MSP recommended syncing entire AD org to Entra — we’re only syncing user OU. Thoughts?
Our MSP recently suggested we sync our entire on-prem AD organization to Microsoft Entra ID (via Azure AD Connect). Their reasoning was simplicity and future-proofing. But we’ve held off and are currently syncing only the OU that contains actual user accounts.
Here’s why:
• We use Exchange Online, so syncing mail-enabled users is necessary.
• We assign Microsoft 365 licenses, and syncing only the relevant OU keeps the licensing dashboard clean.
• We don’t want service accounts, disabled users, or legacy objects cluttering Entra or triggering compliance noise.
I get the appeal of full sync — no filtering, fewer surprises — but it feels messy and unnecessary for our setup. Especially when selective sync gives us more control and less overhead.
Curious how others are handling this. Are you syncing everything? Just users? Using group or attribute filtering? Any regrets or gotchas from going full sync?
https://redd.it/1okdl2d
@r_systemadmin
Our MSP recently suggested we sync our entire on-prem AD organization to Microsoft Entra ID (via Azure AD Connect). Their reasoning was simplicity and future-proofing. But we’ve held off and are currently syncing only the OU that contains actual user accounts.
Here’s why:
• We use Exchange Online, so syncing mail-enabled users is necessary.
• We assign Microsoft 365 licenses, and syncing only the relevant OU keeps the licensing dashboard clean.
• We don’t want service accounts, disabled users, or legacy objects cluttering Entra or triggering compliance noise.
I get the appeal of full sync — no filtering, fewer surprises — but it feels messy and unnecessary for our setup. Especially when selective sync gives us more control and less overhead.
Curious how others are handling this. Are you syncing everything? Just users? Using group or attribute filtering? Any regrets or gotchas from going full sync?
https://redd.it/1okdl2d
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Tired of SaaS subnoscription creep - what are you self-hosting?
We're spending like $3k/month on various SaaS tools and management wants to cut costs. What are the best self-hosted alternatives you've actually deployed in production? Particularly interested in project management and collaboration tools.
https://redd.it/1okip9o
@r_systemadmin
We're spending like $3k/month on various SaaS tools and management wants to cut costs. What are the best self-hosted alternatives you've actually deployed in production? Particularly interested in project management and collaboration tools.
https://redd.it/1okip9o
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Weekly 'I made a useful thing' Thread - October 31, 2025
There is a great deal of user-generated content out there, from noscripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from noscripts and software to tutorials and videos.
We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!
In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.
https://redd.it/1okqgh5
@r_systemadmin
There is a great deal of user-generated content out there, from noscripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from noscripts and software to tutorials and videos.
We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!
In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.
https://redd.it/1okqgh5
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
WSUS Replacement Needed! Domain-Joined Org with 1600+ Endpoints - What are you using for Windows Update Management?
Hey r/sysadmin,
We're an organization with a global footprint (1400 domain-joined computers across the world, and 200 servers in our virtual environment) and we've finally reached the point where we need to move on from WSUS. Its limitations, especially with remote/global endpoints and lack of seamless third-party patching, are becoming a major headache.
Our entire environment is still fully domain-joined (Active Directory), and while we are exploring options like Azure Arc for our servers (I posted separately on that), we need a comprehensive solution that handles both our servers and our 1400+ client computers globally.
We are looking for a robust, scalable solution to manage all Windows updates (OS and third-party) for our desktops/laptops and servers.
I'd love to hear what products your organizations are using as a modern replacement for WSUS. Specifically, we're focused on these key areas:
1. Product Suggestions: What are the absolute best products you've used for managing updates on a large scale for both Windows computers and servers? (e.g., NinjaOne, Automox, ManageEngine, Action1, Ivanti, etc.)
2. The Microsoft Path (Intune/MEM): Given that we are fully domain-joined, what is the recommended Intune pathway?
Is it Co-Management (SCCM/MECM + Intune) for a gradual migration?
Can we effectively manage all updates (including WaaS/WUfB) on our domain-joined clients via Hybrid Azure AD Join and Intune alone?
what is the cost to manage updates via Intune (License per user/computer)?
3. Deployment/Connectivity: How does the solution handle our global, remote workforce?
Is it a purely cloud-based agent that manages updates over the internet (no VPN needed)?
Does it still require a VPN connection to a central server/data center to pull or report on updates?
Does it use Peer-to-Peer (P2P) distribution (like Delivery Optimization) to save on bandwidth at remote sites?
4. Licensing/Cost: What is the typical cost model? Is it per-device/per-endpoint, or is it a flat fee/unlimited for domain-joined machines? (Our scale is about 1600 total devices).
