|
Thanks Ants posted:If this means what I think it means I am going to become engorged. This gives Microsoft at least five get-outs on annoying poo poo they'll do to Edge in the future. When we get user-write back it's all over for
|
#
?
Dec 15, 2023 22:59
|
|
|
|
| # ? May 14, 2024 00:06 |
|
|
Our on prem AD going away by end of q1, wrap it up
|
|
#
?
Dec 16, 2023 00:38
|
|
|
Dans Macabre posted:Our on prem AD going away by end of q1, wrap it up y'all hiring
|
|
#
?
Dec 16, 2023 00:49
|
|
|
Dans Macabre posted:Our on prem AD going away by end of q1, wrap it up lucky you, I wish there was a tool to move the machines without disjoining rejoining every single one
|
|
#
?
Dec 16, 2023 00:52
|
|
|
Serfer posted:lucky you, I wish there was a tool to move the machines without disjoining rejoining every single one Yeah, this 
|
|
#
?
Dec 16, 2023 01:15
|
|
|
Dans Macabre posted:Our on prem AD going away by end of q1, wrap it up You can't get rid of DNS you'll regret this!!!! Also, please submit DNS solutions for a post-ADDNS world.
|
|
#
?
Dec 16, 2023 01:27
|
|
|
https://infoblox.com https://bluecatnetworks.com
|
|
#
?
Dec 16, 2023 18:49
|
|
|
I'd be interested in Azure DNS Private Resolver if they introduced a lower tier for networks that aren't putting 10k queries per second through it
|
|
#
?
Dec 16, 2023 18:52
|
|
|
Potato Salad posted:y'all hiring I wish Serfer posted:lucky you, I wish there was a tool to move the machines without disjoining rejoining every single one I wish this too, but we're gonna power through it / doing our hardware refresh ahead of schedule to make it slightly less painful. incoherent posted:You can't get rid of DNS you'll regret this!!!! Our new HQ already doesn't have any servers on site (other than a synology NAS) and we're just using external DNS, so far so good. People are mapping to the NAS by IP, as they are to the printer, good enough!
|
|
#
?
Dec 17, 2023 00:15
|
|
|
incoherent posted:You can't get rid of DNS you'll regret this!!!! We're using aadds. Azure spins up a couple DCs that mirror your Entra footprint, you tell Intune to make that their default DNS domain, and you're good for internal DNS.
|
|
#
?
Dec 17, 2023 06:41
|
|
|
I'm a data guy trying to learn AD DS from zero, for a new gig. For practice, I've used virtualbox to spin up a DC and a Win10 workstation. I then set up DNS and NAT and have the basics working together. Rookie question on a practical scenario I want to try:
This seems relatively doable for beginner, given my current virtual environment, right? Any other practical, or realistic, steps I should add to the exercise to improve my learning?
|
|
#
?
Dec 23, 2023 01:54
|
|
|
Hughmoris posted:I'm a data guy trying to learn AD DS from zero, for a new gig. For practice, I've used virtualbox to spin up a DC and a Win10 workstation. I then set up DNS and NAT and have the basics working together. If you have options, you might want to reconsider this gig. All of these workflows are things a reasonable enterprise has abstracted off AD. To answer the question directly, yes you can do it. GPO or a logon script for the bonus. None of that should be happening except the user account creation automated off your IDP though.
|
|
#
?
Dec 23, 2023 02:09
|
|
|
AreWeDrunkYet posted:If you have options, you might want to reconsider this gig. All of these workflows are things a reasonable enterprise has abstracted off AD. Thanks for the insight. At the moment, other options involve a smaller paycheck. So for now... AD #1! AD #1! At a high level, what would you say the modern Microsoft alternative is? Entra ID for the users and something to do with OneDrive for the personal folders?
|
|
#
?
