Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "active directory"
My mom died when I was 7, after which my dad bought me a Commodore 64 so I had something to lose myself in during the mourning process.
I learned everything about that system, from my first GOTO statement to sprite buffers, to soldering my own EPROM cartridges. My dad didn't deal with the loss so well, and became a missing person 5 years later when I was 12.
I got into foster care with a bunch of strict religious cultists who wouldn't allow electronics in the house.
So I ran away at 14, sub-rented a closet in a student apartment using my orphan benefits and bought a secondhand IBM computer. I spent about 16 hours a day learning about BSD and Linux, C, C++, Fortran, ADA, Haskell, Livescript and even more awful things like Visual Basic, ASP, Windows NT, and Active Directory.
I faked my ID (back then it was just a laminated sheet of paper), and got a job at 15-pretending-to-be-17 at one of the first ISPs in my country. I wrote the firmware and admin panel for their router, full of shitty CGI-bin ASP code and vulnerabilities.
That somehow got me into a job at Microsoft, building the MS Office language pack for my country, and as an official "conflict resolver" for their shitty version control system. Yes, they had fulltime people employed just to resolve VCS conflicts.
After that I worked at Arianespace (X-ray NDT, visualizing/tagging dicom scans, image recognition of faulty propellant tank welds), and after that I switched to biotech, first phytogenetics, then immunology, then pharmacokynetics.
In between I have grown & synthesized and sold large quantities of recreational drugs, taken care of some big felines, got a pilot license, taught IT at an elementary school, renovated a house, and procreated.
A lot of it was to prove myself to the world -- prove that a nearly-broke-orphan-high-school-dropout could succeed at life.
But hey, now I work for a "startup", so I guess I failed after all.30
More sysadmin focused but y’all get this stuff and I need a rant.
TLDR: Got the wrong internship.
Start working as a sysadmin/dev intern/man-of-many-hats at a small finance company (I’m still in school). Day 1: “Oh new IT guy? Just grab a PC from an empty cubicle and here’s a flash drive with Fedora, go ahead and manually install your operating system. Oh shit also your desktop has 2g of ram, a core2 duo, and we scavenged your hard drive for another dev so just go find one in the server room. And also your monitor is broken so just take one from another cubicle.”
Am shown our server room and see that someone is storing random personal shit in there (golf clubs propped against the server racks with heads mixed into the cabling, etc.). Ask why the golf clubs etc. are mixed in with the cabling and server racks and am given the silent treatment. Learn later that my boss is the owners son, and he is storing his personal stuff in our server room.
Do desktop support for end users. Another manager asks for her employees to receive copies of office 2010 (they’re running 2003 an 2007). Ask boss about licensing plans in place and upgrade schedules, he says he’ll get back to me. I explain to other manager we are working on a licensing scheme and I will keep her informed.
Next day other manager tells me (*the intern*) that she spoke with a rich business friend whose company uses fake/cracked license keys and we should do the same to keep costs down. I nod and smile. IT manager tells me we have no upgrade schedule or licensing agreement. I suggest purchasing an Office 365 subscription. Boss says $150 a year per employee is too expensive (Company pulls good money, has ~25 employees, owner is just cheap) I suggest freeware alternatives. Other manager refuses to use anything other than office 2010 as that is what she is familiar with. Boss refuses to spend any money on license keys. Learn other manager is owners wife and mother of my boss. Stalemate. No upgrades happen.
Company is running an active directory Windows Server 2003 instance that needs upgrading. I suggest 2012R2. Boss says “sure”. I ask how he will purchase the license key and he tells me he won’t.
I suggest running an Ubuntu server with LDAP functionality instead with the understanding that this will add IT employee hours for maintenance. Bosses eyes glaze over at the mention of Linux. The upgrade is put off.
Start cleaning out server room of the personal junk, labeling server racks and cables, and creating a network map. Boss asks what I’m doing. I show him the organized side of the server room and he says “okay but don’t do any more”.
... *sigh* ...20
TLDR: In defense of Powershell - the rant:
I don’t get the Powershell hate.
