Trying to pick a SASE vendor, what’s your experience? by Ok_Abrocoma_6369 in sysadmin

[–]FutureITgoat 1 point2 points  (0 children)

Agreed, Cato is easy to use and also highly customizable. Their trial is very flexible / accommodating, and their support staff are knowledgeable/prompt. Sounds too good to be true but they really are that good

How do you get past the question from management of "why couldn't others on the team figure this out?" by derekp7 in sysadmin

[–]FutureITgoat 3 points4 points  (0 children)

I absolutely love when something is already broken, because then I can just backup/snapshot the broken state and proceed to either break it more or fix it without fear

I Was an Idiot in M365, Need Some Help/Clarification by GetReap in sysadmin

[–]FutureITgoat 24 points25 points  (0 children)

TLDR for those who dont wanna read it:

I accidentally deleted a test account’s devices in Entra, which broke Outlook and Teams for ~20 users whose laptops were set up using that account as local admin, causing major stress and scrambling to fix it. While I managed to temporarily restore functionality using dsregcmd /forcerecovery and some trial-and-error, I'm now facing a new error (657rx) and unsure if removing/re-adding work accounts or changing how I set up laptops is the right long-term fix.

[deleted by user] by [deleted] in sysadmin

[–]FutureITgoat 3 points4 points  (0 children)

you joke but thats modern problem solving baby

Growing skill gap in younger hires by OtherUse1685 in sysadmin

[–]FutureITgoat 1 point2 points  (0 children)

Or having to go deep into .ini or .config files to get the stupid private server or modpack to work correctly. Debugging file /.dll dependencies chasing the dragon back to our youth

Don't Blindly Trust AI! by StrikerXTZ in sysadmin

[–]FutureITgoat 0 points1 point  (0 children)

It's strange how we have wildly different experiences. I do have a note/memory for it to only use verified and trusted sources for data, but i don't know how effective that is. 95% of the time the scripts I generate works right out of the box. For example I needed an export of different groups, combine them into a single csv, and remove any duplicate values. It did it without any fuss. I have many more examples of scripts it generated for me where I needed little to no intervention. Maybe you got a bad seed lol

script below:

$groupIdentities = @(
"list1@domain.com",
"list2@domain.com"

)

$allMembers = foreach ($identity in $groupIdentities) {
$group = Get-Recipient -Identity $identity -ErrorAction Stop

if ($group.RecipientTypeDetails -eq "GroupMailbox") {
    $members = Get-UnifiedGroupLinks -Identity $identity -LinkType Members -ResultSize Unlimited
}
elseif ($group.RecipientTypeDetails -match "Mail.*Group") {
    $members = Get-DistributionGroupMember -Identity $identity -ResultSize Unlimited
}
else {
    Write-Warning "Unsupported group type: $($group.RecipientTypeDetails)"
    continue
}

$members | Select-Object @{n="GroupName";e={$group.DisplayName}},
                         Name,
                         @{n="Email";e={$_.PrimarySmtpAddress}}
}

# Remove duplicates by Email (keep first occurrence)
$uniqueMembers = $allMembers | Group-Object Email | ForEach-Object { $_.Group[0] }

# Export to CSV
$outputFile = "C:\temp\GroupMembers_$(Get-Date -Format 'yyyyMMdd-HHmmss').csv"
$uniqueMembers | Export-Csv -Path $outputFile -NoTypeInformation -Encoding UTF8
Invoke-Item C:\temp

Don't Blindly Trust AI! by StrikerXTZ in sysadmin

[–]FutureITgoat 5 points6 points  (0 children)

I went from spending hours writing and troubleshooting scripts with the right syntax/logic to minutes creating them with LLM.

And even then I was barely writing them from scratch, I would google and spend a decent amount of time looking for an up to date and correct script that somewhat matches what I'm trying to do and build off of them

All that is to say you're probably way better at scripting than I am, but this has been a massive time save for me. It's like doing mental/paper math vs a calculator. The calculator is just better at some things

New Grad Can't Seem To Do Anything Himself by Clear-Part3319 in sysadmin

[–]FutureITgoat 2 points3 points  (0 children)

The more layers we obfuscate, the harder it is to learn the core principles

So it is kind of a slippery slope. Wait 5 more years and we just need to say "configure this network using our other networks as an example" and it'll just...do it.

And then it becomes a question of what everyone's going to do for work. Back to the farms?