Our goal is a product/approach that simplifies management, improves compliance, and effectively patches remote endpoints without needing them to be on the VPN.
Any and all suggestions, war stories, and advice on the best modern approach would be hugely appreciated!
Thanks in advance!
https://redd.it/1oki9cm
@r_systemadmin
Hey r/sysadmin,
We're an organization with a global footprint (1400 domain-joined computers across the world, and 200 servers in our virtual environment) and we've finally reached the point where we need to move on from WSUS. Its limitations, especially with remote/global endpoints and lack of seamless third-party patching, are becoming a major headache.
Our entire environment is still fully domain-joined (Active Directory), and while we are exploring options like Azure Arc for our servers (I posted separately on that), we need a comprehensive solution that handles both our servers and our 1400+ client computers globally.
We are looking for a robust, scalable solution to manage all Windows updates (OS and third-party) for our desktops/laptops and servers.
I'd love to hear what products your organizations are using as a modern replacement for WSUS. Specifically, we're focused on these key areas:
1. Product Suggestions: What are the absolute best products you've used for managing updates on a large scale for both Windows computers and servers? (e.g., NinjaOne, Automox, ManageEngine, Action1, Ivanti, etc.)
2. The Microsoft Path (Intune/MEM): Given that we are fully domain-joined, what is the recommended Intune pathway?
Is it Co-Management (SCCM/MECM + Intune) for a gradual migration?
Can we effectively manage all updates (including WaaS/WUfB) on our domain-joined clients via Hybrid Azure AD Join and Intune alone?
what is the cost to manage updates via Intune (License per user/computer)?
3. Deployment/Connectivity: How does the solution handle our global, remote workforce?
Is it a purely cloud-based agent that manages updates over the internet (no VPN needed)?
Does it still require a VPN connection to a central server/data center to pull or report on updates?
Does it use Peer-to-Peer (P2P) distribution (like Delivery Optimization) to save on bandwidth at remote sites?
4. Licensing/Cost: What is the typical cost model? Is it per-device/per-endpoint, or is it a flat fee/unlimited for domain-joined machines? (Our scale is about 1600 total devices).
Our goal is a product/approach that simplifies management, improves compliance, and effectively patches remote endpoints without needing them to be on the VPN.
Any and all suggestions, war stories, and advice on the best modern approach would be hugely appreciated!
Thanks in advance!
https://redd.it/1oki9cm
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Anyone else seeing this strange behavior on m365.cloud.micrsoft
We push a basic shortcut to desktop's that just links to the m365.cloud.microsoft site. Same place your sent if you hit the hamburger menu in your browser for app launcher. After the big MS outage we have been getting reports from users that when going to that shortcut now they can't find their icons which used to live under the "Get work done" heading. I get this same issue now as well. If I go to that site and click search in the top left and then immediately click apps again on bottom left it brings me right back to the same link however now the webpage will show the "get work done" section with all our apps. Tried in two different browsers etc.
https://redd.it/1oktwy5
@r_systemadmin
We push a basic shortcut to desktop's that just links to the m365.cloud.microsoft site. Same place your sent if you hit the hamburger menu in your browser for app launcher. After the big MS outage we have been getting reports from users that when going to that shortcut now they can't find their icons which used to live under the "Get work done" heading. I get this same issue now as well. If I go to that site and click search in the top left and then immediately click apps again on bottom left it brings me right back to the same link however now the webpage will show the "get work done" section with all our apps. Tried in two different browsers etc.
https://redd.it/1oktwy5
@r_systemadmin
m365.cloud.microsoft
Microsoft 365 Copilot – Your AI Assistant for Work and Life
Discover Microsoft 365 Copilot—your AI productivity assistant. Chat, search, create, and get started with AI-powered tools for work and home.
Chemical corrosion on network gear
We have an open wall rack with a couple of switches and a UPS in an area where chemicals for an olympic size pool are stored, and is also open to the pool which is up a set of stairs. It's humid and obviously the vapors from the chlorine are in the air. After a few months, switch contacts are green and corroded and the UPS chassis looks like it's been underwater for 100 years. Moving the rack is impractical right now, but is there any kind of enclosure or anything that can help protect against this kind of corrosion?
TL;DR: Hydrochloric acid, chlorine, humidity and a swimming pool are eating my network gear. Help!
https://redd.it/1okuh3k
@r_systemadmin
We have an open wall rack with a couple of switches and a UPS in an area where chemicals for an olympic size pool are stored, and is also open to the pool which is up a set of stairs. It's humid and obviously the vapors from the chlorine are in the air. After a few months, switch contacts are green and corroded and the UPS chassis looks like it's been underwater for 100 years. Moving the rack is impractical right now, but is there any kind of enclosure or anything that can help protect against this kind of corrosion?