You don’t hate a screwdriver for not being able to turn a nut, you just *don’t use a screwdriver to turn a nut*
Once you recognize what the tool is good for and you don’t try to use it like Bash, it’s wildly powerful, and satisfying to use in a way Cmd.exe never was.
Cygwin or a Linux Subsystem can only go so far on a Windows computer. You’re dealing with two fundamentally different OS architectures. It makes sense you’d need different tools.
And like it or not, Microsoft owns the non-tech-user desktop , corners the non-tech server business market, and Active Directory is THE tool for managing Windows desktops on a large scale - So Wanblows is not going away anytime soon.
Automation without some weird ass sysVol batch login script is finally possible. Anyone who knows .Net classes can leverage their methods from directly within Powershell. Remote management of headless Windows servers is now a reality. If you have an Office 365 Exchange server you can literally Powershell remote to it for management, just like your favorite cloud hosted Linux distribution.
No one said Windows is a better OS, but an object based shell on an object based OS *makes sense*. It’s useful for its environment. Let it be.11
Just inherited a web application, worst security ever, all it does is call an unsecured application that does an active directory call, verifies the user name exists and then grants the role that the username is assigned. That is it oh and if you can find your way into the admin panel anyone can edit anyone else's role.
Come to find out this application got the dev who designed it a promotion to lead.6
So my previous alma mater's IT servers are really hacked easily. They run mostly in Microsoft Windows Server and Active Directory and only the gateway runs in Linux. When I checked the stationed IT's computer he was having problems which I think was another intrusion.
I asked the guy if I can get root access on the Gateway server. He was hesitant at first but I told him I worked with a local Linux server before. He jested, sent me to the server room with his supervision. He gave me the credentials and told me "10 minutes".
What I did?
I just installed fail2ban, iptables, and basically blocked those IP ranges used by the attacker. The attack quickly subsided.
Later we found out it was a local attack and the attacker was brute forcing the SSH port. We triaged it to one kid in the lobby who was doing the brute forcing connected in the lobby WiFi. Turns out he was a script kiddie and has no knowledge I was tracking his attacks via fail2ban logs.
Moral of lesson: make sure your IT secures everything in place.1
TLDR: There’s truth in the motto “fake it till you make it”
Once upon a time in January 2018 I began work as a part time sysadmin intern for a small financial firm in the rural US. This company is family owned, and the family doesn’t understand or invest in the technology their business is built on. I’m hired on because of my minor background in Cisco networking and Mac repair/administration.
I was the only staff member with vendor certifications and any background in networking / systems administration / computer hardware. There is an overtaxed web developer doing sysadmin/desktop support work and hating it.
I quickly take that part of his job and become the “if it has electricity it’s his job to fix it” guy. I troubleshoot Exchange server and Active Directory problems, configure cloudhosted web servers and DNS records, change lightbulbs and reboot printers in the office.
After realizing that I’m not an intern but actually just a cheap sysadmin I began looking for work that pays appropriately and is full time. I also change my email signature to say “Company Name: Network Administrator”
A few weeks later the “HR” department (we have 30 employees, it’s more like “The accountant who checks hiring paperwork”) sends out an email saying that certain ‘key’ departments have no coverage at inappropriate times. I don’t connect the dots.
Two days later I receive a testy email from one of the owners telling me that she is unhappy with my lack of time spent in the office. That as the Network Administrator I have responsibilities, and I need to be available for her and others 8-5 when problems need troubleshooting. Her son is my “boss” who is rarely in the office and has almost no technical acumen. He neglected to inform her that I’m a part time employee.
I arrange a meeting in which I propose that I be hired on full time as the Network Administrator to alleviate their problems. They agree but wildly underpay me. I continue searching for work but now my resume says Network Administrator.
Two weeks ago I accepted a job offer for double my current salary at a local software development firm as a junior automation engineer. They said they hired me on with so little experience specifically because of my networking background, which their ops dept is weak in. I highlighted my 6 months experience as Network Administrator during my interviews.
My take away: Perception matters more than reality. If you start acting like something, people will treat you like that.3
Taking IT classes in college. The school bought us all lynda and office365 accounts but we can't use them because the classroom's network has been severed from the Active Directory server that holds our credentials. Because "hackers." (The non-IT classrooms don't have this problem, but they also don't need lynda accounts. What gives?)
