Sysadmin

This is an automated archive.

The original was posted on /r/sysadmin by /u/ServiceFun7651 on 2024-01-23 13:17:07+00:00.

Hey everyone,

Could use some advice.

We are a small temp agency having 15 users. 8 months ago, I migrated from Simply to M365 for all our emails and have since then been onboarding users. I really enjoy Microsoft.

backstory: the company was run by blue-collars directors, who was great in their field, but have a very low understanding of IT.

Our COO has made a makeshift CRM in Google Sheets. It's great work (really impressive) but it's stored on a Google Drive he made with his company email. Now the whole company uses this Google Sheets system for everything: hour registration, sales calculations, and storing data.

We are growing fast, and the director is really concerned about GDPR and cyper-safety, and so am I.

My plan was to quickly fix this by buying G Suite licenses and migrating the Google Sheets system to that. Then we could control users, but I have a few concerns.

1. Can we even have both domains at the same time?
2. Dual licensing seems like a bad idea price-wise. If we are to be a big company with 500+ users, this could get really expensive.

Has anyone been in the same situation or have any idea on how to go about this?

Thanks in advance.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Mario_do_agreste on 2024-01-23 12:06:48+00:00.

Hello everyone! I live in Brazil, and I'm planning to move to Europe in the next few years. The IT market has a lot of facets; however, I don't know how I can use my experience abroad. In Brazil, governmental entities need to create a technical document to make acquisitions. That said, companies interested in selling their equipment need to "prove" that they are in accordance with the technical document and the equipment's technical guide. So, basically, I work in consulting, quoting, sizing data center equipment (storage, servers, switches, backup appliances, HCI, and so on), and analyzing their technical specifications. That said, I don't manage or implement anything; I'm more of a liaison between the sales sector and a "Datacenter architect." Any tips for jobs that require these skills and qualifications?

This is an automated archive.

The original was posted on /r/sysadmin by /u/SJPearson on 2024-01-23 11:53:53+00:00.

This seems like a simple question but I can't find a definitive answer, so I'm hoping someone can advise me!

I'm looking at a single domain, all on one site. 2 DC's both server 2016 build 1607, one is standard, the other is datacentre (not that this should make any difference.)

The sysvol replication has been migrated from FRS to DFSR.

The AD is syncing correctly but the login scripts (netlogon) are only syncing changes to existing scripts not any new scripts.

The DC's have the DFS replication tools installed but NOT the DFS replication role. The onsite IT pointed out that the migration instructions from FRS to DFSR do not mention that the role is required, whereas I would think it is a requirement.

There are no errors in any of the event logs, in dcdiag, in repadmin or in the DFS admin reports.

I've added a third DC, 2019 datacenter but that is showing the same effect.

Any ideas or suggestions would be welcome!

This is an automated archive.

The original was posted on /r/sysadmin by /u/Scary-Jury1059 on 2024-01-23 11:22:52+00:00.

“Whoever wrote this code clearly has no understanding of elementary mathematics or the most basic rules of programming."

Computer weekly

This is an automated archive.

The original was posted on /r/sysadmin by /u/-Kizoku- on 2024-01-22 21:10:27+00:00.

My boss and the team leaders want to have something like a LMS. We already have tried LMS365 but they want a free solution at best. And it is overpowered for our use-case.

It should be used for safety briefings, questions about it and a control if the users completed it. Each of those briefings should be assignable to users and controlled from the team leaders.

Is there any free solution you know of? Or is it best practice to build it in PowerApps, PowerAutomate and/or Sharepoint Site. I can‘t handle it timewise if i need to manage the whole thing every day since i am also responsible for all of our servers, networks and everything.

The system must handle 3-4 team leaders and around 50-70 users.

Maybe some of you had a similar problem and know something i dont. Thank you

This is an automated archive.

The original was posted on /r/sysadmin by /u/Mr_Cowley on 2024-01-22 20:31:15+00:00.

I work at an MSP it company, and we are going to be replacing our clients firewalls and the company they are with now (3rd party) won't give us any info so we can configure the firewalls according.

I am learning with our engineering team on how to configure firewalls and switchs and such. So I'm a bit of a noob and some of this stuff.

I don't know if there are any tools or general things to lookout for but I'm hoping you guys can help.

We can obviously due a basic setup but we're not sure of what things like, vlan, sdwan, ports, policies, or anything to lookout for aside from basics. We can get the public ips from the ISP but I think that's about it. We will be replacing their voip service as well so we know about that.

If my post seems utterly idiotic I apologize I'm doing some googling on top of this as well but just hoping to get a step up on this.