TL;DR: Hydrochloric acid, chlorine, humidity and a swimming pool are eating my network gear. Help!
https://redd.it/1okuh3k
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Took my first contracting job as an IT specialist. Some things I learned.
Just reached launch day on my first contracted job. I just wanted to share some things I learned along the way. I’ve been mostly in “enterprise IT” for my career, so that's where my mindset was during this project. Which led to a lot of “over-configuring” for this use case.
A bit of background for me. I’ve been in IT for almost 3 years, I was a bit “late to the game” in terms of getting a career I like. I'm 28 and didn’t go to college for 4 years to do this stuff. Working on my bachelors now. I work full time for a company as an IT admin and have also been trying to network to get my own business off the ground. It took a year to get my first client. Anyway, onto the stuff.
Really evaluate if your client needs a server. My client was pretty insistent that he have one, but a Lenovo ST250 V2 may have been complete overkill. Luckily we were able to score it for $799 refurbished on new egg. We won’t be doing much local storage or VM’s, possibly it will only be running a print server DNS & DHCP and be a place where scans go on a network folder. I think we could have settled for something less to do that stuff.
Windows Server is A LOT for a small company. Completely ridiculous. High prices for the server software, Device CAD’s/User CAD’s. Not to mention, If you want to go the cloud route for active domain, you need intune licences assigned to each device. Which is also costly. I ended up going with Ubuntu Server. I’m completely new to Linux and only took it on because I did not know how my client would react to having to fork out thousands that wasn’t expected.
Configuring everything to have a network going without your client having a dedicated network is hard. I was hired on while my client was still in the transfer/waiting to signoff phase. I was building this new net while there was a business still in day to day operation. I had to use their network to set up a lot of things, but didn't want to touch setting up DNS, DHCP, VLAN or anything until I had a dedicated network. In all honesty, I wasn't sure what I would break.
Procurement is HARD. You really have to know what you're doing. I had been forward with my client about this topic before we began. I let him know this was my first time handling procurement, so it may get messy and there may be mistakes. We went through 4 rounds of procurement sheets before we had everything we needed. Silly things like servers don’t come with a GPU, we didn’t need one, but this was new information to me. SSDs for servers are strange, really make sure you get seating for memory that will fit snug in the bay. The server in particular we got has bays that are somewhere in between 3.5 and 5.25. To be honest, I still don’t know what I did wrong.
I focused way too hard on getting things done that I wanted to learn rather than what the client was focused on. I think that was a bad move. My client was mostly concerned about getting desktops, printer/scanners, phone systems, and a way for customers to pay with their chosen solution. I was focused on learning how to setup all the things I thought was cool, like the aforementioned DNS, DHCP, and VLAN stuff.
Porting numbers is also a complicated situation. At best porting numbers from a main provider to a SIP provider, at best could take up to 7-10 days. My client wanted to keep the phone numbers from the previous business. It was a scary situation, I didn’t want to port them too early, or else the business would lose their phones before transferring the business. I also didn't want to do it too late as I didn’t want my client to be without phones. We ended up starting the porting process a week prior to opening day, I setup their phone system using a bought test number assigned the dummy, not transferred yet, numbers to the rest of the phones. We decided to keep the previous business phone system in place for a few weeks until the port is complete. One day, hopefully, the new phones will just ring and work without issue.
Overall, this experience was
Just reached launch day on my first contracted job. I just wanted to share some things I learned along the way. I’ve been mostly in “enterprise IT” for my career, so that's where my mindset was during this project. Which led to a lot of “over-configuring” for this use case.
A bit of background for me. I’ve been in IT for almost 3 years, I was a bit “late to the game” in terms of getting a career I like. I'm 28 and didn’t go to college for 4 years to do this stuff. Working on my bachelors now. I work full time for a company as an IT admin and have also been trying to network to get my own business off the ground. It took a year to get my first client. Anyway, onto the stuff.
Really evaluate if your client needs a server. My client was pretty insistent that he have one, but a Lenovo ST250 V2 may have been complete overkill. Luckily we were able to score it for $799 refurbished on new egg. We won’t be doing much local storage or VM’s, possibly it will only be running a print server DNS & DHCP and be a place where scans go on a network folder. I think we could have settled for something less to do that stuff.
