Post can be closed. I found our GPO's are not tied to the OU's so was fine to simply re-create new OUs. Cheers.

@joel said in OBR10 - Server Setup:

@scottalanmiller said in OBR10 - Server Setup:

@joel said in OBR10 - Server Setup:

Then, I can provision DomainController
Add Virtual Hard Drive - C:\OS (130GB) - (Location: D:\VM\DomainController)
Add Virtual Hard Drive - D:\Logs (20GB) - (Location: D:\VM\DomainController)

Why would you make a domain controller like this? Of all workloads, should not be this way.

I recall reading a MS article stating 😄 should have the OS installed but then a second drive should be used as SysVOL/Logs

No, that's not a normal or recommended setup. Maybe for some very specific scenario, but absolutely is not a good default. Default is one 😄 for everything. For DCs, always a single drive, never do this extra stuff. This is what we call "getting weird."

@stacksofplates said in Best way to backup big data...:

We use Exagrids and tape. Though for only 45TB you could just build a box and Colo it. RHEL/CentOS now have VDO support so you get dedupe and compression on those volumes.

A supermicro box with 24 8TB drives is around $13K. That's around 90TB in RAID 10. I don't know pricing for smaller because we build with those. But it shouldn't be too expensive to build your own and ship to it off-site.

If it's large files likes raw video then compression and deduplication is unfortunately of very limited use.

We just use a standard supermicro 4U server with 24x3.5" drive bays. Running software RAID-6 with very modest hardware specs we have 250MB/s sustained write and 700MB/s read. More than enough to saturate a dual gigabit network link.

Two RAID-6 arrays with twelve 3.5" 10TB enterprise drives in each will give you around 200TB of storage. Or perhaps three RAID-6 arrays with 8 drives in each giving you about 180TB.

The most money in this type of config will be in the drives themselves. 10TB Seagate Exos X10 are about $330 each so 24 drives is $8K.

@joel said in Raid - Best Practices:

g raid...Or just bunch all the disks together and create seperate partitions for the c drive and then the d drive - is that still go

with an office that small - I ask - do you even need a server? Do you need local storage at all? can you go all cloud based? or just use a local NAS for storage and cloud for the rest?

@wrx7m said in dns issue? pertino:

Sorry for threadjacking - How is Cradlepoint with regards to their 4G routers? I might have a need for something like that at a secondary location that would only need access to our ERP system and doesn't have "affordable" internet available.

I highly recommend them for that purpose.

I am setting up DMARC right now. I just moved to Office 365 and I was using the none setting, to just report on what legitimate services might be sending out. Freshdesk was the only one that I found and after spending 2 weeks with their support fixing their DKIM record configurations, I enabled quarantine on DMARC. Coincidentally, this is pretty much the exact time when Freshdesk had at least one of their IP addresses get blacklisted for sending mail.

All of our notification messages were getting quarantined by office 365 and I thought it was an issue with DMARC. Nope. What a PITA. I switched the DMARC to none again and that didn't work and finally found out from Freshdesk that they had been blacklisted.

I ended up having to create a mail flow rule to bypass spam filtering if the sender was a certain email address and the return path was several domains with freshdesk in them. That only solved our problem of quarantined notifications. Our customers are still affected. Freshdesk said that they had resolved it by getting the IP removed, but whenever I disable the mailflow rule, they start getting quarantined again.
#badtiming

Some details can be found here on recommended changes.

@scottalanmiller how did you resist the urge to ask why backups are needed.

😉

@dustinb3403 said in Installing FS on a DC:

@scottalanmiller said in Installing FS on a DC:

@wls-itguy said in Installing FS on a DC:

@bbigford said in Installing FS on a DC:

@dustinb3403 said in Installing FS on a DC:

So this makes sense, and it might just be a "me issue". But every workload I have ever seen (IME) has been on different Microsoft Server versions.

IE you need CALs for that version of Windows Server. . . and thus you would need tons of CALs.

Grr time to investigate.

Worth noting... You need the amount of CALs to equal users, for a certain platform. 2012 RDS? Needs CALs. Exchange 2013? Needs CALs. Upgraded from 2012 RDS to 2016 RDS and Exchange 2013 to 2016? All new CALs.

That was awesome to find out. The only saving grace for us was 501c3 status. Pennies on the dollar.

Or use open source free products for... free. Zero on the dollar 😉

Support is never free, even if someone is donating their time, there is a cost.

Right, which is why open source is SO cheap, because it costs LESS to support normally than proprietary software. So it's cheaper than free when compared to alternatives. It's like you get paid to use it!

@joel said in Giving out admin details:

@scottalanmiller Thanks all - I like the fees idea.
It would be a good idea if it was possible to create an account but on a timer. IE. This account will self-destruct in 3 days. Giving them a small window to do what they want. thanks all again

That is what AD account expirations are for. . . you set when they expire and an AD admin would have to go and extend the duration if needed. . .

@joel said in Powershell on Startup + Azure Storage:

I tried this. Powershell launched at startup but the script didnt run. What I noticed is that if i run the script with powershell, it doesnt work. However if I open with Powershell and execute the script, it works!

You cannot map a dive a startup, that requires a user session.

The real question is... what do you want the Chromebook to do by putting it on Pertino? What is the end goal?

@joel said in Excel OLE Error + VPN:

I have enabled the option to ignore applications using DDE and have checked no addins causing a problem to no prevail.
Is it worth me installing a 64bit Excel? We're using 32bit 2016 at present.

64 bits will not make a difference here, it is most likely some network congestion that you area encountering.

https://simplemdm.com/

Ignore that - i found this batch file which works well:

@echo off
echo >pinglog.txt
for /f "tokens=" %%A in ('ping 127.0.0.1 -n 1 ') do (echo %%A>>pinglog.txt && GOTO Ping)
:Ping
for /f "tokens= skip=2" %%A in ('ping 127.0.0.1 -n 1 ') do (echo %date% %time:~0,2%:%time:~3,2%:%time:~6,2% %%A>>pinglog.txt && GOTO Ping)

##CASE CLOSED##

Thanks guys. I'll do more digging and ensure all drivers are updated.

Now that auditing is set up, your security event logs will fill up faster.

What I like to do is increase the size the security log can get to, 1 GB, and then to archive them once they grow large enough, and to make a new one.

This is also done via a group policy.

0_1512148397383_Untitled.jpg

From here you can do with them what you like.

I have them automatically compressed (they compress super well) and then moved somewhere else for escrow reasons.

It's still an expense for us. The only sticking point is the AD Connect which of course is awesome.

@joel said in Google Apps for Business - Drive Permissions:

HI all.
I was wondering if there is a way I can establish which users have permissions on each folder within a Google Drive business platform?

We've just started working with a company who have 50users on Google Apps (half of which are old users) and our first plan is to tidy it up and figure out permissions on each folder.

Does anyone have any tools/apps/advice on how I generate a good report/account on what files/folders are shared to which users? It would be good to present this in CSV format.

Thanks

Take a look at this:
https://support.google.com/a/answer/4579696?hl=en
https://gsuite.google.com/marketplace/app/drive_permissions_auditor/370134017754