This is an automated archive.

The original was posted on /r/sysadmin by /u/flx on 2024-01-22 20:08:28+00:00.

Trying to find a solution for our org that doesn't require manually installing drivers. Looking for a true plug and plug Windows Hello compatible USB fingerprint reader.

This is an automated archive.

The original was posted on /r/sysadmin by /u/ifpfi on 2024-01-22 19:10:01+00:00.

We have been receiving spam for the last 2 months from domains that end in .onmicrosoft.com and I have been reporting these messages every way I know how. Now it has come to bite them back as I just checked the reputation of an IP address that just spammed us and it is a shared O365 address. This means users of O365 will have a hard time getting their mail through to everyone else. I even tried reporting the spam through the CERT tool and it came back with “This report could not be validated, no action was taken.” This is what you get Microsoft

Every day I am happier and happier I do not, and never will, use Office 365.

This is an automated archive.

The original was posted on /r/sysadmin by /u/WaZnoA on 2024-01-22 18:44:48+00:00.

Hello,

at home I have a crap ISP router, which has no ARP list. If i turn off my laptop, the router drop out the laptop IP address a few minutes later and it will be not turning on when I send a WOL packet.

I figured it out, when is sending a WOL packet with my phone to my local broadcast IP not the exact IP which the laptop has, the laptop is will be turning on.

My question is that is a problem? Does it pose a security risk? (No other PC-s turning on, the other computers do not have WOL turned on) I using it in my private home network, and my router has got no open ports.

This is an automated archive.

The original was posted on /r/sysadmin by /u/joshuamarius on 2024-01-22 18:17:27+00:00.

As I slowly climbed the ranks in IT I noticed we have the power to convince a lot of Business owners, managers and staff to be safer, more efficient, and even more environmentally friendly. We IT guys can also get into a lot of places that many people can't. We can make a tremendous impact on a company and a community. Some examples I have implemented:

1) Implemented WOL (Wake on LAN) for several companies. Noticeably reducing heat inside the office, as well as the power bill with computers no longer running evenings and weekends (Except for patches and weekly antivirus scan days).

2) Implemented WOI (Wake over Internet) for some remote users in a different company with very powerful (and power hungry) computers that were used for AutoCAD and Revit. Instead of traveling/commuting to work and leaving their PC on, they could just power it up remotely and work or obtain files they needed.

3) Installed Smart sensors, smart thermostats, smart cameras, encouraged having a recycling/shred bin, and implemented a completely paperless scheme for several medical offices.

4) Used my own research to specifically purchase equipment (monitors, cameras, laptops, access points, desktops, etc.) that use less power. Some of my research:

5. Recycle/Refurbishing old equipment. I donate these (after being thoroughly sanitized) to schools, churches, and non-profits. I also make sure all e-scrap from any company I service, ends up in the E-scrap recycling program in our county.

What custom/creative things have you guys done to help the environment?

This is an automated archive.

The original was posted on /r/sysadmin by /u/zero_cool09 on 2024-01-22 17:47:28+00:00.

Hi All, As stated, I'm looking to replace some cisco sg-300 52 port switches that are End of Life. I've had one requiring some reboots with flapping ports, causing some havoc and I've convinced the business to replace them. It seems the direct replacement suggestions are also out of date in cisco's findIT app. It seems like the CBS350-48FP-4X would be an appropriate replacement, I don't need 10G rj45's. Has anyone got any opinion on these? I've got 5 cisco switches that will need replacing, so ideally I'd be making them all the same units, just varying the number of ports needed.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Recent_Anywhere5851 on 2024-01-22 16:43:45+00:00.

Hello, I started a new wfh job recently (salaried), and there is an optional daily meeting scheduled for 8am (6am in my timezone). It just seems to be going over what we are currently working on, and small talk. Most of the team seems to attend these. My official hours are 9am - 5pm, so it is scheduled before I technically start. I am wondering if I should ask my manager to shift my schedule or not attend them. On one hand, this seems like a good meeting to communicate with the team, and I am afraid I won't be seen as a team player if I don't attend. On the other hand, 8 (6am in my time) is a little early for me and I am not sure how I will do waking up early enough for this. Should I just attend the meetings anyway? Ask for a schedule change? Or just don't attend and start at 9am?

This is an automated archive.

The original was posted on /r/sysadmin by /u/GrcivRed on 2024-01-22 16:32:57+00:00.

Hi, if I delete a domain account that I used to join computers and servers to the domain, will they be removed from the domain?

Thanks

This is an automated archive.

