Planning replication between 4 DCs

Hy!

I have 4 DCs and I would like get answer for the correct replication path between the 4 DCs. There are 3 site:

\- HQ: DC1, DC2

\- DR: DC3

\- Branch: DC4

What is the best practise to create raplication connection under Sites and Services? Do I have to create connection object between all DCs? For example:

DC1 connection DC2, DC3, DC4

DC2 connection DC1, DC3, DC4

DC3 connection DC1, DC2, DC4

DC4 connection DC1, DC2, DC3

Thanks.

https://redd.it/1o233ky
@r_systemadmin

What is your biggest perk?

I’ll start. Free underground parking and free lunches.

https://redd.it/1o258z0
@r_systemadmin

Transitioning from WSUS to Azure Update Manager...

For those using Azure Update Manager (AUM) to update on-prem, domain-joined servers, are you still using WSUS in any capacity? We are testing AUM with some test servers and we removed our WSUS GPOs so they wouldn't conflict with AUM, but I'm wondering if we can still use WSUS to deliver any updates that AUM might not have. I don't know what those would be yet, but we do have PatchMyPC integrated with WSUS and that lets us update third-party apps, some of which are on servers.

https://redd.it/1o26uoi
@r_systemadmin

On-Prem Infrastructure admin noscript

So had an interesting question come up, and realized I don't know what the answer would be so I wanted to hit the community and see if there was a consensus.


What would we call the position when someone is a on-prem datacenter infrastructure architect/engineer? When you look for Infrastructure Engineers these days, a LOT of them are AWS/Azure/Cloud jockies who get lost the second you start talking about physical hardware. At the low end, you have smart hands who can work with physical hardware, but may not have the skillset needed to actually design and build out an efficient on-prem datacenter.

So when looking for one of these ellusive greybeard unicorn types (which can't really be unicorns, can they? everybody and their mother had a data center not too long ago before "the cloud" became the thing), How would you target your search to filter out the keyboard cloud jockies who haven't ever touched a physical switch/san/server? What job noscripts traditionally would be an indicator that they did this kind of role?



https://redd.it/1o285w5
@r_systemadmin

I have troubles explaining to people things that I'm working on when asked.

Hi guys! I'm struggling with something a little strange.

I have troubles explaining or talking about the technical details of things I'm working on. I can spend hours on a task or project. If someone asks me what I'm working on, I have difficulties with getting the words out.

This leads to some anxiety during standups and meetings. This is a more recent, I don't recall the issue being this bad earlier in my career.

I have a 10 month old so I was thinking maybe it was sleep, but I'm getting on average around 7 hours of sleep now, I haven't been able to excercise like I would like to, but I'm not sure how that would have any impact on this specifically.

Appreciate any help and suggestions.

https://redd.it/1o28hs6
@r_systemadmin

Windows 10 to 11 Update Rollback

Wanted to share since was pulling my hair on this for a little bit. We had a handful of computers that were failing updates from 10 to 11. We found it was related to the profile list in the registry having duplicate entries and or .old entires from techs rebuilding corrupt Windows Profiles.

HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList

Delete any subkeys where:

* ProfileImagePath points to C:\\Users\\<something>.old
* The folder doesn’t exist on disk
* Or two SIDs point to the same folder

After that the systems were updating to 11 fine.

https://redd.it/1o2ajzj
@r_systemadmin

Today, we made it. All 2003 of our W10 deployments are now on W11.

And my CEO will never understand the challenge of this. At least I don't need to worry about it anymore.

I'm not taking credit. My desktop support manager ran the whole damn project. All I did was audit, and provide my past experiences when requested. His bonus will be in the 5 figures this year, and all of his team will be very pleased with theirs as well. Pretty much all the sysadmins and I had to do was make sure the GPOs worked, fucking strangle "new outlook" to death, and deal with the back end crap that goes from on prem 2016 office licensing to m365.

I am so damn lucky, my team fucking rocks.

https://redd.it/1o2crbs
@r_systemadmin

microsoft issues 1:15pm CST?

Just checking in with the community if we're alone on this issue. midwest. outlook, teams, entra, admin, azure, all seem to be having issues.

anyone else?

https://redd.it/1o2djfi
@r_systemadmin

Microsoft Issue/Outage – Teams?

Getting really slow responses and timeouts for M365 – anyone else seeing this?

https://redd.it/1o2dx4p
@r_systemadmin

Azure Down

Is azure down for anyone else.

https://redd.it/1o2gws8
@r_systemadmin

More M365 woes. The admin panels this times it seems.

Getting authentication errors across multiple browser and tenants.

https://redd.it/1o2g63g
@r_systemadmin

Office 362

Really guys?

https://redd.it/1o2dw2t
@r_systemadmin

Microsoft down - Outlook.com and Office.com not working

Users are unable to open outlook.com or office.com.

Anyone else getting these issues?

https://redd.it/1o2dz83
@r_systemadmin

Signs of a doomed IT department?

So there Is this company that most of its senior developer have resigned. Now the entire IT department are run by juniors out of college. Tech lead has been in the company for 7-8 years but still came straight from college. Now a single engineer is doing a ML + CV and image processing project which has been delayed many times (initial pilot testing was supposed to be summer but as of now there is still no solid dates set. There are no documentation and people are loosing access to repositories because tech lead doesn't want them even if they are competent. The entire department is basically a boy band of people loyal to the tech lead.
Now I'm confused why upper management or the board is not doing anything about it. Everyone is complaining. There is a huge backlog of tasks. They don't respond to anyone and if they do it usually ends up in a screaming match. Why would they let this continue? Am I missing something?

Edit: tl;dr, IT department is run by juniors, with big ambitions with AI, ML but constant delays and upper management is not doing anything.

