KQL between dates in purview

Might be better off in a Microsoft centric community but the knowledge here is pretty deep so I'm taking my changes.. Mods can remove if needed.

KQL is a somewhat logical language but when MS puts it's hands on it..
Nothing makes sense..

I need to run a query, both Purview and Defender between two dates..

So

where timestamp {TimeRange:start} AND {TimeRange:end}

would be logical but nooooo..

Any ideas?

https://redd.it/1q1t1hf
@r_systemadmin

Weekly 'I made a useful thing' Thread - January 02, 2026

There is a great deal of user-generated content out there, from noscripts and software to tutorials and videos, but we've generally tried to keep that off of the front page due to the volume and as a result of community feedback. There's also a great deal of content out there that violates our advertising/promotion rule, from noscripts and software to tutorials and videos.

We have received a number of requests for exemptions to the rule, and rather than allowing the front page to get consumed, we thought we'd try a weekly thread that allows for that kind of content. We don't have a catchy name for it yet, so please let us know if you have any ideas!

In this thread, feel free to show us your pet project, YouTube videos, blog posts, or whatever else you may have and share it with the community. Commercial advertisements, affiliate links, or links that appear to be monetization-grabs will still be removed.

https://redd.it/1q1utbi
@r_systemadmin

Anyone dealing with Start Search breaking on 24H2/25H2

Just curious on this. Fleet of approx 2k machines. All on 23H2 E, but started moving some to 24H2/25H2 E.

I've noticed that a few machines after upgrade, and even a few with a fresh image, have had the start menu search break.

It seems to be user profile specific, but I cannot for the life of me find a fix beyond re-imaging and hope it doesn't happen.

Even removing the user profiles from the device and re-adding them doesn't fix search for the specific users affected.

None of my 23H2 E installations are affected. All are domain joined locally.



https://redd.it/1q1vv1k
@r_systemadmin

Intel I210 NICs Completely Invisible on Supermicro Motherboard

I've just tried to install Proxmox on a new X11SCH-LN4F motherboard, and the network interfaces (Intel I210s) were unable to be found, and the installation failed as a result. It turns out they are completely invisible to the system. They are not listed under "Hardware" in the IPMI, and they do not show up after running `lspci`. I've tried updating the BIOS and trying the same thing on another OS by installing Debian 13. I got the same result each time, and now I have no idea what's going on.

How can I fix this? This is beyond frustrating, and I have never seen anything like this before. Has anyone had similar issues? I'd appreciate any help.

https://redd.it/1q1wo3p
@r_systemadmin

How much to be paid working emergency christmas day?

Hey all,

Got an emergency call and worked from noon Christmas day until 3am the 26th to deal with ransomware as the sysadmin. How much would you expect? Based in Midwest with a 1 year old and 4 year old while I was hosting.

Business has no real policy on what that type of pay is.

https://redd.it/1q1x712
@r_systemadmin

Scheduling Tasks and Linux

I’ve been doing this for quite some time now starting with VMS then various Unices such as Solaris, HP-UX, Tru64, Irix, and AIX. Then a mixture of Unix and Linux systems including BSD type systems such as OpenBSD and FreeBSD but mostly Red Hat and similar.

So I’m reasonably familiar with Cron.

Three jobs back was my first time in a strictly Linux environment. Still an Ubuntu and CentOS mixture (and my first official usage of Ubuntu). Previous job same thing. Current job all Ubuntu.

One difference with the current job though. The previous systems admin, who was a mixture of interesting stuff and WTF stuff (clearly not coming from an Operations type environment based on some of what he did), actually set up systemd timer tasks vs using cron.

Since there was no documentation when I got here, it’s taken several months before someone casually mentioned, “oh, the last guy set up a systemd task for this process” and I started poking around.

It’s basically a replacement for Cronjobs. This guy has a timer task that every 30 minutes runs a shell noscript. That’s all it does.

So of course, first off, create your bloody documentation or we’ll curse your name unto the 7th generation. And second, if you’re coming from Unix (or Linux if you’re used to Cron), do a check of /etc/systemd/system to see what extra bits are running.

Note to the mods, I see a Linux flair but not a Unix flair. Awwwww

https://redd.it/1q1yuy4
@r_systemadmin

CEO retired. How do you politely say "no" without burning a bridge?

The president/CEO of my company retired about 2 months ago. He's called me at least once a week since for help with his iPad, computer, personal email, etc. and now I feel like I might be personal tech support for life.

This guy founded the company I work for. His name is literally on the building. I feel like I owe the guy a lot. He's always been extremely appreciative of my work which I value more than almost anything else because it hasn't always been the case in my career. The business he built helped put a new truck in my driveway and food on my family's table for 5 years. He's approved multiple large raises and said "absolutely" without hesitation when I asked for a promotion. He's signed his name to hefty bonus checks every Christmas (some 5 figures). He's friends with all the other execs (some of whom I have done some side work for) and I will be seeing him at company social events for as long as I'm here.