Windows Server is A LOT for a small company. Completely ridiculous. High prices for the server software, Device CAD’s/User CAD’s. Not to mention, If you want to go the cloud route for active domain, you need intune licences assigned to each device. Which is also costly. I ended up going with Ubuntu Server. I’m completely new to Linux and only took it on because I did not know how my client would react to having to fork out thousands that wasn’t expected.
Configuring everything to have a network going without your client having a dedicated network is hard. I was hired on while my client was still in the transfer/waiting to signoff phase. I was building this new net while there was a business still in day to day operation. I had to use their network to set up a lot of things, but didn't want to touch setting up DNS, DHCP, VLAN or anything until I had a dedicated network. In all honesty, I wasn't sure what I would break.
Procurement is HARD. You really have to know what you're doing. I had been forward with my client about this topic before we began. I let him know this was my first time handling procurement, so it may get messy and there may be mistakes. We went through 4 rounds of procurement sheets before we had everything we needed. Silly things like servers don’t come with a GPU, we didn’t need one, but this was new information to me. SSDs for servers are strange, really make sure you get seating for memory that will fit snug in the bay. The server in particular we got has bays that are somewhere in between 3.5 and 5.25. To be honest, I still don’t know what I did wrong.
I focused way too hard on getting things done that I wanted to learn rather than what the client was focused on. I think that was a bad move. My client was mostly concerned about getting desktops, printer/scanners, phone systems, and a way for customers to pay with their chosen solution. I was focused on learning how to setup all the things I thought was cool, like the aforementioned DNS, DHCP, and VLAN stuff.
Porting numbers is also a complicated situation. At best porting numbers from a main provider to a SIP provider, at best could take up to 7-10 days. My client wanted to keep the phone numbers from the previous business. It was a scary situation, I didn’t want to port them too early, or else the business would lose their phones before transferring the business. I also didn't want to do it too late as I didn’t want my client to be without phones. We ended up starting the porting process a week prior to opening day, I setup their phone system using a bought test number assigned the dummy, not transferred yet, numbers to the rest of the phones. We decided to keep the previous business phone system in place for a few weeks until the port is complete. One day, hopefully, the new phones will just ring and work without issue.
Overall, this experience was
incredibly insightful to how many layers and things to learn there are in IT. It was also super humbling, I thought I knew a lot going into this, but nearly every step of the way I ran into something I’ve never dealt with before. I was so happy when my client told me he was amazed at what I was able to get done in 3 weeks. He really is happy with what I was able to do and I wasn’t expecting that. I think a big takeaway from all of this for me is that you don’t have to be an expert to do this sort of stuff, experience is incredibly important and sometimes you just need to dive into an uncomfortable situation to start doing cool stuff.
https://redd.it/1okvym5
@r_systemadmin
https://redd.it/1okvym5
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Education IT is the worst
I just need a quick vent. IT in education are a complete shit show. I thought leaving from a high end corporation to a school would be better. Boy, was I fucking wrong. It’s more drama, more bullshit than anything I’ve been in. I somehow have multiple more jobs that have nothing with IT. Administrators and teachers act worse than stupid CEO’s. Less pay to deal with more bullshit. I would have never left corporate if I knew how worse education was. I’m looking to go back to corporate.
Edit: I am K-12. I left my previous job because I read work life balance was better but it’s not. An example of bullshit I had to deal with was I got called to come in the evening because the they couldn’t login to a computer because one of the users didn’t know her password and the mics weren’t working. Handling and scanning packages all day because they refuse to hire someone for this.
https://redd.it/1oky7j1
@r_systemadmin
I just need a quick vent. IT in education are a complete shit show. I thought leaving from a high end corporation to a school would be better. Boy, was I fucking wrong. It’s more drama, more bullshit than anything I’ve been in. I somehow have multiple more jobs that have nothing with IT. Administrators and teachers act worse than stupid CEO’s. Less pay to deal with more bullshit. I would have never left corporate if I knew how worse education was. I’m looking to go back to corporate.
Edit: I am K-12. I left my previous job because I read work life balance was better but it’s not. An example of bullshit I had to deal with was I got called to come in the evening because the they couldn’t login to a computer because one of the users didn’t know her password and the mics weren’t working. Handling and scanning packages all day because they refuse to hire someone for this.
https://redd.it/1oky7j1
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Relief after firing
Anyone struggle for so long to help a company improve on their processes - both internal and external, procedures - both internal & external, client relations, you’re considered to be the subject matter expert on things.
With all your knowledge you try to put to help improve a company, have you ever just felt utter relief after being fired?
