Building new domain controllers, whats stable?

I am replacing 2016 domain controllers. I built new 2025 ones, but that was a big pile of hot mess and disruption. Between them booting with their NLA showing public/private and not domain and Kerberos issues, they are useless. I thought it was just an update that caused the issues but here we are months later and they are still a problem. I isolated them in a non-existent site waiting for windows updates to fix the problems but that was just a waste of time, they need to go.

So, 2019? 2022? XP? NT? Whats stable and not just a production environment beta (....alpha) test?

https://redd.it/1o3f9xp
@r_systemadmin

I knew it was going to happen, but not this soon

I knew this day was coming, but not as soon as it did. This past Wednesday, there was an early meeting called by the IT Director of the US. I knew it wasn’t going to be good news. The announcement: all field IT in the US and abroad will be transitioned to a 3rd party by January 2026. Effectively eliminating 1000 + positions in the field and upper management. All deskside, networking, IT servicedesk, procurement, etc. That was a kick in gut. They offered a small severance package which is helpful, but still a shock. I’m now updating my resume on the hunt for the next gig. Wish my luck.

https://redd.it/1o3j0t7
@r_systemadmin

M365 Apps unexpectedly closing - PSA SOPHOS USERS!

Hi all,

Just wanted to share this in case it helps anyone else who’s been pulling their hair out over the same issue.

For months, I was dealing with a strange problem where Microsoft 365 apps (Word, Teams,Excel, New Outlook, Classic Outlook, etc.) would randomly close with no error message. It wasn’t a crash — the apps would just silently close while in use.

I tried everything:

Repairing Office (both Quick and Online repairs)
Reinstalling M365 completely
Updating Windows and Office to the latest builds
Disabling all add-ins
Checking Event Viewer (nothing useful)
Testing under different user profiles

Nothing worked — until I found the real culprit using Process Monitor: Sophos - Application Control.

We have an application policy set to allow apps, and in the Sophos Central portal everything looked fine — the apps show as allowed. However, on the affected machines I checked the following registry key:
Computer\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Sophos\\EndpointDefense\\PolicyConfiguration

REG_SZ: app_control_blocked_app_list

If that key contains a bunch of apps you never manually blocked, there’s your problem.

You can confirm by checking the Sophos Endpoint Defense log:

C:\\ProgramData\\Sophos\\Endpoint Defense\\Logs\\SSP.log

You’ll likely see entries like this which correspond with the time of your app closures:

A Cleanup: Process (random string) with Path C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe has ended.

Once I reset the policy, the reg key list cleared and all M365 apps started working normally again. This is the first week in months were my users have been crash free.

I've logged this issue with Sophos for diagnosis and I suggest you do the same.

Hopefully, this saves someone else hours (or days!) of frustration.

https://redd.it/1o3i03a
@r_systemadmin

Is transitioning to Edge worth the blowback?

I understand what the technical transition looks like, but I’m not looking forward to the pushback, ticket increase, and general griping when “take away Chrome.” Several people have told me that Edge doesn’t work, but can’t give me an example of why they think that.

For those have gone through it—do thr benefits outweigh the blowback?

Context: I’ve been leading IT at an SMB (~100 employees) for about a year now. Staff are generally great, but they HATE change. I’m working on tightening up our Microsoft environment so, for a variety of reasons, I think sense to move the org to Edge.

https://redd.it/1o3xes6
@r_systemadmin

Are these ISP internet prices in Vietnam normal?

Hey all - I’m helping set up ISP internet connection for a factory in Vietnam and the quotes we’re getting seem really high.

500 Mbps dedicated line: USD $51,000/year
100 Mbps dedicated line: USD $21,000/year

This is for a stable, business-grade connection (not shared), but still feels steep compared to other regions. Does anyone have experience with business internet pricing in Vietnam — are these numbers typical, or are we getting overcharged?

Thanks in advance for any insight!

https://redd.it/1o3u6by
@r_systemadmin

I don't want to do it

I know I'm a little late with this rant but...

We've been migrating most of our clients off of our Data Center because of "poor infrastructure handling" and "frequent outages" to Azure and m365 cause we did not want to deal with another DC.

Surprise surprise!!!! Azure was experiencing issues on Friday morning, and 365 was down later that same day.

I HAVE LIKE A MILLION MEETINGS ON MONDAY TO PRESENT A REPORT TO OUR CLIENTS AND EXPLAIN WHAT HAPPENED ON FRIDAY. HOW TF DO I EXPLAIN THAT AFTER THEY SPENT INSANE AMOUNTS ON MIGRATIONS TO REDUCE DOWN TIME AND ALL THA BULLSHIT TO JUST EXPERIENCE THIS SHIT SHOW ON FRIDAY.

