|
anthonypants posted:Sounds like Office 365 is a little out of your price range, then. We're a non-profit so MS gives us O365 licenses for next to nothing. In fact, we've been using O365 for a few years now. Like I said in a previous post, " Both olddomain.com and new domain.com are using using ADsync to both sync to the same O365 tenant, absolutely no on-premise Exchange servers are involved." Unfortunately, Skyclick/CodeTwo are not as generous with their licensing costs
|
# ? Sep 21, 2018 01:05 |
|
|
# ? May 30, 2024 13:33 |
|
"Currently the only way that this will work without outside resources to assist migrating is we can only migrate emails less than a year old" Don't break your back on a herculean task if they're giving you a wash mop. It's computers, who is going to doubt you? Especially in a non-profit.
incoherent fucked around with this message at 01:26 on Sep 21, 2018 |
# ? Sep 21, 2018 01:23 |
|
Nonprofit, 100 users? You should be able to get migrationwiz for three figures. Not the best but it's better than nothing. If your management purports to have a business need to retain mail longer than a year, they need to be able to back that claim up with <= $1k in migration fees. It's a merger, these cost money. Potato Salad fucked around with this message at 06:13 on Sep 21, 2018 |
# ? Sep 21, 2018 06:08 |
|
Middle of road: for most users, manually move only recent mail. Management instructs them to mail over any particularly important older poo poo by hand. Management can identify the few people who actually need all historical mail moved, saving you licensing for ButtKick/MigrationWont
|
# ? Sep 21, 2018 06:16 |
|
Potato Salad posted:Nonprofit, 100 users? You should be able to get migrationwiz for three figures. This is really the only answer I can think of that will prevent you from having a mental breakdown. One thing I should mention is that for those few people who have personal distros/contact groups in their accounts, MigrationWiz cannot migrate these. Everything else will move over. This has caused problems for me in the past
|
# ? Sep 21, 2018 13:27 |
|
Those users can spend a few minutes to hours moving 'em over by hand. "It's a merger; get over it people."
|
# ? Sep 22, 2018 02:21 |
|
I don't think we have an Ignite thread so I'll put this here. https://azure.microsoft.com/en-us/blog/microsoft-365-adds-modern-desktop-on-azure/ I've never been bothered enough to look at Citrix cloud, hopefully this is good. Have signed up for more information.
|
# ? Sep 24, 2018 19:44 |
|
Think I got about 6 new tshirts today thanks to the Ignite expo hall. And a bunch of socks.
|
# ? Sep 25, 2018 02:37 |
|
I grabbed 5 or 6 as well. No socks. I only got 2 in my size, I get the rest in small and my kid uses them to sleep in. One of her favorite sleep shirts is the last years Cisco/Azure shirt Ignite seems different this year. Smaller, fewer sessions. One thing is constant though, lunch is loving terrible. The bag is nice but I still prefer last years
|
# ? Sep 25, 2018 02:55 |
|
I like the smaller sessions! Azure AD will absolutely, positively not be doing client certs for more than a year. Two guys kept the party "it's just not on the roadmap", one hinted very strongly after a long talk "most if not all use cases I've seen are addressed with adfs and intune," so there's no clear driver putting it on the roadmap any time soon. To be fair, when you can drop cmsetup and client certs onto an endpoint over autopilot, yeah fine it'll work for most users, but goddamn I really could use a way for azure ad to see those certs. Potato Salad fucked around with this message at 23:39 on Sep 25, 2018 |
# ? Sep 25, 2018 23:33 |
|
Unrelated to Ignite but I am happy that Azure AD DS is planned to go multi-vnet rather than having to be peered (and hence fail when a region shits itself). One little step before rolling it out to more regions.
|
# ? Sep 26, 2018 01:10 |
|
Sirotan posted:Think I got about 6 new tshirts today thanks to the Ignite expo hall. And a bunch of socks. Socks seem to be all the rage as swag now. I was at AWS re:Invent last year and it seemed like drat near every booth was hawking socks. This crazy bastard got 35 different pairs. I think I'm OK with this. Most vendor t-shirts are so horrible I wouldn't wear them to the gym, let alone general day-to-day wear.
|
# ? Sep 26, 2018 19:00 |
|
Sirotan posted:Think I got about 6 new tshirts today thanks to the Ignite expo hall. And a bunch of socks. Who is giving out socks? I need to go hit up some sock vendors!