I was just fired today, and instead of feeling dread about $$ or fear about bills, etc. I actually feel relief.
https://redd.it/1okzlom
@r_systemadmin
Anyone struggle for so long to help a company improve on their processes - both internal and external, procedures - both internal & external, client relations, you’re considered to be the subject matter expert on things.
With all your knowledge you try to put to help improve a company, have you ever just felt utter relief after being fired?
I was just fired today, and instead of feeling dread about $$ or fear about bills, etc. I actually feel relief.
https://redd.it/1okzlom
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
The pain of dealing with Dell Financial Services and they messed-up returns process
Hi fellow sysadmins,
maybe this is more a post for people in Germany/The EU, but I really wanted to find out if we are the only ones that this happens to.
We lease our devices for 3 years and without fault every single time after we've packed everything nicely and made sure all computers are clean (physically) and wiped/reinstalled, sent everything back on time, we are being told that devices were missing in our shipments. One time all of our docking stations were apparently gone (sent in the same box as the laptops....) this time we are apparently missing 74 of 89 devices. They were packed on two palettes, picked up by their own partner and arrival at the warehouse was confirmed to me.
I'm so over it, all the effort on our end to ensure that it doesn't happen again, and then it does still.
I have started taking several pictures of each shipment, from all angles so that we can prove we have packed the required amount of devices on the palette.
Either we are terribly unlucky or something is fishy either with their contractor Expeditors or whoever picked up the palettes from us. Is there someone here located in Germany or the EU who had experience with returning Dell leasing equipment?
I have a feeling that Expeditors doesn't employ the most trustworthy people, but DFS has so far also not proven themselves to be any better. They often didn't even inform us that devices were apparently missing and just continued the leases. I had to kick up a giant fuss at the start of the year because they confirmed they had closed the contracts but then didn't and kept on billing us for another year after (because it took them another 6 months for resolution after I contacted them about it).
We had switched to Lenovo in the meantime but for the last contract Dell's offer was unbeatable and now we are back with the devil.
I am exhausted.
https://redd.it/1okw5m5
@r_systemadmin
Hi fellow sysadmins,
maybe this is more a post for people in Germany/The EU, but I really wanted to find out if we are the only ones that this happens to.
We lease our devices for 3 years and without fault every single time after we've packed everything nicely and made sure all computers are clean (physically) and wiped/reinstalled, sent everything back on time, we are being told that devices were missing in our shipments. One time all of our docking stations were apparently gone (sent in the same box as the laptops....) this time we are apparently missing 74 of 89 devices. They were packed on two palettes, picked up by their own partner and arrival at the warehouse was confirmed to me.
I'm so over it, all the effort on our end to ensure that it doesn't happen again, and then it does still.
I have started taking several pictures of each shipment, from all angles so that we can prove we have packed the required amount of devices on the palette.
Either we are terribly unlucky or something is fishy either with their contractor Expeditors or whoever picked up the palettes from us. Is there someone here located in Germany or the EU who had experience with returning Dell leasing equipment?
I have a feeling that Expeditors doesn't employ the most trustworthy people, but DFS has so far also not proven themselves to be any better. They often didn't even inform us that devices were apparently missing and just continued the leases. I had to kick up a giant fuss at the start of the year because they confirmed they had closed the contracts but then didn't and kept on billing us for another year after (because it took them another 6 months for resolution after I contacted them about it).
We had switched to Lenovo in the meantime but for the last contract Dell's offer was unbeatable and now we are back with the devil.
I am exhausted.
https://redd.it/1okw5m5
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Did you know DattoAV uses the Avira AV engine?
Long story shortened, using Pihole(s) for DNS at a small business, I see a huge (20k+ in 24 hours) influx of new queries to an "v2.web-rep.auc.avira.com" domain. Thinking it's junk, I block as a scream test until I can research more.
Go to logs, just started within the last day, maybe that's good I found early enough on. Flush logs, review. Loads more coming in (blocked at this point).
I remote into a server that basically runs nothing, but reports this DNS record. I look at TCP connections in Resource Monitor, find "endpointprotection.exe" calling to a particular IP that matched the domain DNS is going to. Not familiar with that exe maybe it's bogus. Task Manager > find exe > right click open file location > C:\\\\\DattoAV folder.
Hopped on Copilot to find Datto does in fact utilize Avira engine. My guess is because of all the AWS and Azure issues, maybe redirected/pointed to this new Google-hosted site to keep AV up and running? Hopefully.
TL;DR found out Datto uses Avira through brief moments of panic that we're infected/hacked, blocked it all only to find is legit.