So, I got bored, and irritated, so I decided to see just how secure the classroom really was.
So I created a text file with the following rant and put it on the desktop of the "locked" admin account. Cheers. :)
1. don't make a show of "beefing up security" because that only makes people curious.
I'm referring of course to isolating the network. This wouldn't be a problem except:
2. don't restrict the good guys. only the bad guys.
I can't access resources for THIS CLASS that I use in THIS CLASS. That's a hassle.
It also gives me legitimate motivation to try to break your security.
3. don't secure it if you don't care. that is ALSO a hassle.
I know you don't care because you left secure boot off, no BIOS password, and nothing
stopping someone from using a different OS with fewer restrictions, or USB tethering,
or some sort malware, probably, in addition to security practices that are
wildly inconsistent, which leads me to the final and largest grievance:
4. don't give admin priveledges to an account without a password.
seriously. why would you do this? I don't understand.
you at least bothered to secure the accounts that don't even matter,
albeit with weak and publicly known passwords (that are the same on all machines),
but then you went and left the LEAST secure account with the MOST priveledges?
I could understand if it were just a single-user machine. Auto login as admin.
Lots of people do that and have a reason for it. But... no. I just... why?
anyway, don't worry, all I did was install python so I could play with scripting
during class. if that bothers you, trust me, you have much bigger problems.
I mean you no malice. just trying to help.
For real. Don't kick me out of school for being helpful. That would be unproductive.
Plus, maybe I'd be a good candidate for your cybersec track. haven't decided yet.
-- a guy who isn't very good at this and didn't have to be
have a nice day <3
oh, and I fixed the clock. you're welcome.2
This one's for all the SysAdmins out there.
About 4 years ago I was asked to take over a dental offices systems administration (~20 machines) after their previous guy had allowed their servers RAID 1 to fail and hadn't done any updates or general maintenance. (please take note this office is my parents dental office).
I since have been recovering from his poor configuration and setup by instating an active directory environment and installing up to date software as well as updating machines on the domain to Windows 10 since windows 7 is no longer supported. I have also been properly licensing everything.
My bosses (my parents) are annoyed with this because "it's more expensive" and "it's too complicated we don't know how to manage it" and I don't know how to explain to them that they aren't fucking systems admins. They asked why they could do it before and I tried to explain that now it's secure and things need to be rolled out on the network level. They had every user running full local admin on every workstation plus the server.
Some people don't fucking understand that just because it's simple doesn't make it a good fucking idea. And because it's cheap doesn't mean it will always be (just wait till Microsoft audits you).
Oh and they also don't understand fucking CAL licensing and refuse to pay for gsuite for all their staff who use it. Instead they just have two gsuite accounts and give everyone the fucking password.
I'm going to have an aneurysm6
New position at work. Lots of power in regards to tech stacks of my choice.
I feel like Neo.
First project was finished in a week using Clojure. A basic application that would automate the process of adding our students into a particular active directory system in which many other things happen at the same time including updates to pins and other shit as well as networking and wifi permissions. Works fast as fuuuuuuuuuck, the alternative existed(somewhat) in php and while there was nothing wrong other than speed I wanted to show the head of my department what i could do.
It was anticlimactic as fuck. I thought it was gonna take me longer. It fucking didn't and i am glad as shit. It is now working like an absolute powerhouse in its own environment and being monitored by the sys admins, they loved how easy it was to deploy and how well behaved it is.
The head of the department is impressed as fuck and the board of directors got a hold of it. Reason being that I am being displayed as some sort of wizard that used ancient alien tech in the 21st century.
Fuck yes, major win.
I also get to add Clojure to my resumee. Hod even said that if needed be they will rethink my salary to add the fact that i get to use this tech where no one else can.11
I """""accidentally"""'" found some security holes in my school's Windows public computer setup.
Every student and teacher has a personal Active Directory, obviously they should be able to only see their own right?
oh wait the directory up button in explorer shows me all of them and I have r/w access to teacher and student ADs.
Also, the command prompt, Run prompt ad Explorer path bar are disabled...
...but batch scripts work.