Any antidepressants recommendations to enjoy with my Monday morning coffee?


https://redd.it/1o42j9x
@r_systemadmin

How would you handle this?

Hello Everyone, this may be off topic. But, keen to know how would you handle this kind of situation.

Background: I am responsible for managing a low code no code platform, especially governance and security. Placed the DLP policies. I do few consultation work but mainly on Admin Side.

Problem: My manager is seems too focused on innovation, and not much with governance or security. An example, is asking me to allow certain connector to be allowed in the blanket DLP policy. The blanket policy ensures most connectors are blocked to minimized data sharing risks.

I ended up doing it, instead of having users follow the right process of having their own environments and DLP.

Most recent, he asked a colleague to add a user to have access to our dedicated environment for our team, which all or most connectors are allowed. I had to reach out to the user and explained the need of dedicated DLP.

He’s more on development and automation side, and no Sysadmin.

I understand that discussing it, would be next options, and we did. But, I wonder, how come he ended up just letting a colleague add a user to that dedicated environment.

Open for any thoughts, and any possible long term approach to address this dynamics?

https://redd.it/1o41ceb
@r_systemadmin

Is Master image, Golden image, Winpe & Adk worth learning?

I just started my IT learning journey, I was wondering if any of these concepts are worth learning and are still used today?

https://redd.it/1o43eio
@r_systemadmin

Am I a system administrator or something else?

So I started originally as tech support for linux systems. Then learned Ansible and Bash to automate some tasks, learned more in depth linux and kernel, did documentation and release notes (lazy devs wouldn't make them so I just got fed up and started making it myself). Then started doing network and VPN configuration. Now I use APIs to integrate different platforms into a central system, setup promethus and grafana, make python noscripts to automate asset management using public endpoints and APIs.

Lately got my CCNA, AZ-900 and on track to get azure administrator next week.

Now I know noscripts are arbitrary and different companies have different ideas of what each noscript mean but I was just curious to see what others think? Do i fit into sysadmin or other roles and noscripts?

https://redd.it/1o47klc
@r_systemadmin

hi, where do I start!!

hey, so im a high school junior interested in IT. i want to be a systems administrator, cloud engineer or anything similar. as of right now, i'm pretty much stumped and i'm close to graduating soon too.

i originally wanted to be a software engineer, but it just wasnt for me, so i thought about systems admin and cloud computing.

i have a few questions im going to put below:
- how do I start? im just lost on where to begin, and need actual advice from someone who knows what they're doing
- is systems admin a solid job?
- do I need a degree? if so, which should I go for.
- is there anything else I should know?

anything is helpful, and thank you to anyone who took the time to answer!


https://redd.it/1o47by5
@r_systemadmin

Highest ROI Certs to Get? Studying while applying to places.

Just finished a BS in Cybersecurity. Currently have: A+, Net+, Sec+, CySA+, PenTest+
ISC2: SSCP Associate
Don't have experience and I know experience is king, but while I'm applying to places, I might as well work on something.
Career-wise, I want to work my way through help-desk, sysadmin and then maybe cloud computing down the road.

What are the best ROI certs for knowledge and resume?
Should I get CCNA, AWS SA, or a Microsoft cert?

https://redd.it/1o49kiv
@r_systemadmin

I was a dumb and naive contractor. I got my first "burn" out of it!

I am a 23 yr old ms365 admin consultant (contractor), and this was one of my first projects with live data and real users. I have the foresight now to realize I was not only very dumb but very naive, so lessons learned. I need the cold water splashed on me, maybe that'll whip me into shape or something. I am anonymizing the ppl and org bc its very easy to pin me down on this lmao

I need to vent and get some perspective. I just went through an insane week managing a client’s Microsoft 365 migration that turned into a full-blown corporate rescue mission. I feel betrayed and undervalued, but maybe I’m overreacting? Here’s the story.

Friday: Project Kickoff

· Received the project to migrate the KrustyKrab from a popular hosting company hosted Microsoft environment to a new, standalone tenant.

· The explicit goal: avoid data loss, especially emails and data.

· Immediately began work, spinning up the new tenant and identifying the critical first step: defederating the domain from hosting company

Saturday & Sunday:

· Worked through the weekend, attempting technical workarounds to advance the domain verification.

· Temporarily succeeded in populating users into the new tenant, proving the method was sound enough, it was exactly how I did the past migration jobs I did.

· Discovered that this hosting co's migration team does not work on weekends. All progress was automatically reverted by the hosting co's automated systems later that night.