Not much else online about this so hopefully could help someone else? Certainly ate up my morning thinking I was about to have a long day/weekend!
https://redd.it/1okzphf
@r_systemadmin
Long story shortened, using Pihole(s) for DNS at a small business, I see a huge (20k+ in 24 hours) influx of new queries to an "v2.web-rep.auc.avira.com" domain. Thinking it's junk, I block as a scream test until I can research more.
Go to logs, just started within the last day, maybe that's good I found early enough on. Flush logs, review. Loads more coming in (blocked at this point).
I remote into a server that basically runs nothing, but reports this DNS record. I look at TCP connections in Resource Monitor, find "endpointprotection.exe" calling to a particular IP that matched the domain DNS is going to. Not familiar with that exe maybe it's bogus. Task Manager > find exe > right click open file location > C:\\\\\DattoAV folder.
Hopped on Copilot to find Datto does in fact utilize Avira engine. My guess is because of all the AWS and Azure issues, maybe redirected/pointed to this new Google-hosted site to keep AV up and running? Hopefully.
TL;DR found out Datto uses Avira through brief moments of panic that we're infected/hacked, blocked it all only to find is legit.
Not much else online about this so hopefully could help someone else? Certainly ate up my morning thinking I was about to have a long day/weekend!
https://redd.it/1okzphf
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
got furloughed today
financially. i’ll be ok but i feel betrayed, but should have seen the writing on the walls.
im grateful that i have this cushion to start taking care of myself. no more missing doctor appointments. no more giving up my morning workouts. no more dropping everything to work on some bullshit last minute request all fucking night for the same people who fucked me.
and time to look for a new job.
https://redd.it/1ol3tin
@r_systemadmin
financially. i’ll be ok but i feel betrayed, but should have seen the writing on the walls.
im grateful that i have this cushion to start taking care of myself. no more missing doctor appointments. no more giving up my morning workouts. no more dropping everything to work on some bullshit last minute request all fucking night for the same people who fucked me.
and time to look for a new job.
https://redd.it/1ol3tin
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
CDW wtf?
I made the mistake of buying hardware from CDW. I needed a replacement video card for my server and due to timing and availability had to go with the Nvidia RTX 4000 Ada. I bought it, received the card, and realized they had sent me the Nvidia RTX 4000 SFF Ada instead. They then refused to change it for the proper card, and instead updated their webpage to have it list the SFF's part number -- but the denoscription still shows it as the Nvidia RTX 4000 Ada.
My fault for buying from them again. Just posting here incase anyway plans to buy from them, double-check the exact part number beforehand and do not trust their listings. I have now checked several other products on their website and they consistently list similar products as being the same. The silly thing is that they often are products at or near the same price, which implies this is just sloppiness on their part more than malice.
https://redd.it/1ol6yoz
@r_systemadmin
I made the mistake of buying hardware from CDW. I needed a replacement video card for my server and due to timing and availability had to go with the Nvidia RTX 4000 Ada. I bought it, received the card, and realized they had sent me the Nvidia RTX 4000 SFF Ada instead. They then refused to change it for the proper card, and instead updated their webpage to have it list the SFF's part number -- but the denoscription still shows it as the Nvidia RTX 4000 Ada.
My fault for buying from them again. Just posting here incase anyway plans to buy from them, double-check the exact part number beforehand and do not trust their listings. I have now checked several other products on their website and they consistently list similar products as being the same. The silly thing is that they often are products at or near the same price, which implies this is just sloppiness on their part more than malice.
https://redd.it/1ol6yoz
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
security scanner flagged our staging database as critical vulnerability. its literally not accessible from internet
Got our quarterly security scan back. One of the critical findings was our inventory management API using basic auth flagged as publicly accessible.
Spent half a day proving it's behind our ALB and only accepts traffic from our order processing service. Traffic flow is: ALB → order service → inventory API. No ingress rules allow external traffic. Showed security the VPC config and security groups. They said it still needs fixing because the scanner marked it critical.
Now we're spending sprint time migrating to OAuth just to clear a false positive on a service that's never been reachable from outside our network.
The scanner has zero context about our actual setup. Can't see that inventory API only responds to requests from order service IP range. Just sees Authorization: Basic header and flags it as internet-exposed critical vulnerability.
We have about 30 findings like this. Payment webhook receiver flagged as public even though it only accepts Stripe IPs. Redis admin endpoint marked critical even though it's VPC-only. Dev RDS instances treated the same as production customer database.
Meanwhile actual issues like overly permissive S3 bucket policies are sitting at medium priority buried under all this noise.
Feels like we're optimizing for scanner compliance instead of actual security posture. Curious if there's a better approach to this that others have found.
https://redd.it/1ol70uk
@r_systemadmin
Got our quarterly security scan back. One of the critical findings was our inventory management API using basic auth flagged as publicly accessible.