Edit: this is besides my own situation in the company or whether I should leave or stay. I'm just wondering why people would burn their money?

https://redd.it/1o2hw2k
@r_systemadmin

Why do users shutdown brain when dealing with IT matters?

I have many users especially the older and higher level manager that is completely IT illiterate. It's as they live their life avoiding anything IT.

For example, a simple error when they try to login to something that says invalid password (worded along a longer lines), they would call IT. it's like they would just not read when the message is 10 words long. Total shutdown reading and then call for help.

Another example, teaching them about the difference between Onedrive and SharePoint. Plain simple English with analogy to own cabinet and compare shared cabinets. Still don't get it. Or rather purpose shutdown.

Do you deal with such users and how do you handle them?

https://redd.it/1o2q35w
@r_systemadmin

Weekly 'I made a useful thing' Thread - October 10, 2025

There is a great deal of user-generated content out there, from noscripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from noscripts and software to tutorials and videos.

We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!

In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.

https://redd.it/1o2wr1x
@r_systemadmin

Second largest school district recommends weak password practices in policy document

My school district (LAUSD, 600K users) claims NIST 800-63B compliance but:

- Caps passwords at 24 chars (NIST: should allow 64+)
- Requires upper+lower+number+special (NIST: SHALL NOT impose composition rules)
- Blocks spaces (NIST: SHOULD accept spaces for passphrases)
- Forces privileged account rotation every 6 months (NIST: SHALL NOT require periodic changes)

What's even crazier is that the policy document says (direct quote)
" A passphrase is recommended when selecting a strong password. Passphrases can be created by picking a phrase and replacing some of the characters with other characters and capitalizations. For example, the phrase “Are you talking to me?!” can become “RuTALk1ng2me!!”

That's an insane recommendation.

There are some positive implemented policy: 15-char minimum, blocklists, no arbitrary rotation for general accounts

But as a whole, given we got hacked due to compromised credentials, it feels like we learned nothing. Am I just overreacting??

Context: I'm a teacher, not IT. Noticed this teaching a cybersecurity unit when a student brought up the LAUSD hack few years back and if we learned anything. We were all just horrified to see this is the post -hack suggestion. Tried raising concern with CISO but got ignored so I'm trying to raise awareness.

https://redd.it/1o2thka
@r_systemadmin

Microsoft intune network change December 2025

Hello, in case of some of you miss the info, microsoft will change networking connection to azure front door

more info here

https://techcommunity.microsoft.com/blog/intunecustomersuccess/support-tip-upcoming-microsoft-intune-network-changes/4452738

https://redd.it/1o2vhwv
@r_systemadmin

Password Policy Lockout Not Working - Hybrid joined users with Entra only devices

Our PCs and Users are hybrid-joined to our domain. We want to transition new devices to Entra ID only join and are working on our Autopilot/Device Configuration policies now.

A snag we have run into is how Entra-Only joined PCs handle Account Lockouts for Hybrid-Joined User accounts. Obviously, Entra-only joined devices cannot speak to the on proem domain controller without a VPN, so we need to be able to lockout the User account on the PC at the Windows Sign-In screen using Entra policies. We tried using the Password Protection policy in Entra; however, this policy appears to only apply to cloud-based sign in attempts. The Account Lockout Policy in Intune creates a local user account lockout policy that does not actually lock the Entra ID or tell the user their account is locked out. Forcing them to wait the entire lockout duration and the service team has no way of remote unlocking the local account. 

I can't imagine we are the only company that has Hybrid-Users and Entra-Only devices so I'm curious how others have tackled this problem to manage security and support for account lockout policies.




https://redd.it/1o32t1i
@r_systemadmin

Am I Getting Fucked Friday, October 10th 2025

Brought to you by r/sysadmin 'Trusted VAR': u/SquizzOC with Trusted Telecom Broker u/Each1Teach1x27 for Telecom and u/Necessary_Time in Canada

PMs are welcome to answer your questions any time, not just on Fridays.

This weekly thread is here for you to discuss vendor and carrier expectations, software questions, pricing, and quotes for network services, licensing, support, deployment, and hardware.  

Required Info for accurate answers:

* Part Number
* Manufacturer/vendor
* Service Type and Service Location
* Quantity (as applicable)

All questions are welcome regarding:

* Cloud Services - Security, configurations, deployment, management, consulting services, and migrations
* Server configs and quote answers
* Storage Vendor options, alternatives, details, and selection
* Software Licensing - This includes Microsoft CSPs
* Network infrastructure - overlay software, segmentation, routers, switches, load balancing, APs…
* Security - Access Management, firewalls, MFA, cloud DNS, layer 7 services, antivirus, email, DLP….
* User gear - Usually, you should buy the quote you have unless the quantity is +50 units
* POTS line replacements
* Single site and multi-location connectivity – Dedicated internet access, Broadband, 5G LTE, Satellite, dark fiber, Ethernet services
* Voice services- SIP, UCaaS,

https://redd.it/1o33jzi
@r_systemadmin

I Triggered a State Investigation into Microsoft (Update)

https://www.trevornestor.com/post/update-on-my-case-against-microsoft

A while back I posted my article regarding the internal problems at Microsoft, and my complaint about the company, and received a lot of support across platforms from those both still inside the company and outside of the company who have been impacted by Microsoft's recent culture and morale crisis amid widespread corruption, wrongful terminations, and layoffs at the company.

However, the Redmond and Sysadmin subreddits seemed... different. I'm not sure if there are bots astroturfing or what, but after my initial post due to the number of Microsoft supporters in these subreddits I decided to take it down. Well, I regret that and decided to post an update to double down instead.

For all of you sysadmins out there frustrated by Microsoft's nonfunctional support, I'm there with you.

https://redd.it/1o36jre
@r_systemadmin