Dec 23, 2023 02:13
|
|
|
Hughmoris posted:Thanks for the insight. At the moment, other options involve a smaller paycheck. So for now... AD #1! AD #1! Pretty much. If you're building a new environment Entra (or a non-Microsoft IDP that easily wires into Entra) is the cleanest path for user account management in an M365 environment that gives you all of the other user services including file shares. Assuming no legacy app integration this all wires into on-prem AD pretty easily, but chances are the reason this org is asking these questions is legacy app integration.
|
|
#
?
Dec 23, 2023 02:17
|
|
|
AreWeDrunkYet posted:Pretty much. If you're building a new environment Entra (or a non-Microsoft IDP that easily wires into Entra) is the cleanest path for user account management in an M365 environment that gives you all of the other user services including file shares. Assuming no legacy app integration this all wires into on-prem AD pretty easily, but chances are the reason this org is asking these questions is legacy app integration. Hmm. I have a M365 Developer sandbox. Might see if I can figure out how to sync it with my homelab AD DC, as another exercise. Thanks!
|
|
#
?
Dec 23, 2023 02:22
|
|
|
Hughmoris posted:Hmm. I have a M365 Developer sandbox. Might see if I can figure out how to sync it with my homelab AD DC, as another exercise. Thanks! https://learn.microsoft.com/en-us/entra/identity/devices/hybrid-join-plan
|
|
#
?
Dec 23, 2023 02:27
|
|
|
Hughmoris posted:I'm a data guy trying to learn AD DS from zero, for a new gig. For practice, I've used virtualbox to spin up a DC and a Win10 workstation. I then set up DNS and NAT and have the basics working together. Use powershell for #1/2 - have it iterate through a CSV via for loop and create user accounts, I would add a bunch of info like email address, phone number etc so you have multiple fields to fill out. #3/4/6 can be done through GPO, do NOT use homefolders in AD, some places still use it but it's dumb, if you want to learn it... you input the info into a single field in AD and it creates the folder with correct permissions, just google it. It wouldn't hurt to know this stuff because your place might (I can almost guarantee you it does) still have plenty of legacy on-prem data living in fileshares. Many/a lot of places have moved to folder redirection to OneDrive, so they'll redirect your desktop/documents and maybe a few other profile folders to OneDrive so they sync. - Old way was to do it via GPO as well and have docs/desktop/etc redirected to file server, I'm sure plenty of places still have this in place as well and you can look into it None of this stuff is hard and will be a pretty quick thing to learn, it's useful to know imo despite plenty of people being on the "durrr use the cloud hurf durf" train, yes, you should try to get away from as much legacy stuff as you can but there's plenty of places out there still using it and your goal would be to migrate away from it. MF_James fucked around with this message at 19:03 on Dec 23, 2023 |
|
#
?
Dec 23, 2023 18:44
|
|
|
I have my own little Server 2022 setup on consumer hardware for various things and I'm trying to do some unholy poo poo that I don't know if I can actually do... The setup: • Server 2022 • Running on X570S (Gigabyte Pro AV X570S) • Drives are all their own - no RAID or ZFS. I want to: • Convert the box's SATA mode from AHCI to RAID so I can start dropping RAID1 arrays in it managed by the motherboard and it's utility (RaidXpert2) • Preserve my existing installation of Windows Server 2022 while doing so. I've tried: • Basically all the 'treat this like a normal machine' steps. Installing Gigabyte's provided RAID driver, then AMD's. Both come back complaining about the OS. In my head, this was going to be as easy as just installing the raid drivers from AMD, converting it to RAID, and calling it a day. In reality, getting AMD's driver installation to play nice with Server 2022 has been real rough. Just pulling their drivers from the website has not yielded the results I wanted. I'm wondering if I can just drop the SATA Raid drivers in the system32/drivers folder and restart if they will 'just work'... Any cool and neat ideas on how to make this happen?
|
|
#
?
Dec 23, 2023 21:44
|
|
|
What's your goal with using the "hardware" RAID? You probably won't gain much that you couldn't do with Windows' own dynamic disks, or maybe using ReFS. (I don't remember, can you boot from either of those now?)
|
|
#
?
