone,
I am looking for some advice on how to properly audit and lock down who can add or remove computers from an Active Directory domain. I want to make sure only a dedicated service account (used by MDT for workstation deployments) has the ability to join or remove machines, and that no other users or groups can do it. I’m mainly trying to figure out the best way to audit all existing accounts that currently have this permission, whether it’s through Group Policy (SeMachineAccountPrivilege) or delegated OU permissions for creating/deleting computer objects.
I’d also like to know how experienced sysadmins typically implement this restriction—should I rely entirely on GPO, or also check and remove any inherited or delegated ACEs in Active Directory? Basically, I want a clear and repeatable way to identify every account or group with join/remove rights and then enforce a least-privilege setup using MDT.
Any recommended noscripts, best practices, or methods to audit and tighten this would be greatly appreciated.
Thank you.
https://redd.it/1nz48ue
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Bob quit, now step up !
I can't be the only one in this situation.
Working for a very large IT firm for the past 20 years. Been doing all kind of things, but one thing is always the same.
When I transitioned into the storage team, there was Bob and a junior responsible for an extreme SAN, multiple PB serving thousands of servers,
I learn fast, and am quite good with IT in general, but I am no Bob, I can't be Bob, some people just have it all and no amount of studying will get you there.
Problem is, Bob quit, he will be leaving in 1 month.
I tell management, you have to find another Bob.
Their response is that there is no Bobs available in the market. We will promote a guy from servicedesk who is hungry to learn. You will now be Bob..
In my opinion that is a horrible choice, I do NOT have the knowledge to run this complex setup. Sure, I can probably keep it afloat but if A or B happens we are SOL and it will affect thousands of people and the money lost can't be counted.
What are the options, just move and hope the next place have a Bob ?
https://redd.it/1nz9vty
@r_systemadmin
I can't be the only one in this situation.
Working for a very large IT firm for the past 20 years. Been doing all kind of things, but one thing is always the same.
When I transitioned into the storage team, there was Bob and a junior responsible for an extreme SAN, multiple PB serving thousands of servers,
I learn fast, and am quite good with IT in general, but I am no Bob, I can't be Bob, some people just have it all and no amount of studying will get you there.
Problem is, Bob quit, he will be leaving in 1 month.
I tell management, you have to find another Bob.
Their response is that there is no Bobs available in the market. We will promote a guy from servicedesk who is hungry to learn. You will now be Bob..
In my opinion that is a horrible choice, I do NOT have the knowledge to run this complex setup. Sure, I can probably keep it afloat but if A or B happens we are SOL and it will affect thousands of people and the money lost can't be counted.
What are the options, just move and hope the next place have a Bob ?
https://redd.it/1nz9vty
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community