The original was posted on /r/sysadmin by /u/Sardonicus91 on 2024-01-22 16:16:22+00:00.

Hello Team,

I am near my expiry date for those 60 days of using Vmware but I still want to create a lab at home for studying some admin stuff, how certain servers work and just experimenting with virtual environments.

What sort of package or subscription would you recommend?

I'm not looking for anything fancy, but I would prefer to have a couple of endpoints and servers (as long as the free lincenses last) just to self-education and possible misery.

Thank you.

This is an automated archive.

The original was posted on /r/sysadmin by /u/KaishhLV on 2024-01-22 15:57:07+00:00.

Hello, Sysadmins

So I finally have joined the SysAdmin team as Junior!

I am still learning things, trying to follow "best practice" guidelines ect.

But today I got pretty interesting task from my boss.

So we have a lot of internal web sites/services that currently are working without any SSL certification. He asked me to find a way to create SSL certificates for each such site/service + renewal process should happen automatically.

One thing he said: Don't use Self Signed CERT.

Can you, please, give some advices what should I look for, what should I consider etc? Bring some light in the dark ?

Thank you, again!

And have nice day

This is an automated archive.

The original was posted on /r/sysadmin by /u/MathematicianDue4049 on 2024-01-22 14:03:04+00:00.

I have been dealing with a mostly Dell shop for 15 years. I am used to their poor ability to actually get the right parts to the right place in the suggested time frame. (4 Hour or Next Business Day). Lots of wrong parts etc. But this last support ticket has really got me questioning how Dell operates in 2024. I needed a PCIe riser and PCIe cables that go from the riser to the motherboard. Dell agreed and dispatched the parts on my R940xa $150K server for next business day delivery. Of course they same two days later and were the wrong parts (I got power cables). What is eating me is after another 2 hour call with support they can't seem to find the part number i need. They have been asking me to look at service manuals and circle the parts i need, which i did. I don't want to take the system offline to get the part numbers from the existing cables, and then again a few days later to replace them. They have been sending me e-bay listings for Dell parts asking my thoughts on the parts and if its what i need. They spent all of Saturday researching the part i need and their conclusion is i need a mini SAS cable. No i actually need the cables that carry the PCIe data from the motherboard to the PCIe Riser. My issue is PCIe, nothing else, not SAS not power, etc.

It just seems crazy to me that they have no inventory of what parts are for the\my system, or even a good inventory and photo gallery with detailed descriptions of every part number. How am i supposed to have confidence in a company that is sending me e-bay links asking me if this is my part and if i think it would work. This is no bash on the engineer on the phone, they apparently have to work with what ever Dell gives them or resort to e-bay, but come on.

This is an automated archive.

The original was posted on /r/sysadmin by /u/rudra_raw on 2024-01-22 13:51:53+00:00.

hello, i would like to experiment with public key infrastructure.

(as it would work in a company) like root certifiacte sub CA for each servcices (SSL, user auth, hardwere auth, etc...), sub sub CA and of course final certificates.

I'd also like to implement a certificate revocation mechanism (preferably OSCP).

I have a vague idea of how this could work, but I'm not sure I understand everything, especially what's good practice.

I'd like to understand what's involved in being a public certificate authority (PCA), and anything else I can learn about PCAs.

My goal here is to learn as much as I can so that I can sell myself at a job interview.

there's a lot of information on the net but nothing that's as detailed.

any information is useful to me. Even a link to an article

thank you in advance.

This is an automated archive.

The original was posted on /r/sysadmin by /u/Odd_Split_6858 on 2024-01-22 13:36:59+00:00.

Hey everyone, I'm a Linux engineer at a startup, currently stuck on a project that's likely to last for the next year and a half. Looking for advice on skill replenishment and additional tasks to enhance my expertise. Suggestions for becoming a top-notch system admin/dev ops engineer would be greatly appreciated. This post might benefit others in a similar situation. Thanks in advance

This is an automated archive.

The original was posted on /r/sysadmin by /u/GinjaAssassin on 2024-01-22 13:33:12+00:00.

Hey everyone,

I'm looking for some advice. I am 38 and I've been working as a Windows admin for the last 10 years (6 in desktop support and 4 as a server admin). Over the last year, I've started finding myself losing interest in my work and starting to drift around and look into other areas of expertise. Primarily, I've been looking more into Linux administration and getting out of Windows almost completely. The only real experience I have in Linux at this point is personal use and light server level work on a personal media server. My broadest question is, am I insane for wanting to completely pivot my career this aggressively, especially at my age? Has anyone else taken on this type of task? Any advise or insight would be greatly appreciated.

