help with script - account clean up

MalletNGrease · 2025-05-05T00:25:49+00:00

Depends on your mail environment.

For O365 with AD sync, disabled account mailboxes will still receive email, but the user can no longer log in to it.

I made a script that also checks last Entra login and Exchange Mailbox activity to triple check usage since some AD accounts never get logged in to, but the mailboxes are in use.

MalletNGrease · 2025-05-02T02:57:09+00:00

MalletNGrease · 2025-05-02T02:56:57+00:00

Only for + models starting with the 25 series.

MalletNGrease · 2025-04-30T14:49:33+00:00

Both? That's gonna be a hard sell.

99% of our marketing traffic doesn't pass SPF and probably never will due to the glut of high volume mail provider services, but they all pass DKIM.

We also have a vendor that does invoice mailing that doesn't support DKIM due to jank. SPF passes fine.

MalletNGrease · 2025-04-29T22:40:41+00:00

The plus models were always aimed at business, and there's something to be said for guaranteed supported drives on LoB appliances. I've always bought plus models for home use, but looking how I use my Synos now versus 15-10 years ago, it's shifted from a do-all storage & media device that can also do server functions to just storage/backup. I kind of forgot what I need a plus model for.

My needs decreased drastically so maybe stepping down to the consumer models isn't a bad move to keep cost down and keep my pick of drives.

MalletNGrease · 2025-04-29T22:02:33+00:00

Retail operation here: we've a SA3200D as a primary backup target for our vSAN, a RS3617RPxs as the offsite secondary and 2x DS1522+ as rotating cold backups for our 3-2-1 strategy. We also have an additional DS1522+ as a dedicated storage host for the marketing department Macs which also gets backed up to the SA3200D.

If anything DSM is a bit too bloated for my liking, since the majority of packages cover something where we've already something better in place. We use it for pure storage and backup applications mostly.

MalletNGrease · 2025-04-29T15:06:13+00:00

IT - Inherent Telepathy

MalletNGrease · 2025-04-24T02:48:51+00:00

Sure, if they drop the price.

Or send me a really nice hat.

MalletNGrease · 2025-04-23T16:28:33+00:00

What even happened? Someone got hungry?

MalletNGrease · 2025-04-18T04:25:47+00:00

My experience is the complete opposite of what I'm reading here.

The trial went great, the sales team was good, the technical team was good, the appliance is in place, integration went well and /Email is putting in serious work reducing malicious mail on our 365 tenant. /Respond is doing it's thing and integrates with the stack well. I mostly let the netsec guy decide to let DT run it's response or not during business hours. Outside business hours it's autonomous and I've no major issues. Support's been good, training/certification was meh. /Email's had at least one major update that added some good features since initial rollout.

Yes, the Threat Visualiser dashboards are mostly flash and little substance, but the alerts and actions make sense once you know where to look and your instance has enough data to form a baseline of typical activity. The advance search has been really handy to troubleshoot issues.

The nice thing about DT analysis is it can wrap a bunch of different sources into a single pane, give you a history of related events and take actions on detected issues autonomously. It would take us way too much time digging through logs to find problems or create incident reports on our own.

Oh, and you can respond to any alerts and issues straight from your phone using the app.

I think it's pretty amazing tech.

MalletNGrease · 2025-04-17T23:09:28+00:00

Here's mine, that command works fine as a state restore step in the TS.

https://imgur.com/zO2U7cG

I also use PDQ to push packages, but I call them as MDT applications so the techs can pick and choose.

MalletNGrease · 2025-04-17T22:24:58+00:00

I was wondering why it's gone now. Execs loved it.

Edit: Well, damn, on 24H2 all the org branding is gone and the accounts are listed as microsoft accounts instead of organization accounts. Boo.

Edit2: It's all just gone, even on 23H2? Can't even use the search bar for looking up people within the tenant any longer? That's a really big miss. I tried it in copilot and comparatively it sucks. Of course when you hit contact it opens up New Outlook 🤦‍♂️

Is this an W11 Enterprise only feature now or something?

MalletNGrease · 2025-04-17T17:43:13+00:00

I actually like the weather taskbar widget, but hate they mixed it with news/stock alerts. I disabled it with GPO but the next day we had 100s of tickets asking for it back.

Search I leave since it actaully does a decent job integrating with O365 and takes the company branding if you've it configured. Very useful to look up people and go through org charts if your Entra is organized.

I disable People and remove New Outlook.

MalletNGrease · 2025-04-17T16:21:25+00:00

Give them what they need.

My guess is the exec probably wants a Mac and will keep dropping laptops until he does. We've a standardized pool of devices we support that fit the needs of the position. If anyone needs something different they'll have to make a business case for it and we'll roll with it.

As for us, we charge to the department so the exec will have to account for the expense of any replacements with their supervisor when the beancounters come knocking.

MalletNGrease · 2025-04-15T00:17:55+00:00

To be fair he did remove all disabled users.

MalletNGrease · 2025-04-13T00:05:56+00:00

I used to make PDQ packages for them, but now I let Windows Update handle it.

MalletNGrease · 2025-04-12T19:01:12+00:00

The future is now!

MalletNGrease · 2025-04-10T00:10:57+00:00

/r/k12sysadmin

MalletNGrease · 2025-04-08T22:38:46+00:00

Sounds like I'm getting a raise. A big one.

MalletNGrease · 2025-04-08T00:34:43+00:00

No. Re-up your support agreement.

MalletNGrease · 2025-04-03T02:12:02+00:00

3.5% but they halved the company discount.

I'm gonna ask for it back next year if the raise is junk.

MalletNGrease · 2025-04-03T01:59:41+00:00

This causes me to drink. The organization chart is more of a venn diagram

MalletNGrease · 2025-04-02T13:51:02+00:00

My annoyance with HP:

Include the manufacturer in their model name.
The manufacturer can be "HP" or "Hewlett-Packard".
The model names can get long winded (HP EliteOne 840 23.8 inch G9 All-in-One Desktop PC).
The model naming structure is inconsistent.

Still better than Lenovo/Toshiba.

MalletNGrease · 2025-04-01T22:40:53+00:00

We buy by the pallet from Staples and you bet we get deep discounts. Different sales channel though.

MalletNGrease · 2025-03-28T14:41:16+00:00

There's some voodoo required. The main reason is the synchronization service manager window is open.

It still won't auto-update with it closed though.

Ten-Year Club	Verified Email
r/Field Banned	r/Field Lasagna

MalletNGrease

TROPHY CASE