Do I just bite the bullet, and accept that I'll have to help him with his shit occasionally? Or is there a point to set some boundaries? If so, how do I do so without offending him or burning any other bridges.

https://redd.it/1q207sq
@r_systemadmin

Is your AD Forest/Domain on Functional Level 2025?

If not do you have a plan to get there? Side-question, do you run Windows Server Core for AD functions?

I found it quite humerus that Azure Connect requires full GUI.

https://redd.it/1q1zs2g
@r_systemadmin

Canon multifunction unit - Scan to Email using OATH2 (Microsoft)

I'm looking at setting this up and so far am unable to do so.

The scanner will connect to smtp.office365.com over TLS and scan just fine. However, going through the instructions for setting up an enterprise app in 365 and then instructions for setting up the Canon gives me "Could not connect to the server" on the Canon.

Canon's documentation indicates to use the following URL:

In \[Microsoft Entra ID Authorization Server Endpoint\], enter the URL address of the authorization server.

https://login.microsoftonline.com/<tenant>/oath2/v2.0

In <tenant>, enter \[common\], \[consumers\], or \[organizations\] according to the usage environment of the machine.

This URL doesn't appear to be valid anymore from what I can see.

The address that the Microsoft documentation I was following was this:

https://login.microsoftonline.com/common/oath2/nativeclient

That's what I used for the redirect URI of the enterprise app, so that's what I put in the copier. However, I get the error that it can't connect to the server.

Is there a different server that's used for this than smtp.office365.com? Or is there something else that would be going wrong?

https://redd.it/1q239a2
@r_systemadmin

Dell R720, inaccessible boot device after maintenance

I recently did a maintenance to a dell r720 server. Everything went well, I applied new thermal paste to the cpu, cleaned fans etc and booted to windows without any issues. A week after the maintenance I found the server powered off (possibly due to power outage) and as I tried to boot into windows I received a bsod with stop code inaccessible boot device leading to the recovery environment after reboot.

It has an SSD raid 1 with two Samsung drives and an Hdd Raid 10 with 5 hard drives.

I have attempted the following to recover it but so far I had no luck:

1. Switched from AHCI to RAID under SATA settings in BIOS and back again

2. Confirmed UEFI boot setting

3. Replaced the CMOS battery

4. I ve run fixboot, rebuildbcd, recreated BCD from usb, DISM cleanup revertpendingactions, none of those worked

5. The raid configuration utility reports no issues and their state is optimal

I have an external drive with snapshots but I would like to avoid restoring as I am not entirely sure if it related to hardware or software.

Any suggestions?

https://redd.it/1q21b3z
@r_systemadmin

If you're asking for help, you need to make it easy to help you

If you're asking me for help, do the leg work to make completing your request easy. It's common decency and it's professional.

I can't imagine ever going to anyone for help and just dumping every aspect on that person. It's completely unprofessional. If I go to someone for help - I've gathered the information and done all pre-work so all the person I'm going to needs to do is their piece. They don't need to reach out to Johnny for information x, they don't need to coordinate y. I've already done those things.

An exec submitted a request on Christmas Eve just before I was logging off on two contractors' behalf and she needed it ready by the start of business on 1/1. I completed the request because the holiday shrunk everyone's availability and I wanted to pad time in case of anything unexpected.

I send this exec something they can literally copy and paste in an email to the contractors. It's two steps - Go here, then do y.

This exec responded today asking if I can meet with the contractors to go through the steps on Monday. Which annoyed me because it means she hadn't even emailed them yet and it's two steps. Send them the instructions I gave you, if they have questions or an issue, have them reach out... It's that easy. There's no need to schedule a meeting.

The kicker is - I agreed to meet with them on Monday and she immediately says, "Great, go ahead and schedule a meeting with them and coordinate all of the details."

These are your people and you're asking for my time... You coordinate the meeting, look at my calendar and put a time on there. Don't ask me to do every little aspect of this. Own your end...

And it's disrespectful to my time. Why did I make it a point to get it done on Christmas Eve if you weren't going to send out the information

In the end, I just emailed the contractors the instructions and told them to reach out with questions or issues and more information would come Monday on the remaining two pieces I cannot complete.

https://redd.it/1q26dkw
@r_systemadmin

Purchased a single Windows 10 Pro ESU License from CDW but can't see License. CDW says it's me.

I'm not an IT professional but I know enough to usually figure out what I need to do but I'm at a loss in this situation.

We have a Windows 10 Pro computer we want to provide ESU updates to. I created a O365 account and set up a free trial just to create the account because apparently I need an O365 to purchase a Windows 10 ESU license for a computer connected to a domain.

The CDW agent said he connected the license to my account but I can't see the license because I need to create a sub account that has access to view licensing because apparently even the admin account is blocked from seeing that? So I did that, I assigned all roles I could find related but I still can't see the license.