Surely I can't do something dumb like--- oh, regedit's blocked but not the reg command.
They use the-- WHY IS GPEDIT NOT BLOCKED
Well what the fuck.
(All of this was responsibly handled by emailing the tech department. They have an email just for this! ...got a bounceback "this person is no longer employed at XYZ School.")6
I might be fucked up, but I have a tendency to gravitate towards the shit that everyone else dislikes for the sake of knowing if their bias against is actually because shit is truly fucked up or if shit is legit plain WRONG.
From all technologies that I have worked with professionally I can count:
Java(currently in the form of old JSP services for an "enterprise level application")
Java for Android development - i was the lead engineer for a mobile project
Swift with IOS dev, same gig as the above.
C++ for Android development in the form of OpenCV with Java as well.
Clojure for an ldap active directory application
Python for glue scripts
Classic ASP with JScript and VBScript
VB Net forms
C# For ASP.NET MVC
Bootstrap for multiple intranet frontends
Node+Express for a logistics warehouse management tool
Ruby on Rails freelancing small gigs
Php in all ways possible from complete standalone php apps to Laravel and just php+composer apps aaaaall the way to wordpress
Today I'm ranting about Windows. No, it's not "WiNdOwS sUcKs!", it's more like "But why!?"
See, I'm an IT guy for the year, and in my office they use Windows. Now once upon a time, they had Active Directory and all that (well, actually, they still do) but then they got some new computers running Windows 10, and for some reason they just couldn't join them to the domain!
Why can't they, you ask? Well, Microsoft only allows Win 10 Pro and up to join a Domain, and since these computers came with Win 10 Home, that wasn't possible.
Long story short, I now have some 30 computers that need to be upgraded (possibly from 7) to Win 10 Pro, and joined to the Domain.
Thing is, I would like to do that all in one go, so I look into how to automatically setup Windows.
"Ah! Got it, provisioning packages!"
Lest you think they work let me spare you now: they don't. Just like real computers where everything is different, provisioning packages failed to work twice, and after wasting about a week trying to make it work, I gave up.
So now I realized that I need to try a different method, a custom windows image. Issue is, I've got no clue how to make one. See, microsoft decided to go all in on the provisioning packages thing (they do have advantages in certain use cases), and seemed to decide that making custom images was no longer necessary, so they documentation was nearly impossible to find.
But after a lot of searching, I figured out how to do it:
1. Install Windows in a VM.
2. Put it in audit mode.
3. Install your stuff.
4. Create an unattend.xml file with certain customizations.
5. Put the unattend in Windows\System32\Sysprep
6. Generalize the image.
7. Boot WinPE.
8. Open the console.
9. Capture the image.
10. Wait an hour or two.
I'm over simplifying, it was a huge PITA, and yet there were still issues.
Maybe another time I'll talk about those.27
I got a ticket near the end of the day, asking to install a printer on a computer. The branch in question was in a different time zone (I'm in US-Pacific [GMT-07] and the computer was in US-Eastern [GMT-04]). I figured I wouldn't worry about it; after all, I had other tickets to work on that were much higher priority.
The next day I come into work and immediately get a message from one of my East Coast coworkers, telling me that this branch is calling and asking how the printer is coming. I told him to tell them I would call them a bit later. I do a couple of easy jobs and then begrudgingly call the branch. I listen to the phone tree that they have (which requires two button presses instead of one in order to speak with someone) and finally get in contact with a person... only to have the call disconnect.
I call back and ask for the person who called in the ticket and then followed up, who had apparently gone to lunch. I informed the person that I was just going to install the printer and it would be good to go. This would be fine... up until she mentioned she needed scanning functionality.
Now I wasn't sure if the driver we have in AD is set up with the scan functionality, so I said okay, but that meant I would have to get the driver from the website. The connection to our branches are about 1Mbps, so even downloading Java updates (60-ish MB) take about 5-10 minutes on a good day. The file for this printer was about 700MB (thanks HP). So I went and did other stuff while that downloaded.
I come back after it finished and started the install process. Right away it asks to re-seat the USB cable. So I call the branch. The call disconnects. I call again. It disconnects. I call one more time, and finally get the person who called the ticket in. I instruct him to re-seat the cable. He does. The driver starts doing its thing. I tell him I'll call back if I run into any issues and we hang up.
