|
Tab8715 posted:Curious, what's your plan attack? If you remake the OU with same name won't it still screw stuff up? Our guys seem to think that won't be the case. As for fixing it, we're seeing if Restore-ADObject would work, but no luck so far.
|
#
?
Feb 12, 2015 03:07
|
|
|
|
| # ? Jun 6, 2024 02:31 |
|
|
Priss In Plate posted:Our guys seem to think that won't be the case. AD objects get permissions assigned based on their SID, not their name. If I give Group1 read and write permissions to directory Test1, then delete Group1, then create a new group called Group1, when I examine the security properties of directory Test1, I will see an unknown SID, not the name Group1, and members of the new (and old) Group1 will no longer have access* to the directory Test1. You can fiddle around with the Name<->SID relationship in active directory restore mode, but holy hell you better know everything about everything if you are trying to fool around in there. Call Microsoft and pay them before taking any steps like this. *some people with cached kerberos tickets might get in? EoRaptor fucked around with this message at 03:16 on Feb 12, 2015 |
|
#
?
Feb 12, 2015 03:14
|
|
|
Che Delilas posted:Alternatively, do the mechanic/Mythbusters thing. "Well THERE'S yer PROBLEM." I got to say that today ! Ticket for a user who's MacBook wouldn't start up. I go out there, turns out he got a staple stuck in the MagSafe connector and the battery had run down (then he called in). Popped that sucker out and he's back in business.
|
|
#
?
Feb 12, 2015 03:29
|
|
|
anthonypants posted:Or Secret Server. I deployed Secret Server at my last work place and it's rad. My current one uses PasswordState which is also good.
|
|
#
?
Feb 12, 2015 03:33
|
|
|
ElGroucho posted:Does anybody have a neat trick to mask the disappointment in your voice when the user does something stupid? Empathize with the user. It is unlikely they will ever do something as stupid as an admin like adding the dl-all to the dl-hr group. Or just deleting a whole OU. Or making an exchange server a dc accidentally. Take it as an opportunity to practice an accent
|
|
#
?
Feb 12, 2015 03:54
|
|
|
EoRaptor posted:AD objects get permissions assigned based on their SID, not their name. We'll have to see what the client wants to do. If it was just one DC, I imagine we could just restore from a backup, but since we're dealing with three of them, plus an AD->O365 DirSync server, things are definitely a mess. 
|
|
#
?
Feb 12, 2015 03:57
|
|
|
Priss In Plate posted:A call came in. Would adrestore help even with the recycle bin disabled? https://technet.microsoft.com/en-us/sysinternals/bb963906.aspx
|
|
#
?
Feb 12, 2015 04:01
|
|
But, on the flip-side, O365 hasn't DirSync'd in 50 hours.
|
Microsoft actually made me money instead of losing it for a change. (Still waiting to break even on their stupid stock.) They released a broken patch, as they've done every month for 3 or 4 months. Got a side job for a failure to boot. System restore. Gib moni pls. Probably will just charge beer money for it. Priss In Plate posted:A call came in. Why do people even delete things from AD? My shop just disables and leaves them there AFAIK. skooma512 fucked around with this message at 07:06 on Feb 12, 2015 |
|
#
?
Feb 12, 2015 07:04
|
|
|
skooma512 posted:
No idea. Disable, see if anything breaks, give it some time, and clean it up later. This does require that you keep a list of what was disabled when, and when it should be deleted. Documentation is hard for some people.
|
|
#
?
Feb 12, 2015 07:29
|
|
|
ConfusedUs posted:No idea. Just run a report with the disable date, stuff it in excel, filter it, make a csv, feed it to a command line ad tool, profanity as it performs the equivalent of rm -rf on your directory.
|
|
#
?
Feb 12, 2015 08:38
|
|
|
A ticket came in... users are unable to click a particular link on a webpage. However it seems to work if you nudge the mouse around the link for a bit. I get a link to the page with the troublesome link, and can confirm there is something odd with it. So time to dig out the web developer tools. It turns out the link is packed into 4096 levels of nested <FONT> tags, all identical, which makes the browser choke. How do you manage to do that? It's Sharepoint, but it still shouldn't be that bad?!
|
|
#
?
Feb 12, 2015 11:27
|
|
|
nielsm posted:It's Sharepoint, but it still shouldn't be that bad?! Hahahahahaahahahahaha
|
|
#
?
Feb 12, 2015 12:58
|
|
|
nielsm posted:It's Sharepoint, but it still shouldn't be that bad?! Even Sharepoint sites implemented by people who are actually "good" at Sharepoint are incredibly awful.
|
|
#
?
Feb 12, 2015 13:19
|
|
|
I got a job this week! My first job ever! I'm usually a game dev but I needed money before I move and I ended up getting a 38hr a week systems engineer / web dev job! It's almost all using sharepoint  Luckily the people I work with seem to be incredibly good with sharepoint and everything I've seen so far works really well, even if it does take some wrangling to make
|
|
#
?