|
# ? Sep 26, 2018 20:57 |
|
Sooo... I stroll in to work to find out my underling tried to set a policy to expire spam more than 30 days old, except he accidentally applied it to everyone's inboxes, so all emails over 30 days old are now gone from 600+ users. We use Office 365 Exchange Online exclusively, no on-prem server, and we can see the deleted emails in the Second Stage Recycle Bin... anyone have an idea how to do a Powershell that can just recover everything in every second-stage bin for every user? Because O365 support ain't cutting it.
|
# ? Sep 26, 2018 23:49 |
|
Your underling is going to be doing PST exports and merges for 600 users
|
# ? Sep 27, 2018 00:16 |
|
Thanks Ants posted:Your underling is going to be doing PST exports and merges for 600 users Ha, I wish, but his lucky rear end got a Powershell script working with a CSV, it is recovering emails back to the proper folders. Only problem now is that it takes ~20 minutes per user, and Microsoft allegedly limits an organization to 3 simultaneous sessions, to protect against DDOS (according to them, though I'm sure it's more about saving costs on CPU burst). So now we're splitting the CSV into 3 and running it in 3 different sessions.
|
# ? Sep 27, 2018 00:34 |
|
Potato Salad posted:I like the smaller sessions! What exactly do you mean by client certificates?
|
# ? Sep 27, 2018 00:55 |
|
Zero VGS posted:Ha, I wish, but his lucky rear end got a Powershell script working with a CSV, it is recovering emails back to the proper folders. Only problem now is that it takes ~20 minutes per user, and Microsoft allegedly limits an organization to 3 simultaneous sessions, to protect against DDOS (according to them, though I'm sure it's more about saving costs on CPU burst). So now we're splitting the CSV into 3 and running it in 3 different sessions. I would love to see this script, if you wouldn't mind. It could come in handy one day
|
# ? Sep 27, 2018 01:05 |
|
Tab8715 posted:What exactly do you mean by client certificates?
|
# ? Sep 27, 2018 01:05 |
|
snackcakes posted:I would love to see this script, if you wouldn't mind. It could come in handy one day Sure, here ya go code:
code:
Zero VGS fucked around with this message at 02:11 on Sep 27, 2018 |
# ? Sep 27, 2018 02:00 |
|
Tab8715 posted:What exactly do you mean by client certificates? A verification stamp for your laptop. It's a common way to do multifactor authentication without bugging the user over and over for their Google Authenticator / Microsoft Authenticator / DUO / Centrify / Yubikey token
|
# ? Sep 27, 2018 02:18 |
|
anthonypants posted:It's like a password, but different. So... It's a local certificate on the computer account that lets login into said domain but you still need to hit this with ADFS or a Domain Controller. Azure AD doesn't replace either.
|
# ? Sep 27, 2018 02:19 |
|
Zero VGS posted:Sure, here ya go That is much easier than I reckoned it would be thank you
|
# ? Sep 27, 2018 03:07 |
|
Tab8715 posted:So...
|
# ? Sep 27, 2018 04:36 |
|
snackcakes posted:That is much easier than I reckoned it would be thank you Yeah same, had no idea about Restore-RecoverableItems This covers it more: https://www.undocumented-features.com/2018/04/23/using-restore-recoverableitems-or-how-i-saved-my-own-bacon/ Your guy is incredibly lucky that this feature seems to have been added in the past six months.
|
# ? Sep 27, 2018 13:53 |
|
Thanks Ants posted:Yeah same, had no idea about Restore-RecoverableItems Yeah, even Office 365 support was telling him to download several terabytes of PSTs and put emails back in by hand until I explained to them that's loving ridiculous, and pressed them to ask people who knew Powershell. He's also lucky because I'm a nice boss, I told everyone that I did it (I've never hosed up that bad in my career) and of course Joe User is replying to my email saying "Wow, you're such a moron, don't use our email as a science experiment next time!" while I'm biting my tongue. Like, the only lasting effect is that things they have deleted in the past 30 days are now undeleted. Bitch, you have no idea how much worse that could have been, my guy was one click away from hitting "Permanently delete with no recovery" on the retention policy he was testing.
|
# ? Sep 27, 2018 14:32 |
|
That story is why I double and triple checked everything when setting up a testing policy for purging anything older than 13 months for legal, I was terrified of accidentally applying it to all users.
|
# ? Sep 27, 2018 14:35 |
|
I kept getting Rick Scott ads on virtually every website I was visiting when off VPN (the MSFTWIFI is rear end even without a vpn). Untill today. Curiously, I rageposted in cleartext several somethings about GOP ghouls deserving their God's own damnation last night Thanks Ants posted:Yeah same, had no idea about Restore-RecoverableItems That's going into my DR book
|
# ? Sep 27, 2018 19:04 |
|
Potato Salad posted:Who is giving out socks? I need to go hit up some sock vendors! Rubrik had the best ones.
