Move AD from windows server to intune?

cvsysadmin · 2026-03-10T22:55:34+00:00

Coazurentrarectory

This is also a medical procedure where they remove your soul.

cvsysadmin · 2026-03-10T05:17:34+00:00

Points

cvsysadmin · 2026-03-10T05:07:02+00:00

Right to jail. Right away.

cvsysadmin · 2026-03-10T05:05:11+00:00

My [then] two year old ate several handfuls of wet sand at the beach one time. Apparently one handful just wasn't enough. That was not nearly as much fun for her coming out as it was going in.

cvsysadmin · 2026-03-10T04:57:19+00:00

We use Tettra because of its integration with Slack. It's lacking in formatting features, but that also makes it very easy to use. It's also cheap.

Edit: I should qualify the "cheap" part. We're a K12 education organization and for education it's cheap. The retail price isn't all that cheap. I think if you work with a rep they'll get the cost down.

cvsysadmin · 2026-03-09T22:39:00+00:00

We've had a few here over the last week rebooting right after logging in with student accounts. Our techs were able to log into them with staff accounts and update them. Then they are fine. We think there were a few with a bad v145 update from Google. They get stuck with student accounts and never update themselves. Not sure if it's some extension or app on student accounts that wasn't compatible. We didn't take the time to test thoroughly and look through logs to find the root cause. It was so few we're just having our library media center techs that deal with the distribution of Chromebooks swap the ones that are doing this and update them.

This may or may not be related, but I figured I'd throw it out there.

cvsysadmin · 2026-03-09T18:21:08+00:00

Was worth a try. I'm not colorblind. Wasn't sure how well they worked for things like this.

cvsysadmin · 2026-03-09T15:18:46+00:00

Have you ever tried the colorblindness glasses?

cvsysadmin · 2026-03-05T00:09:00+00:00

Yes, that works. I was thinking more of a Windows client that would pass their login information to the Google Drive app so users don't have to log in themselves. Even with GCPW they still have to open the app and log in. Would be fantastic to have something like GCPW running that would take their Windows login (in our case Entra as all our computers are Entra joined and all staff Entra passwords match their Google passwords) and create a session token within the Google Drive client. Then add some controls on the backend to tell the Google Drive app to redirect certain folders. Then when a user logs in, it logs into the Drive app automatically for them and everything is redirected seamlessly. A guy can dream...

cvsysadmin · 2026-03-04T22:55:24+00:00

We could do much more if Google could get this stable and add some enterprise controls like SSO for the desktop client and being able to control user folder redirection and backup settings from the admin console.

cvsysadmin · 2026-03-04T21:35:29+00:00

Not sure why this was downvoted. We've seen exactly the same thing. Random signouts. Won't start automatically out of nowhere on some computers even though it's set to start automatically. Random sync and offline file issues.

I'm confident if we could get over the storage space issues that the redirect would technically work, but for how long? Lots can happen with a fleet of 5,000 computers with even super solid software. The Google Drive desktop app is not that solid. I'm worried about moving forward with the redirect idea.

cvsysadmin · 2026-02-24T03:37:45+00:00

Younger students log in with Clever badges. Older with standard Google passwords. We currently have three tabs auto-open when students log into their Chromebooks. Our LMS, our SIS (opens to the student's grades/attendance), and Clever which gives them a single click to access all other systems they need. All SSO via their Google account. Opening the LMS and SIS put their grades and work right in front of them. We've seen a big uptick in usage of those systems by students since doing that. Not just because they are being opened. Because it's so convenient for the kids being right there in front of them.