The driver goes through the install process for about 20 minutes, stops at 99%, then fails. I want to restart the computer, just in case there's a conflict somewhere, but that would require calling the store again, so I put it off.
About an hour later I get a message from another East Coast coworker, telling me the branch is calling about the printer again. I was in the middle of another call and said I would call back later. I do. It disconnects. I call again, and get the person who called the ticket in again. I tell him I want to restart the computer, but wasn't sure if it was okay. He checks with the people using it, who says it's okay, so I reboot. I hang up.
Once the computer comes back up I start the install process again. It asks to re-seat the cable. Fuck. I don't want to call the store again, so I open notepad and say "Please take out the printer's USB connection from the back of the computer."
Three. Fucking. People. Saw it. They moved the window and one even tried to close it, but they didn't re-seat the cable. I opened another window, telling them to call me at my number. They didn't. I called them. Got disconnected. I called them again, finally got someone, told them to re-seat the printer cable again. They do, thank god.
I say thank you and hang up. Continue the installer. It stops at 99% again and fails. I reboot the computer; screw it, I'm just going to install the driver from Active Directory. Check Devices and Printers. It's installed successfully. Hallelujah!
I get the printer set up for the various programs they use and print a test page. I call them one last time; their phone system sounding like they were connected via an underwater line connected by tin cans. I get someone.
$me: Hi, I want to know if the printer has printed something.
$them (garbled): -et me shee... yesh, it -rint-d a *beezelborp*.
$me: Perfect, I'm going to close this ticket! Thanks, goodbye! *hangs up*
tl;dr - I hate printers
In an application that everyone in production floor used... I made some "improvements"... Next I know I get tons of tickets because is really slow... Like 20 minutes waiting and it doesn't load... I try with my user in their computers and it loads instantly... Puzzled... After trying in many computers my user loads instantly... Oops... I left a if(user = "me") skip all active directory checks 🙄... Made all production floor lose about 3 hours 😆 because I didn't believe 😛2
The wage for the publishing company is too low to my liking (see previous rant), has so many asterisks when it comes to payment that it's downright shady, and I'd rather work for a company that follows European standards and is located in Europe anyway. So I've started to look again for sysadmin jobs.
Came across this fucking site, because apparently Glassdoor is down for maintenance (maybe those guys could use another sysadmin as well, hmm? 🤔)
"5 Linux Systems Administrator jobs in Belgium + 10 miles"
Alright, excellent! Let's see what they are!!!
- Active Directory administrator, wage unspecified.
- Senior VMware administrator, wage unspecified.
- Freelance Windows administrator, wage unspecified.
- Application services PM (i.e. DevOps), freelance, €500/day.
- System applications manager, requirements clearly noting Windows systems but why on Earth would you put that in the title?
Well thank you mate, useless shitsite. Do you see that none of these jobs have anything to do with Linux? Thanks you bastard, totaljobs.com! Time well spent, don't you think? 😑5
The new company I'll work in told me that I have to use windows because they have an ad and Linux login does not work proper with it...4
Went through changing Apple ID email. I have 💻,📱and⌚️.
Felt like that horror movie moment when protagonist tries to be stealthy but makes a noise and a huge mob of zombies turn heads all at once. For what I love apple, the simplicity, in the email changing process there is none of that.
They forced me to enter my 60 arbitrary obscure characters password on Apple Watch screen.
On the other hand I felt nostalgic. When I was using Linux this all was my day to day experience no matter the distro, and I got a Linux Foundation certificate, I contributed to Elementary. Can’t imagine the experience of a user who just switched to Linux.
Windows? I don’t want to think about that, let alone talking. You only need to know that I successfully configured a SoE setup AND active directory in ad-hoc unstable network of literally rusty old computers. And I still switched to Linux back then.4
I've been using the Square REST API and I spent one hour thinking there was something wrong in my code until I f** found that THEY were not following OAuth 2 guidelines, which made their workflow incompatible with the OAuth lib I was using, so I had to mark an exception for Square's OAuth from the rest of my OAuths. Specifically, RFC 6749 Section 4.2.2 and 5.1.