|
# ? Sep 27, 2018 19:09 |
|
I am watching the GPM for Windows Servicing spin the Windows Insiders program -- the "Test this for us or we kill your business productivity next week" gun pointed at my head -- as a positive change compared to their past larger beta program. The same GPM is spinning "we helped solve half a million bugs since 2016" as a positive Maybe your dev quality control is hosed, idk
|
# ? Sep 27, 2018 19:42 |
|
"QA just isn't modern"
|
# ? Sep 27, 2018 19:45 |
|
Potato Salad posted:I am watching the GPM for Windows Servicing spin the Windows Insiders program -- the "Test this for us or we kill your business productivity next week" gun pointed at my head -- as a positive change compared to their past larger beta program. The same GPM is spinning "we helped solve half a million bugs since 2016" as a positive
|
# ? Sep 27, 2018 19:45 |
|
anthonypants posted:Everyone doing QA at Microsoft got laid off a few years back, and now everyone who participates in Windows Insiders is their QA. Yeah I'm aware of the layoffs. What's clear is that the servicing team is operating on edict from higher up, because they absolutely will not budge on conceptual criticism of their model right now, to a man and woman.
|
# ? Sep 27, 2018 19:54 |
|
Potato Salad posted:Yeah I'm aware of the layoffs. What's clear is that the servicing team is operating on edict from higher up, because they absolutely will not budge on conceptual criticism of their model right now, to a man and woman. If you have enough money that you are about to withhold from them they suddenly become very willing to compromise their master vision of the future.
|
# ? Sep 28, 2018 01:12 |
|
Sudden Loud Noise posted:If you have enough money that you are about to withhold from them they suddenly become very willing to compromise their master vision of the future. If this was Azure they'd never ever be able to pull this off. Problem is it's Windows, the federal government can't go "oh you want to patch it like this? gently caress you we're a Linux shop now" Or else they'd be absolutely hosed right now with this model. It's poo poo and it hasn't started working properly yet. It's a disaster in the Enterprise. 4 year cycles with security updates were fine. Why gently caress it all up, you assholes
|
# ? Sep 28, 2018 08:14 |
|
LTSC avoids many of these problems! Except it doesn't, security patches are the culprit just as often as feature updates/fixes. As a matter of fact, 2018's major business-closing patches were all security patches
|
# ? Sep 28, 2018 15:56 |
|
I'm trying to come up with a plan of action here, and wracking my brain trying to figure out the best way. Hopefully someone here has some pointers. Setup: Active Directory (domain1.com) with Sync to Office 365. All user creds are synced to Office 365 here. We have a team that has their domain1.com email addresses, as well as domain2.com addresses. Right now domain1 accounts are Ent E3 licenses. Domain2 addresses are actually just shared mailboxes that the domain1.com account has send as/full permissions to. Now, I need to migrate these people so that their primary email address/account is domain2.com. The domain1.com address can go away (though I need to still be able to have them receive email to that address) I could simply change the email address in Active Directory, and let that sync to O365, but I'd first have to change the smtp address on their secondary accounts, and that would leave them with the domain1.com mailbox as primary, which wouldn't be correct. I can talk this issues in circles for hours. Nothing I come up with seems to actually be the right answer. Has anyone ever done anything like this? What method did you land on?
|
# ? Oct 1, 2018 15:58 |
|
Are both domains in the same o365 tenant, separate tenants, or is only one domain in o365?
|
# ? Oct 1, 2018 16:19 |
|
The Fool posted:Are both domains in the same o365 tenant, separate tenants, or is only one domain in o365? Domain1 is on prem sync to O365 Domain2 is only in O365 Both are in a single Tenant together. I would not mind creating a second Tenant for the second company/domain either, I just don't want to deal with PST migrations for a bunch of people located all over the continent. Gerdalti fucked around with this message at 17:24 on Oct 1, 2018 |
# ? Oct 1, 2018 16:27 |
|
|
# ? May 30, 2024 13:33 |
|
Is there any way to script the creation of GPO's? I'm not immediately seeing a simple way to do this in PowerShell... I'm trying to create a bunch of GPO's that have the same function, but for differing OUs; namely to configure the Restricted Groups option Wicaeed fucked around with this message at 18:34 on Oct 1, 2018 |
# ? Oct 1, 2018 17:56 |