I came across this information while trying to figure out what to do,

"A partner or seller who assigns you a role during the contract creation process."

https://learn.microsoft.com/en-us/microsoft-365/commerce/licenses/manage-user-roles-vl?view=o365-worldwide

I'm at a loss at what to do, is it possible the CDW agent that has been helping me skipped a step in creating a role for me to view the license?

I have reached out to CDW several times and they say I need to set up an account to view the volume licensing but I'm at a loss.

Can someone with experience dealing with this tell me if I'm missing something or did CDW miss something?

https://redd.it/1q29ayn
@r_systemadmin

What’s going on with Fortinet lately? It feels like every week there’s another critical CVE..

Anyone else concerned about the recent Fortinet CVEs?

https://redd.it/1q2bl3r
@r_systemadmin

Is it Time to Move On, in Spite of This Job Market?

If the flair doesn’t fit, let me know and I’ll correct it.

FYI: I used AI to change the writing style of this post in the event one of my colleagues sees this. Call me paranoid I guess, but I'd rather not have to discuss this post with my HR department, as they come down pretty hard about this kind of stuff. Any comments I respond to will NOT use AI. Appreciate everyone's understanding.

TL;DR: workload and compensation feel misaligned. Trying to determine whether staying makes sense. If so, how do you cope with a difficult work environment until you find something better?

Hey r/sysadmin,

The last week forced some uncomfortable clarity for me. A long conversation with my partner surfaced how much my current role is bleeding into everything else: finances, mood, relationship stability, baseline stress. None of it in a good way.

I’ve been working in IT since 2022. Started in L1 support on a fixed contract, then moved into a helpdesk/junior admin position that was stable but stagnant—good people, no upward path. About two years ago I deliberately stepped down into a role below my skill level at a very large, well-known company just to get internal traction. That didn’t pan out, and between leadership decisions and a 1.5-hour commute, I exited. I landed in my current role just under a year ago, officially user support/junior admin.

The company is a remote-first startup based in a major HCOL/VHCOL tech city. We support somewhere in the 500–1000 user range, largely US-based with a meaningful overseas contingent and contractors. Intentionally vague for obvious reasons.

The IT team consists of three people, myself included. I’m paid a bit over $25/hour. I was hired fully remote, then moved to mandatory hybrid without any pay adjustment or commuter support.

Over roughly the last year and a half, I’ve effectively helped stand the department up from near zero. That has included vendor negotiations, covering management responsibilities when my boss is unavailable, building out an entire office solo on two weeks’ notice (including ISP selection and overseeing network installs), implementing a real ticketing system with defined SLAs, being functionally on-call without the noscript (including holidays), becoming the default networking/devops/noscripting resource on the team and the org-wide networking SME by default, and acting as the in-office escalation point for the executive team since my manager is out of state. There’s more, but that’s what comes immediately to mind.

The environment itself is rough. There’s no real MDM, imaging workflow, identity provider, or coherent security tooling. Hardware purchases skew cheap, which leads to repeated failures and constant frustration—ironically most visible with upper leadership. Joiners, movers, and leavers are entirely manual. Tooling decisions are driven almost exclusively by cost, not fitness or industry norms. My time is spent reacting, not building. Projects routinely stall because firefighting takes precedence, often triggered by leadership-side communication failures that we’ve flagged repeatedly.

Recently, management clarified that the promotion previously floated is effectively dead. The plan appears to be external hiring instead, with me expected to onboard that hire while continuing to support and train our third teammate. Without a promotion, the realistic upside is a sub-$1 COLA.

From a career perspective, my interest is Linux-heavy work—Linux engineering or DevOps. I’ve made informal connections with the DevOps group internally, but any structured shadowing or cross-training keeps getting deferred because daily outages and support issues take priority. At this point I’d even accept a conventional Windows admin role if it meant better pay and more actual technical ownership. Requests for on-the-clock upskilling time have been denied; I’ve been told learning needs to happen off-hours, with no funding support.

If I stayed long enough, there’s a nonzero chance of transitioning internally to DevOps—but only after IT

stabilizes. Realistically, that’s several years out. I’m already disengaged. Over the past month I’ve genuinely preferred the idea of warehouse work to logging in, but bills make that a non-option.

I tend to overinvest in work because I want to take pride in what I do. Historically that’s tipped into overwork. I’m actively pursuing therapy and other supports to bring stress back under control and, more importantly, repair the strain this job has put on my relationship. My partner has pointed out changes in me—more withdrawn, more tense, quicker to anger. They’re not wrong. I’ve mostly felt boxed in by the market, by rising costs, and by the perceived risk of leaving.

I am applying elsewhere, despite the current hiring climate and regional impact from tech layoffs.

For those who’ve been in a similar position—waiting on an exit with no clear timeline—what did you do to stay functional in the meantime?

Appreciate any perspective. This subreddit has quietly been one of the more useful anchors I’ve had while navigating this field.

https://redd.it/1q2e9kp
@r_systemadmin