Hope this all gets solved in OAuth 2.1 pleeeaasseee1
Sometimes I have to work with physical hardware. There are over 300 machines in our lab, split among two subnets. But for some reason, I can never access my machines by hostnames.
Every other week, there's an IP conflict on this network, requiring me to log into the active directory server and delete old DNS entries. This usually happens because someone decided to deploy 64 VMs on a huge server, all at once, didn't boot them with a delay, let alone with with a warning to IT.
Then when my superior asks how my progress has been and I respond with "I can't even get the machines to ping each other by hostname, there's something wrong with the DNS:, I get the following response: "HOW COME NOBODY ELSE IS HAVING PROBLEMS WITH THIS. YOU'RE FULL OF SHIT", from someone who spends 90% of the year abroad, working remotely.5
I'm ashamed of it, but I want to share my tifu-story:
My colleague asked me if I could rename his windows user name because he married and changed his last name. I changed it in the Active Directory, but he got some problems when he wants to log on. On every startup his old name appears. Simpliest task. Let me google that.
Easy going, let me just change this registry entry. Reboot. Old behaviour. Okay, I changed some of the other entries. Reboot. Yeah, his new name appears. But wait a moment. Windows just nulled his entire user profile and deleted all the data. "oh, haha you have a backup, right?" - "no, I saved everything on the desktop, all my work is gone!"
But at the end, the boss was mad at HIM, because he doesn't used the file server or any backup system.
i am not a smart man5
I need to setup a Windows Server with an AD (and therefore an own domain) that can be reached from a Linux host for a test environment... Holy crap I totally forgot what a huge pain in the ass that crap is!
Pro Tip: If youre connected to a Server via VPN and RDP and you create a domain and subsequently get logged out from the server, you're fucked.2
TLDR: I need advice on reasonable salary expectations for sysadmin work in the rural United States.
I need some community advice. I’m the sysadmin at a small (35 employee) credit card processing company. I began as an intern and have now become their full time sysadmin/networking specialist. Since I was hired in January I have:
-migrated their 2007 Exchange server to Office 365
-Upgraded their ailing Windows server 2003 based architecture to 2012R2
-Licensed their unlicensed VMware ESXi servers (which they had already paid for license keys for!!!) and then upgraded them to 6.5 while preventing downtime on hosted VMs using tricky transfers and deployments (without vMotion!)
-Deployed a vCenter server to manage said ESXi servers easier
-Fixed a three month gap in their backups by implementing Veeam, and verifying its functionality
-Migrated a ‘no downtime’ fileserver to a new hypervisor host, implemented a ‘hot standby’ server as a backup kept up to date by the minute with DFS replication.
-Replaced failing hard drives in a RAID array underlying their one ‘business critical’ fileserver, which had no backups for 3 months at that time
-Reorganized Active Directory and Group Policy deployment from a nightmare spiderweb of OUs and duplicate policies
-Documented the entire old network and now the new one as I’ve been upgrading this
-Audited the developers AWS instances and removed redundant machines, optimized load balancing on front end Nginx servers, joined developer run Fedora workstations to the AD domain and implemented centralized syslog monitoring on them.
-Performed network scans and rewrote firewall exceptions to tighten security
There’s more, but you get the idea. I’ve now been tasked with taking point on an upcoming PCI audit which will be my first.
I’m being paid $16/hr US, with marginal health benefits. This is roughly $32,000 a year, before taxes.
I have two years previous work experience managing a third party Apple repair facility (SimplyMac) and every Apple certification for warranty repair and software troubleshooting. I have a two year degree in general sciences, with about 4 years of college credit (Two years of a physics education and two years of computer science after I switched focus) I’m actively pursuing a CCNA and MCSA server 2016 with exams paid for and scheduled.
I’m going into a salary negotiation in two months. What is a reasonable salary to request, from your perspective, for someone in my position?