· Realization: The project was already blocked by a third-party process outside of my control. No amount of weekend work could bypass this gatekeeper lmao

Monday: The Wait

· Formally engaged with hosting co's migration team now that it was a business day.

· The standard 5-7 business day waiting period for the domain release began, I let the owner know and got a go ahead.

Tuesday: The Catastrophe

· The client's domain and website expired mid-migration.

· The domain was snatched by a third-party, predatory domain host.

· I became the primary point of contact for the crisis, personally negotiating between the hosting co and the other company to recover the stolen digital asset. It dwindled down to HC says XYZ has it, XYZ says HC has it. I go back to HC and they're like "oh my bad ur right we have it after all, its only been x time so sure u can renew it, its gonna cost u $$$ to get it back tho"

· After intense back-and-forth, hosting co agreed to release the domain upon renewal.

· Late that night, I coordinated with the company owner to facilitate an emergency payment to renew the website domain.

· Simultaneously, I executed a Business Continuity Plan:

· Recognizing a multi-day outage was now inevitable, I used my own money ($65) to purchase a domain with the same name just different extension domain or something similar as an emergency lifeline and was told by cio that it will be reimbursed, i felt trust and did it because I didnt want downtime and needed to get things under control asap.

· I began comprehensive data preservation, exporting all user mailboxes to PST files and backing up company data to my local machine to create a guaranteed lifeboat.

Wednesday:

· I continued to work, building the temporary operational environment on the new different extension domain to ensure business continuity. all while waiting for the domain to come back to ownership but also get the ticket rolling again about a release.

Thursday:

· I built a fully functional, temporary IT environment in the new tenant to avoid downtime

· I created temporary user accounts, assigned M365 licenses, and manually restored all company email from the PST backups (which was painstaking and done one by one)

· Result: The company experienced ZERO data loss(!) and ZERO business downtime. They were fully operational on the temporary system until verification.

· I communicated clearly that this was a temporary phase. Historical Teams data would not return due to tenant limitations and we would need to get a 3rd party involved or manually

recreate things. but all current functionality was available.

· I managed user complaints and requests one-on-one, often resolving issues within the hour, including late-night and early-morning support.

Hiroshima.

· Despite the crisis aversion, the project lead began to receive complaints from A user about the nature of the system (e.g., minor user complaints about differences in the temporary system’s functionality, like meeting setups. [Literally the only complaint\])

· He publicly blamed me in the company group chat, harshly criticizing my work and suggesting that he would have recommended using a more simple manual way and that this method would have been better for DLP than having me do it

The Financials

· I invested heavy hours of intense labor (20+hrs), alongside a personal financial investment in the different extension domain. My pay rate is only mid 40-60/hr

· I was told by a friend in the field that the market value for this level of "crisis management" and migration is easily $5,000 - $10,000+.

· Out of goodwill for a really really good future opportunity that was being promised by the project lead (or rather dangled Infront of me), I initially proposed a fee of $565 which was a cap that was mentioned not for this particular project but in the ones previous (my other projects were with the same project lead) + the domain reimbursement.

· He never responded to that email, but had the time to just blast me in front of the clients. Still hasnt responded either.

I wanted to end this off by saying, the whole project deliverables were done only by me and without much support other than good ole google and sum elbow grease.

Splash the cold water on me and give me yalls thoughts, while I hate the public embarrassment, i need to learn what i need to do in the future so i dont do this stuff again.

Thank you

https://redd.it/1o4e84f
@r_systemadmin

New Oracle EBS vulnerability CVE-2025-61884

New Oracle EBS vulnerability CVE-2025-61884

Just released -> https://www.oracle.com/security-alerts/alert-cve-2025-61884.html

Affects the Runtime UI component of Oracle configurator.

Remotely exploitable without authentication


https://redd.it/1o4eupk
@r_systemadmin

Powertoys

I just found out about powertoys, why isn't this something thats talked about? Microsoft powertoys has so much funtion I wish I new about and features I've bought stand alone versions for personal use.

https://redd.it/1o4gijd
@r_systemadmin

Windows 11 multiple VLANs one NIC and the Microsoft Store

A while ago I switched my home network Unifi and created different VLANs including one for management purposes.

I want to be able to access the main "private" VLAN as well as that management VLAN from my PC while using one NIC.

As Intel stopped support for it's advanced network services for Windows 11 I used a Hyper-V switch and added the second VLAN that way (the "private" VLAN is the native one of the port switch so I only needed one additional VLAN):

New-VMSwitch -name VLAN-vSwitch -NetAdapterName '2,5Gb Ethernet' -AllowManagementOS $true
Add-VMNetworkAdapter -ManagementOS -Name "VLAN1234" -SwitchName "VLAN-vSwitch" -Passthru | Set-VMNetworkAdapterVlan -Access -VlanId 1234

This worked great but a while ago I noticed the Microsoft Store not working anymore (more precisely: not downloading updates).