This is an automated archive.

The original was posted on /r/sysadmin by /u/oske2 on 2024-01-23 11:08:11+00:00.

I have an old connect server that has been changed to staging but has hybrid join and SCP configured for devices, due to networking complications I've created a new connect server which is working fine as the primary, I've configured hybrid join and SCP on it.

Now I'm going to decommission the old server, will hybrid join still work or will I have to clear the SCP from AD and reconfigure it again on the new serverr?

This is an automated archive.

The original was posted on /r/sysadmin by /u/CapableWay4518 on 2024-01-23 10:52:46+00:00.

Hey All,

Outside my usual scope of works here. Need some advice. We need to run multiple VGA cables for a SMT assembly line that has a 10m+ run to a monitor/s. there are about 6 servers. We have VGA to Ethernet, Ethernet to HDMI, HDMI to Monitor. 6x network cables for just video and another 6 for usb extensions. Very messy. Any suggestions to reduce or clean this install up?

Cheers!

Edit: we are already over budget so an expensive ATEN system will not save us.

This is an automated archive.

The original was posted on /r/sysadmin by /u/ProteusNexus on 2024-01-23 10:19:40+00:00.

Hi,

Just wondering if in WSUS I have to approve both patches for 21H2 and 22H2 (for instance) OS builds even if the hotfix number is the same. Both hotfix files are identical so the only difference is visible in WSUS. Wondering if the clients will report 21H2 and only 22H2 is approved, will they get the patch anyway?

Regards,

Prot

This is an automated archive.

The original was posted on /r/sysadmin by /u/Z3R06_ADM on 2024-01-23 10:17:12+00:00.

Dear Esteemed Colleagues,

I recently embarked on my journey as a Systems Administrator Apprentice within a multinational corporation. Our responsibilities span across a vast array of hardware (PCs, smartphones, printers, etc.) and user management.

I am in pursuit of enhancing and optimizing our IT infrastructure to its utmost potential. To achieve this, I seek your esteemed advice: What are the indispensable systems necessary for streamlining systems administration? I am particularly interested in solutions such as monitoring scripts, automation tools, or any comprehensive solutions that could elevate our current practices.

While we have already implemented various solutions and scripts, my ambition is to introduce additional innovations. This year, I have redesigned our monitor inventory management through a script that retrieves serial numbers. Moreover, I have thoroughly revised and improved our Windows patching methodology, which previously left much to be desired.

I eagerly await your insights and recommendations.

Best regards,

Iiza

This is an automated archive.

The original was posted on /r/sysadmin by /u/Comfortable_Onion318 on 2024-01-23 09:59:59+00:00.

Hello,

we have an application server running software that we use very much in our company and even customers use for different purposes. The ram usage of this server is constantly at 97% for 24h 7 days a week. Does this make sense from a technical standpoint...? If I would plan the integration of a system I would usually make sure that it has more than enough ressources that RAM Usage for example would be no more than 70% on average. This is how I "learned" it from school. Now this server is not hosted by us but by a cloudservice and the provided ressources are probably virtualized anyway but still, is this 'normal' or expected design?

I know this question sounds dumb and probably it's not how it should be, but maybe I'm just making a big deal out of it and that this is not as problematic as I make it out to be. But my goal would be to increase the ressources but also have a good reasoning or arguments for my employer to why I would want to do that. None of the other IT staff has ANY knowledge regarding this stuff.

This is an automated archive.

The original was posted on /r/sysadmin by /u/icechris on 2024-01-23 09:49:10+00:00.

We've recently set up SPF, DKIM and DMARC on our emails but we're experiencing issues with certain things failing.

We have Google Workspace with two domains linked (abc and xyz). Both domains have SPF, DKIM and DMARC set up on their relevant domains.

I tried testing them out using and the following seems to happen:

Email from abc passes all checks. This is the domain that is the primary on Workspace.

Email from xyz passes DKIM and DMARC but fails on SPF because it shows the abc domain instead.

Is this because it's using the primary domain for the SPF on both cases? As our primary domain is our older address while we generally use the xyz domain as our publicly advertised address.

We're getting lots of DMARC fails then flagged up on the analysis tool we have access to due to this.

Google advised updating the DMARC to include a dmarc-reports@domain in the rua field which I've added now but it is still showing as a failure on SPF within DMARC.

The analysis tool is showing the failures are predominately where Google is posing as us and sending emails like Google Groups and forwarding etc.

Abc:

Xyz:

Any ideas how we can solve this so we can move our DMARC to q or r instead of none?