Spent half a day proving it's behind our ALB and only accepts traffic from our order processing service. Traffic flow is: ALB → order service → inventory API. No ingress rules allow external traffic. Showed security the VPC config and security groups. They said it still needs fixing because the scanner marked it critical.
Now we're spending sprint time migrating to OAuth just to clear a false positive on a service that's never been reachable from outside our network.
The scanner has zero context about our actual setup. Can't see that inventory API only responds to requests from order service IP range. Just sees Authorization: Basic header and flags it as internet-exposed critical vulnerability.
We have about 30 findings like this. Payment webhook receiver flagged as public even though it only accepts Stripe IPs. Redis admin endpoint marked critical even though it's VPC-only. Dev RDS instances treated the same as production customer database.
Meanwhile actual issues like overly permissive S3 bucket policies are sitting at medium priority buried under all this noise.
Feels like we're optimizing for scanner compliance instead of actual security posture. Curious if there's a better approach to this that others have found.
https://redd.it/1ol70uk
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
What's your favorite post work activity to unwind/disconnect?
After a particularly long week of end users having an extra serving of anti critical thinking juice, I am exhausted. I don't want to hear the word Azure, I don't want to look at a computer.
However, I have started a project of building a rack mounted tube amp for my guitar. I have no idea if this will work the way I think it will. After feeling exhausted at the end of the work day I feel energized just trying to map it out, learning about how they work and finding parts. It's so refreshing working on a hobby/project with 0 worry and 100 curiousity.
What are ya'll doing this weekend to recharge/do that is not based in Microsoft or AWS?
https://redd.it/1ol7xw1
@r_systemadmin
After a particularly long week of end users having an extra serving of anti critical thinking juice, I am exhausted. I don't want to hear the word Azure, I don't want to look at a computer.
However, I have started a project of building a rack mounted tube amp for my guitar. I have no idea if this will work the way I think it will. After feeling exhausted at the end of the work day I feel energized just trying to map it out, learning about how they work and finding parts. It's so refreshing working on a hobby/project with 0 worry and 100 curiousity.
What are ya'll doing this weekend to recharge/do that is not based in Microsoft or AWS?
https://redd.it/1ol7xw1
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
If you are my coworker in IT, any Non-Critical troubleshooting calls stop at 4:30 on Fridays.
If you ask to have a troubleshooting call with me 4:30 on a Friday the Answer is No. You had all week or at minimum all day. Its one thing if its for a VP or if we were already on a call since 3:30 or 4. I'm not gonna cut you off at 4:30. But if its not a P1 or P2 and you just want to solve your curiosity about something, it can wait til Monday. Especially on Halloween night.
Had our security guy ask to have a call with me at 4:30 today, on Halloween night of all nights. I have a 2 year old who can't stay up past 8 and its dark by 7 anyways. That gave us like 1.5-2 hours at most to do any trick or treating with her.
So no I am not going to have a troubleshooting call with you when you had literally all week to have a call with me or at minimum anytime today before 4:30p.
/Rant
https://redd.it/1olbiye
@r_systemadmin
If you ask to have a troubleshooting call with me 4:30 on a Friday the Answer is No. You had all week or at minimum all day. Its one thing if its for a VP or if we were already on a call since 3:30 or 4. I'm not gonna cut you off at 4:30. But if its not a P1 or P2 and you just want to solve your curiosity about something, it can wait til Monday. Especially on Halloween night.
Had our security guy ask to have a call with me at 4:30 today, on Halloween night of all nights. I have a 2 year old who can't stay up past 8 and its dark by 7 anyways. That gave us like 1.5-2 hours at most to do any trick or treating with her.
So no I am not going to have a troubleshooting call with you when you had literally all week to have a call with me or at minimum anytime today before 4:30p.
/Rant
https://redd.it/1olbiye
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
OE: 2 IT Jobs
Been in IT for over 10 years now.
Just started my over-employed journey 2 months ago. Only IT person at both startups without MSPs.
Job 1: Hybrid / Senior IT Engineer
220 Users / 5 Countries
Job 2 / Hybrid / IT Manager
125 Users / 2 Countries
Similar stack in both:
Okta
Kandji
Google
Etc…
It’s been pretty great so far. I was able to revamp IT departments in both locations. Automation high and tickets low. Not for everyone but decided to share if you’re thinking about OE. Worth it.
https://redd.it/1olhlqx
@r_systemadmin
Been in IT for over 10 years now.
Just started my over-employed journey 2 months ago. Only IT person at both startups without MSPs.