Thanks in advance!6
Call with Customer for an upcoming software project (tone interpreted through rage)
them: "yeah we want to launch by end of march but our sales people would like to have a demo version asap, incl. structure of the forums and yaddayadda"
me: "earliest at end of feb"
them: "why do you need so long bro?"
me saying: "chill, we'll send you screenshots"
me (not saying): "because you ordered an azure based Active Directory as loginprovider at another company and our own white lable software needs to integrate that and we've never spoke about a demo version you mofos?"
me (also not saying): "and yet another partner that is working on the hardware component still hasn't logged into the API I crafted because he didn't knew how to send parameters to a REST API?"
Fucking Windows Servers, I just wanted to set a login timeout of a few minutes after several unsuccessful login attempts.
(Windows Active Directory for Domains and shit is installed - just an FYI (otherwise this would be slightly easier))
- Go to Group Policy Management
- Navigate to your domain in a policy tree
- Right click "default policies" and select edit in the right click dropdown.
(Why not just fucking double click and edit it them in the convenient right-side window? Because fuck you!)
- Navigate another god damn policy tree
(And it's not obvious, it's under Windows Settings... Ok that makes sense, but there are so many nests.. Fuck me)
- And only now can you edit the "Account lockout duration" field
Windows Servers are a pain.. This actually isn't completely horrible, but it gets really annoying, because literally everything here is hidden in weird places behind thousands of click navigations and in between that there's some shit sandwhich UX.1
Okay so one of my friends got an offer for a more powerful server with 128GB RAM, ok processor because the current server load is high. When they got the offer of the new one I saw there was in the licenses part, Windows Server 2016. Which to me seems worst thing you can do for just using PHP, MySQL and nothing active directory or really windows specific. Can some of u please write in short why use linux for servers instead of shitdows. And it would clearly cost much less. Because I guess if other tell it they, the client, will agree...16
FUCK APPLICATION LEVEL FIREWALLS!
So i cam online today, thought already lets open the shitty outlook webmail client. Holy crap .... thats way to much mails. Many of them are missed teams messages. So i open up teams and holy crap. Like every third dev in my company send me a message screaming "gitab is not working!!!".
Yesterday i updated it so imediately get in panic mode - what the shitty hack have i done?!
So yeah gitlab seems to be working just fine, everything is speedy and responsive, so i call one of my fellow devs and ask him whats wrong? And he is like oh yeah there comes a ldap error saying timeout or something.
I try to login with active directory. Works like a charm. Try another account, same problem?!
Google the problem, search gitlab tickets. Nope there is no open bug or sth. like this.
So alright lets call the network guy. "Yo, can you check if there is something ldap-like getting blocked to the gitlab server?" - He is like oh yeah damn like almost every damn request is getting blocked. Ah wait, there was an firewall update yesterday too. Yeah ldap is no longer ldap. BLOCK THAT SHIT!
After 10 minutes of figuring out what shitty type is detected by the firewall and what needs to be whitelisted to make it fucking work again it seems to work.
But ha no, there is another update rolling on, so same shit like 15 minutes later.
Now it seems to work and i have to inform every damn fcking developer that it works again. And yeah alright you sent a mail, but fuck it, i will call you though! So yeah just answering calls, mails and chat messages. Like why the fuck cant you read your mails like a damn normal person?!1
Used to work for a company that offered outsourcing services to clients. One time a sales person passed me a description of what is to be done as: "copy some data from old to these two new servers". He charged pocket change for that task. Told me what servers to bring along.
When I get there, the IT person in charge told me to migrate two separate Active Directory servers to new machines.
Generally it's all just moving some data around. Though AD migration is a pretty easy task once you know how to do, I still take it as undermining the value of skills required to do it.
The coolest project that I have worked on is still a work in progress. It is a dashboard that uses signalR that integrates with team city, active directory and Google calendar. It's definitely one of the coolest things I have worked on to date.
Ended up dong an internship for my school (not really internship, more along the lines of formal volunteering, but whatever) helping set up laptops for a statewide standardized assessment.
I made a program to log the machine's identifying info (Serial, MAC addresses, etc), renames it, joins it to the school's Active Directory, and takes notes on machines, which gets dumped into a csv file.
Made the classic rookie mistake of backing things up occasionally, but not often enough. Accidentally nuked the flash drive with the data on it, and spent a good while learning data recovery and how grep works.