Dec 24, 2023 00:07
|
|
|
nielsm posted:What's your goal with using the "hardware" RAID? You probably won't gain much that you couldn't do with Windows' own dynamic disks, or maybe using ReFS. (I don't remember, can you boot from either of those now?) Is Windows dynamic disks actually worth a drat these days? I've been out of the sysadmin career for many a years, but historically WIndows' solution was considered very slow and had real big problems with losing arrays when the power goes out. RAID5 managed by WIndows has long been considered a HUGE trap last I was looking at it. Has it improved a lot since Server 2016? The goal here ultimately is that I want RAID1 (or better yet, RAID5) in a way that I could recover the data off the array of the OS blew up. I don't have infinite compute, so performance matters at least somewhat.
|
|
#
?
Dec 24, 2023 00:25
|
|
|
I've been out of the BOFH game for a while myself, but isn't RAID 10 vastly preferred to RAID5 nowadays?
|
|
#
?
Dec 24, 2023 00:32
|
|
|
IIRC Storage Spaces Direct is the new hotness in windows drive clustering
|
|
#
?
Dec 24, 2023 01:26
|
|
|
Canine Blues Arooo posted:Is Windows dynamic disks actually worth a drat these days? Yes. Dynamic disk pools with storage spaces work very well. I’ve even done an array upgrade on mine of evacuate disk -> swap in bigger disk, rebalance, repeat.
|
|
#
?
Dec 24, 2023 01:28
|
|
|
I ended up doing the Storage Spaces thing. Is there any way to know when a disk fails here? Does Windows Server honk at me, or is this just a, 'better keep an eye on it...' kind of ordeal?
|
|
#
?
Dec 24, 2023 02:50
|
|
|
You could go next level and do a "cluster in a box" storage spaces with dedupe for simulating HA.
|
|
#
?
Dec 27, 2023 06:25
|
|
|
incoherent posted:You could go next level and do a "cluster in a box" storage spaces with dedupe for simulating HA. If i had the IO, i would probably take a swing at that. Right now, the setup is a couple RAID1 Arrays with a hot spare
|
|
#
?
Dec 31, 2023 04:28
|
|
|
deduplication and compression I/O can be totally on your schedule and your terms and it is shocking how effective dedupe on win 2019/2022 is
|
|
#
?
Dec 31, 2023 04:55
|
|
|
Dans Macabre posted:I wish this too, but we're gonna power through it / doing our hardware refresh ahead of schedule to make it slightly less painful. This is the pro move, squeeze multiple projects together into one. Pure hell for a while, then smooth sailing.
|
|
#
?
Jan 1, 2024 16:44
|
|
|
AreWeDrunkYet posted:Pretty much. If you're building a new environment Entra (or a non-Microsoft IDP that easily wires into Entra) is the cleanest path for user account management in an M365 environment that gives you all of the other user services including file shares. Assuming no legacy app integration this all wires into on-prem AD pretty easily, but chances are the reason this org is asking these questions is legacy app integration. This has piqued my interest. Does Okta fit this definition?
|
|
#
?
Jan 5, 2024 04:53
|
|
|
At least Okta and Ping are fine, until you start adding complexity basically any IDP that does SAML will work with Entra. Old but still mostly relevant I think: https://www.microsoft.com/en-us/download/details.aspx?id=56843
|
|
#
?
Jan 5, 2024 13:18
|
|
|
We have a bunch of AD groups that are populating exchange to create Distribution lists. A lot of these AD groups are no longer needed, but we don't know if anyone has used the Distros to create alerts or if they were disseminated to field offices as a point of contact. I would like to be able to delete these AD groups and Distros but to take all the email addresses that were associated with them and add them as aliases to one of the remaining Distribution Lists so that if anything is setup to mail them, they'll just get forwarded to the remaining Distro. My Exchange contact is telling me this is impossible and giving me a dozen different alternatives that all amount to "delete the distros and hope nobody needs them" which seems dumb to me. So, is it possible to just add a bunch of aliases to a Distro in Exchange?
|
|
#
?