Feb 12, 2015 13:28
|
|
|
I had my first actual "printer on fire" error today. Somehow the printer managed to wrap a sheet around one of the rollers inside the fuser and not detect it as a jam, so it sat there getting nice and toasty until the paper started smouldering.  edit: 
Collateral Damage fucked around with this message at 21:08 on Feb 12, 2015 |
|
#
?
Feb 12, 2015 14:00
|
|
|
Collateral Damage posted:I had my first actual "printer on fire" error today. Somehow the printer managed to wrap a sheet around one of the rollers inside the fuser and not detect it as a jam, so it sat there getting nice and toasty until the paper started smouldering. You've seen the Sasquatch of the IT world, nice!
|
|
#
?
Feb 12, 2015 15:25
|
|
|
We're opening two stores soon and so me and another guy are at the sites doing initial set up. Except there's still no power, so everything is running on generators. I haven't done a single actual "setup" thing yet. At the other site they are similarly without power. He sent me this text this morning: "So I just got to the store about 10 minutes ago. Power company connected it up, but the electrician here hooked a tester to it and the tester blew up. It was set to 700v!" Cool. I got here Tuesday afternoon. I'm sitting in my car right now.
|
|
#
?
Feb 12, 2015 15:39
|
|
|
Ticket: Nothing is printing everything is broken please send help Resolution: Showed user how to change which printer she was using to print so it would show up on the printer in her office instead of the printer in the hallway. Oh boy.
|
|
#
?
Feb 12, 2015 16:11
|
|
|
Priss In Plate posted:Our guys seem to think that won't be the case. I would call Microsoft and just pay the small fee required for the help. It'll save you hours of headaches.
|
|
#
?
Feb 12, 2015 17:20
|
|
|
Swink posted:poo poo! Went to go do this and found that the AD Recycle Bin is a feature in 2008+. We're still on 2003.
|
|
#
?
Feb 12, 2015 19:55
|
|
|
2003 is EOL soon, so have fun with that.
|
|
#
?
Feb 12, 2015 19:58
|
|
|
Sirotan posted:Went to go do this and found that the AD Recycle Bin is a feature in 2008+. We're still on 2003.
|
|
#
?
Feb 12, 2015 19:58
|
|
|
ConfusedUs posted:I hope you realize that 2003 is officially dead, like XP, in just a couple months. I hope you got a plan in mind. Trust me, I am very much aware. It is delaying a whole slew of projects that I need to get done. It has officially been my boss' responsibility to get it taken care of, but in the last 6 months or so that he has worked on it, it hasn't happened. There's some kind of problem preventing us from doing the upgrade, we've shelled out money to MS already to fix it and were unsuccessful. I think he's just stalling for time now because we're looking at having to recreate the whole thing from the ground up.
|
|
#
?
Feb 12, 2015 20:03
|
|
|
A roof leak came in... Right on top of our primary server room and telco DEMARC points. The metric fucktons of snow plus periods of above/below freezing temperatures managed to open a roof seam and the roof wrap is now bulging like a water balloon. Racks, battery and equipment within the "splash zone" are now draped in tarps. One large tarp is diverting the leak into a 50 gallon barrel. This is not "other duties as required", goddamn it. :edit: Why wasn't a company called in to shovel the roof? I can't an$wer that que$tion.
|
|
#
?
Feb 12, 2015 20:07
|
|
|
Sirotan posted:Trust me, I am very much aware. It is delaying a whole slew of projects that I need to get done. It has officially been my boss' responsibility to get it taken care of, but in the last 6 months or so that he has worked on it, it hasn't happened. There's some kind of problem preventing us from doing the upgrade, we've shelled out money to MS already to fix it and were unsuccessful. I think he's just stalling for time now because we're looking at having to recreate the whole thing from the ground up. Well, if you need more ammunition link him the exploit that was found this week. Microsoft is not going to patch it on 2003.
|
|
#
?
Feb 12, 2015 20:09
|
|
|
I heard that, but this page suggests 2003 has been patched: https://technet.microsoft.com/library/security/MS15-010 Edit: We're talking about a different bug: https://technet.microsoft.com/en-us/library/security/ms15-011.aspx Thanks Ants fucked around with this message at 20:30 on Feb 12, 2015 |
|
#
?
Feb 12, 2015 20:26
|
|
|
A day from hell so far, full of printers (and some other poo poo). At least it's keeping me busy.
|
|
#
?
Feb 12, 2015 20:40
|
|
|
Lord Dudeguy posted:A roof leak came in...  A ceiling mounted chiller in the office sprung a leak on Monday. Nobody was in that room so it dumped the water loop's entire content onto the floor, where it soaked through and into the meeting room below (which was also empty but is right next to reception so they noticed).No direct IT equipment damage, but the three people who normally sit in the room had to be shoehorned into another office along with all their stuff while the landlord tears the floor up to inspect the damage.
|
|
#
?