Lesson Learned? Back up frequently and back up everything
I'm genuinely contemplating changing my career to an IT support role from my current web dev endeavors.
I have become rather disinterested for quite some time with web development, I've been working with React, Angular, the regular Wordpress stuff with the theme building/modifying, headless instances, plugin development and whatnot and all of these have become more of a chore than anything else.
I'm leaning towards an IT support role as I genuinely have more interest in a user support/infrastructure support role than a developer role, the question is, is it doable ?. I know my way around Windows and Linux Servers, know LDAP, Active Directory, BASH, Powershell, Networking, can do cabling and whatnot but I don't have the experience to show off those.
Any tips would be greatly appreciated4
I have always had the fantasy to build a function in my developments that upon start would check if my user still is enabled in the Active Directory, and if not then shut down the application. Never done it... yet.
Today I created a second admin login for myself, deleted the first one, recreated the first one, then deleted the second one.2
Windows 10 , I just want a flipping built in command line executable to log off another (local) user. I'm not a server, I don't have active directory, I don't want to switch to log in as that user first, i want to just kill their inactive local session because cisco freaking vpn doesn't allow you to connect when a other user is logged in. I can kill the session from admin task manager, I just want to be in the commandline. If your gonna let software check the number of logged in users, let the freaking administration modify the number of logged in users with a cli.
Idk if I could turn it off an on again. On a server I would just issue "query sessions" or "query users" followed by "logoff ##". Why not let me do the same damn thing on my home computer sk I don't have to restart MY SESSION just to close MY WIFE'S session. You stupid fraking company that cannot provide consistent command line programs across various systems. SCREW YOU MICROSOFT AND YOUR UTTER ASANINE DECISION MAKING REGARDING WHAT FEATURES TO INCLUDE IN WHAT BUILDS.2
Querying Active Directory limits result sets to 1000. Useful when working for an organisation with over 3000 people...
Relatively often the OpenLDAP server (slapd) behaves a bit strange.
While it is little bit slow (I didn't do a benchmark but Active Directory seemed to be a bit faster but has other quirks is Windows only) with a small amount of users it's fine. slapd is the reference implementation of the LDAP protocol and I didn't expect it to be much better.
Some years ago slapd migrated to a different configuration style - instead of a configuration file and a required restart after every change made, it now uses an additional database for "live" configuration which also allows the deployment of multiple servers with the same configuration (I guess this is nice for larger setups). Many documentations online do not reflect the new configuration and so using the new configuration style requires some knowledge of LDAP itself.
It is possible to revert to the old file based method but the possibility might be removed by any future version - and restarts may take a little bit longer. So I guess, don't do that?
To access the configuration over the network (only using the command line on the server to edit the configuration is sometimes a bit... annoying) an additional internal user has to be created in the configuration database (while working on the local machine as root you are authenticated over a unix domain socket). I mean, I had to creat an administration user during the installation of the service but apparently this only for the main database...
The password in the configuration can be hashed as usual - but strangely it does only accept hashes of some passwords (a hashed version of "123456" is accepted but not hashes of different password, I mean what the...?) so I have to use a single plaintext password... (secure password hashing works for normal user and normal admin accounts).
But even worse are the default logging options: By default (atleast on Debian) the log level is set to DEBUG. Additionally if slapd detects optimization opportunities it writes them to the logs - at least once per connection, if not per query. Together with an application that did alot of connections and queries (this was not intendet and got fixed later) THIS RESULTED IN 32 GB LOG FILES IN ≤ 24 HOURS! - enough to fill up the disk and to crash other services (lessons learned: add more monitoring, monitoring, and monitoring and /var/log should be an extra partition). I mean logging optimization hints is certainly nice - it runs faster now (again, I did not do any benchmarks) - but ther verbosity was way too high.
The worst parts are the error messages: When entering a query string with a syntax errors, slapd returns the error code 80 without any additional text - the documentation reveals SO MUCH BETTER meaning: "other error", THIS IS SO HELPFULL... In the end I was able to find the reason why the input was rejected but in my experience the most error messages are little bit more precise.2
That feeling you get, when you go to a 2 day course at Microsoft called "developing on azure" and they spend 1 day to talking about active directory integration with office 365 an azure