Jan 8, 2024 02:47
|
|
|
You should get a new Exchange contact, because you can easily add aliases to distribution lists. https://learn.microsoft.com/en-us/exchange/recipients-in-exchange-online/manage-distribution-groups/manage-distribution-groups
|
|
#
?
Jan 8, 2024 03:22
|
|
|
I'm working my way through a toy project with Entra ID and M365, and am stumbling on groups. Hopefully one of you ID/AD wizards can help. In a business environment, when should I be using Microsoft 365 groups versus Security Groups? Or do I use them both together? My short term goal for this toy project is to create fictional families in a town. Each family will have their own sharepoint site and Teams channel. Permissions should prevent a member of Family A looking at the chat or files of Family B. I'm using the free M365 sandbox for all this.
|
|
#
?
Jan 9, 2024 23:49
|
|
|
Security groups are for if you only need to logically organize security concerns. Like, Group A needs to have a contributor role Azure. M365 Groups automatically create additional resources/enable features in M365. M365 Groups have different features depending on how they are created: 
|
|
#
?
Jan 10, 2024 00:12
|
|
|
The Fool posted:Security groups are for if you only need to logically organize security concerns. Ok that makes sense. Looks like I'll roll with M365 groups for now. Thanks!
|
|
#
?
Jan 10, 2024 00:42
|
|
|
On the subject of groups, I'm convinced I've seen documentation somewhere that says you can use security groups to grant access to Exchange features like mailbox permissions, but I've never gotten this to work, and the group has always needed to be mail-enabled to work. This would be fine but then you lose the ability to do this with dynamic security groups. Was I reading something that had a typo in, or should it be possible to grant access to things in Exchange using security groups that aren't mail enabled?
|
|
#
?
Jan 10, 2024 00:46
|
|
|
Thanks Ants posted:On the subject of groups, I'm convinced I've seen documentation somewhere that says you can use security groups to grant access to Exchange features like mailbox permissions, but I've never gotten this to work, and the group has always needed to be mail-enabled to work. This would be fine but then you lose the ability to do this with dynamic security groups. It has to be mail-enabled as far as I've seen, I have NOT gotten a regular security group to work and I was just trying again a few days ago.
|
|
#
?
Jan 10, 2024 07:13
|
|
|
Yeah, the control group must be mail enabled its how exchange knows what it is. You can go in after and hide it from the GAL and restrict so nobody can send do it if you want. There is new group writeback to onprem in Azure AD which might have some interesting implications for dynamic cloud/onprem groups but its brand new and we haven't poked at it yet.
|
|
#
?
Jan 10, 2024 07:24
|
|
|
Azure and Entra ID question: I have two environments in my toy project. Environment-A is my personal Azure account. Environment-B is my free M365 sandbox with a user called Homer Simpson. I'd like to grant Homer Simpson access to the Springfield Power Plant VM in my personal Azure account. Maybe grant him access to my Springfield Power Plant azure file share. Is this where I'd look at Entra ID B2B? Or would this scenario be handled through some sort of Azure guest user? The end goal is to learn a solution that a business might realistically use (to pad my resume). If someone could point me in the right direction to start researching.
|
|
#
?
Jan 10, 2024 22:25
|
|
|
|
| # ? May 14, 2024 00:06 |
|
|
I'd start with cross-tenant synchronisation, which is a less high-touch feature building on top of B2B collaboration https://learn.microsoft.com/en-us/entra/identity/multi-tenant-organizations/cross-tenant-synchronization-overview Whether this works will come down more to whether guest users can access the features you need them to access than the exact method you are using to manage these external users. Thanks Ants fucked around with this message at 22:37 on Jan 10, 2024 |
|
#
?
Jan 10, 2024 22:32
|
|