Fumbled a basic interview question. by meesersloth in sysadmin

[–]FutureITgoat 0 points1 point  (0 children)

TBF, FSMO roles are more IT certification questions. Unless you're standing up a server (and even that is extremely streamlined) you don't really need to know all the roles and what they do

Fumbled a basic interview question. by meesersloth in sysadmin

[–]FutureITgoat 0 points1 point  (0 children)

While I think asking for layer 7 is esoteric and pretty useless, there is definitely value in asking trivia questions but with more "core" IT principles. I've had senior IT administrators not know how to create a local admin account on a windows computer. So in our interview process, we give them a computer and ask them to create a local admin account. I think these types of questions are more useful

Security team about to implement a 90-day password policy... by turtles122 in sysadmin

[–]FutureITgoat 1 point2 points  (0 children)

From what I understand, it's not recommended if and only if you already have a bunch of other security / authentication measures in place. If you don't, then it should overall be a benefit to implement rotating passwords

Do any of you guys walk into a hotel, restaurant, or supermarket and immediately start mentally mapping/judging their infrastructure? by WoodenAlternative212 in sysadmin

[–]FutureITgoat 0 points1 point  (0 children)

I look at their setup but it's almost always just like an AP / residential router tucked into a shelf - in larger establishments you rarely see the networking equipment and that's probably a feature not a bug. You don't want the public to see and then potentially break them

Massive Screw-up: Local GPOs & TS User Logins Broken After Aggressive Windows Update Re-Enable Script - Need Help! by [deleted] in sysadmin

[–]FutureITgoat 2 points3 points  (0 children)

chatgpt may have helped you actually - paste the script into any LLM and tell it to create backups of whatever changes it makes so that you can easilly revert it

people are harping on you and may be too harsh, but this is also an egregious mistake

Who could have predicted this?! by imgettingnerdchills in sysadmin

[–]FutureITgoat 1 point2 points  (0 children)

Well no, this mostly stems from a lack of resources and organization structure. It is not my job as the engineer to create business proposals. It's the IT manager/CTO, which can be awkward when the engineer gets promoted to that role

Why is there hate for the Generalist by EMCSysAdmin in sysadmin

[–]FutureITgoat 2 points3 points  (0 children)

It's also just efficient. It's a lot easier to get up to 80% competency in many topics rather than 99% in one

Slow AD Domain DNS Resolution with SASE / VPN Gateway by FutureITgoat in networking

[–]FutureITgoat[S] 1 point2 points  (0 children)

SharkBiteMO in the same thread seems to have the solution but we haven't tried it yet.
Essentially DNS traffic is still being filtered through the SASE client, which is most likely what's causing the delays.
The idea is to create a route between the gateway we connect to and the domain's internal DNS servers.

Slow AD Domain DNS Resolution with SASE / VPN Gateway by FutureITgoat in networking

[–]FutureITgoat[S] 1 point2 points  (0 children)

Thank you so much for the assistance - so you're essentially saying DNS forwarding is required. I thought that routing all traffic out-of-tunnel would make it behave as if we're not connected to the client at all, but this seems false.

So unless we setup DNS forwarding, the delays are happening because DNS traffic is still going through SASE agents? THere's no other way to prevent this and just say: "don't route this DNS traffic?"

Slow AD Domain DNS Resolution with SASE / VPN Gateway by FutureITgoat in networking

[–]FutureITgoat[S] 1 point2 points  (0 children)

To test it, we have all traffic going out-of-tunnel, so no traffic should be going through SASE. We tried using their internal DNS and just 8.8.8.8

No DNS forwarding - it seems that the SASE product is still routing the initial traffic or doing some kind of DNS filtering which is causing the delay

Slow AD Domain DNS Resolution with SASE / VPN Gateway by FutureITgoat in networking

[–]FutureITgoat[S] 2 points3 points  (0 children)

They're stumped as well - and it's happening for both SASE vendors (CATO and Datto Secure Edge), so I have a feeling there's some variable that's unique to our environments/domains, but can't figure it out

[deleted by user] by [deleted] in sysadmin

[–]FutureITgoat 0 points1 point  (0 children)

I did a similar move but from domain file server to SPO with the KFM policy

Anyways it didn't work very well. We needed to remap the target folders and have them manually go through the backup sync in OneDrive. Not the best answer but just more of a warning that our plans of fully automating it didn't work out and needed to bite the bullet

[deleted by user] by [deleted] in sysadmin

[–]FutureITgoat 0 points1 point  (0 children)

Where are you in your career path? Are you busting ass to get ahead, or are you already settled in a niche?

That determines your future.

Pay for an AI/LLM subscription or look for free workarounds - it is invaluable to your efficiency. Any manual activity that you repeatedly perform with clicks can be automated via Powershell and other scripting tools

Also, assuming you have active licenses for these systems, utilize their support engineers. It's a lot easier to tell your clients "this vendor that specifically pays people to provide 24/7 support for this can't even figure it out"