Job 1: Hybrid / Senior IT Engineer
220 Users / 5 Countries
Job 2 / Hybrid / IT Manager
125 Users / 2 Countries
Similar stack in both:
Okta
Kandji
Etc…
It’s been pretty great so far. I was able to revamp IT departments in both locations. Automation high and tickets low. Not for everyone but decided to share if you’re thinking about OE. Worth it.
https://redd.it/1olhlqx
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Is the Australian IT market good for Systems Administrators?
Hey All !
I am from New Zealand and have roughly 15 years of experience in IT Systems Administration mainly within the Wintel space ( windows server, VMware, entra ID, AD ) you know the jazz.
The job market here is horrible and I was wondering how the Australian IT job market is ? Especially for Senior Systems Administrators ?
I have been unemployed for 6 months now !
https://redd.it/1ol9rsg
@r_systemadmin
Hey All !
I am from New Zealand and have roughly 15 years of experience in IT Systems Administration mainly within the Wintel space ( windows server, VMware, entra ID, AD ) you know the jazz.
The job market here is horrible and I was wondering how the Australian IT job market is ? Especially for Senior Systems Administrators ?
I have been unemployed for 6 months now !
https://redd.it/1ol9rsg
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
Azure Entra SOA Experiences
Hey all,
We’re looking at piloting Azure Entra’s new Source of Authority (SOA) conversion feature and wanted to hear from anyone who’s already tried it.
For those unfamiliar: it’s the feature that lets you transfer user/group management from on-prem AD to Entra ID without deleting and recreating objects.
It uses the isCloudManaged attribute to tell sync tools to stop syncing specific objects while maintaining identities and relationships.
Specifically curious about:
• How smooth was the actual conversion process? Any gotchas?
• Did you run into issues with on-prem app access after conversion?
• How are you handling Kerberos-based applications? (Application Proxy, Cloud Kerberos Trust, or something else?)
• Any problems with group provisioning back to AD after conversion?
• What’s your device situation? (Entra joined, hybrid joined, etc.)
• Would you recommend it, or are there hidden pain points Microsoft’s docs don’t cover?
Our situation:
We’ve got a hybrid environment with mix of cloud and on-prem apps. Considering starting with a specific OU that has fewer legacy dependencies, but want to understand what we’re getting into before committing.
Appreciate any insights - both positive experiences and horror stories welcome!
Also interested in hearing if anyone’s hit the universal group limitation or had issues with nested groups during conversion, or issues with legacy on-premises APPs.
https://redd.it/1oljgsg
@r_systemadmin
Hey all,
We’re looking at piloting Azure Entra’s new Source of Authority (SOA) conversion feature and wanted to hear from anyone who’s already tried it.
For those unfamiliar: it’s the feature that lets you transfer user/group management from on-prem AD to Entra ID without deleting and recreating objects.
It uses the isCloudManaged attribute to tell sync tools to stop syncing specific objects while maintaining identities and relationships.
Specifically curious about:
• How smooth was the actual conversion process? Any gotchas?
• Did you run into issues with on-prem app access after conversion?
• How are you handling Kerberos-based applications? (Application Proxy, Cloud Kerberos Trust, or something else?)
• Any problems with group provisioning back to AD after conversion?
• What’s your device situation? (Entra joined, hybrid joined, etc.)
• Would you recommend it, or are there hidden pain points Microsoft’s docs don’t cover?
Our situation:
We’ve got a hybrid environment with mix of cloud and on-prem apps. Considering starting with a specific OU that has fewer legacy dependencies, but want to understand what we’re getting into before committing.
Appreciate any insights - both positive experiences and horror stories welcome!
Also interested in hearing if anyone’s hit the universal group limitation or had issues with nested groups during conversion, or issues with legacy on-premises APPs.
https://redd.it/1oljgsg
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community
How do we hide wifi password - is there a GPO or registry entry or tenant setting or MDM setting (not intune) ?
WARNING... 'manage known' now has a very prominent "show" password button :( with a QR code even.
Cue the abuse from personal phones and tablets. At least it was hidden away before. Would like for the MDM delivered wifi profiles to not allow seeing the password so easily.
https://redd.it/1olhvs5
@r_systemadmin
WARNING... 'manage known' now has a very prominent "show" password button :( with a QR code even.
Cue the abuse from personal phones and tablets. At least it was hidden away before. Would like for the MDM delivered wifi profiles to not allow seeing the password so easily.
https://redd.it/1olhvs5
@r_systemadmin
Reddit
From the sysadmin community on Reddit
Explore this post and more from the sysadmin community