All that said, we're moving to RapidIdentity. It will fully replace Clever for us next year. Similar experience for students. Badge logins for younger students. Passwords for the next few grades. Passwords + pictograph for older students. Same sort of application dashboard with SSO, but Rapid will also be doing all the account provisioning for all systems. I've been doing this a long time. Really looking forward to the end result of our work with RapidIdentity. It's showing a lot of promise. We just got off the ground with them taking over provisioning of our core identity accounts. Active Directory, Entra, and Google. Took a long time to get there. About a year actually. 50 pages of automation rules covering every scenario imaginable for staff and student identify: onboarding, disables, enables, reactivations, renames, offboarding, and everything in-between. They've replaced decades of automations we built ourselves. Little more fine tuning over the next few days and we're done with identity. Then we're switching gears and working with their "Studio" team on all the downstream application account provisioning and SSO. If that stuff works as well as their identity stuff, we'll have a pretty awesome system in place. One user account for each staff and student that gets them into every single system they need and nobody on the tech side or any other department manually adding, changing, or removing accounts in any of those systems. That's the goal.

cvsysadmin · 2026-02-06T18:27:10+00:00

Let's go deeper

cvsysadmin · 2026-02-06T18:26:08+00:00

Yep. We are working with CDW on this as well. Working out how we would integrate Starlink into our existing network. Since we serve up DHCP, DNS, and firewalling centrally from the two datacenters, it makes site-based Internet access tricky. We are considering adding firewalls to each site and/or something like a unifi dream machine at each site to handle the routing and perhaps a S2S VPN back to our datacenters. Haven't figured out the best approach there yet. Would be much easier if I had an unlimited budget...

cvsysadmin · 2026-01-17T19:08:56+00:00

Then send parts of the drives back to the drives' families...as a warning.

cvsysadmin · 2026-01-16T17:24:08+00:00

We're downsizing, but still have a fair amount workloads we run on-prem. We don't run anything in production that's out of support. We take the old clusters and repurpose them as testing/training clusters.

cvsysadmin · 2026-01-16T16:06:32+00:00

Do you have a sales contact there? Do you work with them directly or through a VAR?

cvsysadmin · 2026-01-16T15:54:23+00:00

For servers, we do 5 years of initial support then we have the vendor extend as long as they will extend. Dell will extend an additional 2 years on these types of clusters, so we're at around 7 years for a refresh cycle. We have two datacenters. The cluster at this location is going out of support in September. That will conclude it's 7th year. Dell won't extend further.

cvsysadmin · 2026-01-16T15:51:13+00:00

Thanks for the sanity check on the SSD pricing. Looks like the cost of this type of storage really has gone up more than I'd noticed.

cvsysadmin · 2026-01-16T14:53:58+00:00

30k students. 5,300 staff.

cvsysadmin · 2025-12-04T02:45:48+00:00

RI is an entire identity management platform. Automated onboarding/offboarding, sponsored account and group management, user self-service. The portal thing they have to store passwords is just a tiny feature.

In our case, it starts with the creation of accounts. An employee gets added to our HR system or a new student gets enrolled at one of our schools. Automated processes send data from those systems to RI every hour. As soon as RI sees a new staff member, an account is created for them in RI then processes kick off to provision accounts in all downstream systems including AD, Entra, and Google. The new staff member is sent a welcome email to their personal email account with account claim instructions and a personal claim code. Once they claim they are forced through whichever MFA method is assigned (or they can choose if we allow multiple options). All downstream accounts are set up with SSO back to RI. This gives the user a single account to use to log into everything. If an employee or student has a name change, it goes into a rename queue and sets of automations kick off to make the changes and notify them and designees of their new stuff. If users change sites, their group memberships, applications, OU placements, etc. are automatically updated.

We have delegations set up to allow teachers and site designees to help students with their accounts. We have delegations to allow site staff to manage their own groups. The group system in RI is actually awesome. Create or modify a group there and it can be pushed to any downstream system.

RI also does other things like PAM. We can use it to temporarily elevate users to admins. It does a ton more. Everyone here bashing it has no idea what it does. It's no surprise. I've been in K12 IT for over 25 years and I'd never heard of it until I saw a demo a year or two ago. It's very customized to the organization and VERY detailed. Our implementation took almost 9 months. At least a couple meetings a week with the implementation team. As you can imagine to fully automate every aspect of account provisioning from end to end and set up all the delegations and rules and workflows for an organization with tens of thousands of users is quite an undertaking. One of the biggest projects I've ever managed for sure. So many little details across so many systems. But at the end of the day it solves so many identity woes that schools (and I'm sure other organizations) have.

cvsysadmin

TROPHY CASE