Feb 12, 2015 21:07
|
|
|
Lord Dudeguy posted:A roof leak came in... Had a similar situation with a client across town, only this happened around beginning of fall and they're a hospital/clinic. Found out about a week before construction was going to happen that they'd be replacing windows, drywall, wiring and a bunch of other stuff in one of the offices because the windows weren't sealed properly and water had been leaking in for months. By the time they found the problem, they had wood rot, mold, and other problems and had to block off an entire area from the rest of the clinic to tear things down. I'm still battling issues here and there, first one was a wiring problem we found out after trying to reconnect all their network hardware, then the ISP made changes to their static IPs without telling us, and a bunch of other weird stuff. I'll most likely be making another trip either tomorrow or next week, since it turns out the people doing construction and replacing the windows didn't seal them right AGAIN, and after the last couple snowfalls we've got more water slowly trickling in... 
|
|
#
?
Feb 12, 2015 21:22
|
|
|
Weird scenario I want to run past you goons. I have 2 email accounts set up in my exchange. My IT Director account and my "Dispatcher" account. I was using a distribution group at first but I keep my phone on for Oncall and I don't want it going off after hours constantly. Exchange rules weren't working for me (especially when my computer would get shut down). So here I am in Exchange with 2 email accounts. It works out great, except when I respond to the dispatcher email it defaults to that account in the reply address. I don't want that. Is it possible to have both exchange accounts send out using my Main email account?
|
|
#
?
Feb 12, 2015 21:38
|
|
|
Hurray cryptowall! Hurray I've got good backups gently caress you russia/china. Get on my level. EDIT: Yes it is, don't access the 2nd account directly at all and just give yourself permissions/access to the mailbox. Set your default e-mail address in exchange mmc. I think.
|
|
#
?
Feb 12, 2015 21:52
|
|
|
Rhymenoserous posted:Hurray cryptowall! Hm, I'll try powershell to blast read permissions onto the mailbox.
|
|
#
?
Feb 12, 2015 22:02
|
|
|
m.hache posted:Weird scenario I want to run past you goons. Have you granted "Send as" permissions for the other account? It'll be one of the options on the right sidebar as you select the account, in the EMC GUI.
|
|
#
?
Feb 12, 2015 22:03
|
|
|
DrAlexanderTobacco posted:Have you granted "Send as" permissions for the other account? It'll be one of the options on the right sidebar as you select the account, in the EMC GUI. I have full access on the mailbox. The problem is I don't want to reply from that address. I want to be able to pick something from that mailbox and hit reply and it'll use my Main Exchange account address to send back out. Currently I have to change it in the FROM field. I just want it to default to my primary account.
|
|
#
?
Feb 12, 2015 22:15
|
|
|
I don't think there's anything you can do to prevent your phone responding using the email address assigned to the account that the mail was received into. You can grant your dispatcher account Send As permissions on your primary mailbox and then change the from address, but this will affect everything using that account.
|
|
#
?
Feb 12, 2015 22:16
|
|
|
m.hache posted:I would call Microsoft and just pay the small fee required for the help. It'll save you hours of headaches. We did give them a holler in the AM. We're going to work on getting the accounts restored but it's gonna be a while. Thankfully, DirSync mysteriously broke two days prior to this happening, which definitely saved us from a (more) huge headache.  We broke the affected accounts' link with AD so their logins are now solely managed by O365 until we/MS can get things proper fixed. All they have to do is log in with <NAME>@<COMPANY>.onmicrosoft.com instead. It's a minor hassle for them, but it's keeping the client happy. Great Orb! fucked around with this message at 00:42 on Feb 13, 2015 |
|
#
?
Feb 13, 2015 00:31
|
|
|
Took over a 12 user business because the owner thought he might have been getting ripped off by their previous IT guy. They spent 100k with him last year and are still running SBS 2003. Welp.
|
|
#
?
Feb 13, 2015 00:45
|
|
|
go3 posted:Took over a 12 user business because the owner thought he might have been getting ripped off by their previous IT guy. They spent 100k with him last year and are still running SBS 2003. Welp.  Bad enough to still be running SBS 2008, which one of my clients is, but really? REALLY? This is the problem when we try to make clients spend good money on IT, because there are so many charlatans out there that they think we're just trying to rip them off. Ugh.
|
|
#
?
Feb 13, 2015 01:34
|
|
|
A ticket came in to open 4 machines directly to the open internet. "What ports?" I ask. I think we all know the answer, "all of them." Two are Windows XP machines, one of them running a bleeding edge SP2 install. The other is the company's primary file storage (sitting on a Mac Mini). None have any software firewalls installed. 
|
|
#
?
Feb 13, 2015 06:25
|
|
|
|
| # ? Jun 6, 2024 02:31 |
|
|
FreshFeesh posted:A ticket came in to open 4 machines directly to the open internet. "What ports?" I ask. I think we all know the answer, "all of them." Is there somebody above that you can have review the request, and might understand why it's a bad idea?
|
|
#
?
Feb 13, 2015 06:30
|
|