After trying lots of troubleshooting methods (dism, sfc, wsreset, inplace upgrade, reinstalling the store...) without anything working I noticed that besides all updates showing "in queue" one would always say "waiting for wifi" and found this thread: https://learn.microsoft.com/en-us/answers/questions/2292159/windows-store-updates-hung-on-waiting-for-wi-fi-wh

After I removed the vSwitch the store worked again but that is only a temporary fix of course.

I have now added the switch again after the updates are done but I need a permanent fix.

Any ideas?

https://redd.it/1o4kmdl
@r_systemadmin

From Hybrid to full out RTO

Context: Medium sized business of 180 users, 17 locations spread across 3 different states. Two-man IT team me being one of them in the Sr. sys admin role. I report to an executive who is not an IT person so technically you could say I’m the highest IT leadership in the company. Im salary exempt and I put in usually 50-60 hours per week a lot of those hours being evenings and weekends. I have 13 years in this industry, 4 of them as a sys admin. 6 years with current company.

Our department already got the shaft from the get-go with remote work. We are allowed 1 single day at home, office the other 4 days. Permission is normally granted to WFH due to circumstances (sick, sick kid, had a system emergency at 2am, etc.) overall good flexibility. Other departments are WFH 3-4 days which is kinda shit but whatever.

Welp, upper management has decided to eliminate WFH all together and is now requiring all departments to RTO 5 days per week effective 11/1. They will still allow remote work for special circumstances. This came about due to all the folks who bitch that they are not able to work from home due to their role which simply couldn’t be possible so they have decided upon a one size fits all solution.

To the point: how are others handling this? Tell uppers to fuck off? Deal with it but make it as painful for them as possible such as no more evening and weekend work? Lol, just start patching servers at 9am.

I think brushing off my resume over remote work would be a bad choice in this market, but at the same time, we work our asses off to keep the systems running at all hours of the day. To say I’m a little disappointed would be an understatement. I’m deciding how to approach my boss about this.







https://redd.it/1o4l259
@r_systemadmin

Windows 11 Pro new computer will not complete setup

The page I'm on says Let's set things up for your work or school. When I use the work email address, that we've used for a hundred other machines without issue, it says:

>That username looks like it belongs to another organization. Try signing in again or start over with a different account.

I've tried other accounts, none work. This is Windows 11 PRO. I'd return the machine, but this sat too long and we are past the return window.

I've tried a full reinstall from scratch - same issue.

Some googling I've done suggests that this might be caused by the manufacturer using an original image that was tied to their intune account. I've tried contacting them but they've been useless.

Any ideas?

https://redd.it/1o4rgux
@r_systemadmin

PSA: Do NOT use Windows Server 2025 as the schema master before installing Exchange Server SE RTM

PSA: Do NOT use Windows Server 2025 as the schema master before installing Exchange Server SE RTM. The Windows Server team is working on a permanent fix for this issue (to be released in the following months). If you are already affected by this issue, contact Microsoft Support (Active Directory team) and they have a process to allow AD replication to work (but it might require manual schema editing).

https://techcommunity.microsoft.com/blog/exchange/active-directory-schema-extension-issue-if-you-use-a-windows-server-2025-schema-/4460459

\#WindowsServer2025 #MSExchangeSE #ADSchema

As cross posting is not allowed, I took this from r/exchangeserver

https://redd.it/1o4t4nv
@r_systemadmin

How do you assign M365 licenses when you have both active and inactive ones?

Our M365 licenses expired this week, and we now have a mix of old licenses, which still seem to work (at least I'm able to send/receive email), and a couple of new ones I bought. The problem is that they're shown together on the assign licenses page.

How do I know that an account has been assigned a new license when both old and new ones are listed together (the license count is old + new on this page)?

I've tried to reactivate the licenses, but this is greyed out in the admin panel and I've talked to MS support, but I'm not sure they understand the problem.

https://redd.it/1o4t6jq
@r_systemadmin

Mikrotik CRS312-4C+8XG-RM

I need to upgrade a few switches at several locations, what do you think about the Mikrotik CRS312-4C+8XG-RM - it's 8 ports 10G RJ45 Ethernet. Have you used this switch? Is there anything I should know about it?

https://mikrotik.com/product/crs312\_4c\_8xg\_rm#fndtn-specifications

https://redd.it/1o4vel5
@r_systemadmin