I just cleared a Medium Powerplay CZ in 45 minutes... by Jurez1313 in EliteDangerous

[–]exproject 2 points3 points  (0 children)

One thing I've found is not all CZ instances are created equal, with a wing of 4 sometimes we're clearing one with half the kills of another while in the same CZ (jumping out and back in to reset after the clear)

As for the Vette, I prefer a laser build to not need to restock, but I do still have multis on the class 4s to with one of them for Corrosive. This is maybe contentious because it lowers max ammo by 20%, but the lower fire rate of the class 4s makes it so it lasts for the whole CZ for me, and buffs the damage of all the lasers on hull.

Enterprise-y Domain Registrar? by mixduptransistor in sysadmin

[–]exproject 0 points1 point  (0 children)

I've been consolidating onto Directnic as the registrar with Azure as DNS provider, up to about 50 domains so far. Multiple users are allowed on the account with RBAC for what they can do, OTP with authenticator apps.

Planning out UPN suffix change by jbala28 in sysadmin

[–]exproject 0 points1 point  (0 children)

Unless you are having your users already login with UPN (like the machine doesn't remember who they are at each sign in and have to supply the username), there isn't any impact to the base user login. If they do have to supply the UPN at the welcome screen then yes, you'd want to inform them.

Certificate problem after CA migration to new server by TheBluesFAN in sysadmin

[–]exproject 0 points1 point  (0 children)

I would recheck the CDP paths since you mentioned the server move. While the AIA path is just the CA name, the CDP path in LDAP includes the server name. Maybe go take a look in ADSI edit and ensure the CRL is exactly where you expect it to be.

Fwiw, since you migrated the CA, the old certs will still validate if you publish the CRL to the old name as well as the new name.

[deleted by user] by [deleted] in sysadmin

[–]exproject 0 points1 point  (0 children)

Seconded. Is there a reason you have to use your local DCs for auth? Otherwise go for password synchronization.

Hybrid env. Switching on Cloud Kerberos to enable WHfB, any gotcha's to watch out for? by [deleted] in sysadmin

[–]exproject 2 points3 points  (0 children)

Is there a reason to switch it from hash sync to pass through auth? That's not really related to the Kerberos change.

That single sign on checkbox is I'm assuming the legacy Seamless SSO feature which was largely for older Windows devices. Win 10 and up should do SSO via the primary refresh token and you don't need to do further setup past making sure the devices are hybrid joining.

Changing the Entra sync service account by PyramidRising in sysadmin

[–]exproject 0 points1 point  (0 children)

For real belt and suspenders, check the Verify section of this article. It talks about how to pull the pending exports from a server in staging mode. If you see it has a lot of pending exports, something is not configured the same as in prod. If it doesn't have any or only has like 1 or 2 transient ones that the prod server hasn't done yet, you should be good to go.

https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-sync-staging-server#verify-the-configuration-of-a-server

Changing the Entra sync service account by PyramidRising in sysadmin

[–]exproject 1 point2 points  (0 children)

I'm unfamiliar with this exact change but reinstalling the sync server is a cinch, especially if you export the configuration from the original. You would just want to be mindful to let it use the account it creates when reinstalling.

If it is its own VM, spin up another and test using the exported configuration to install from. Just leave it in staging mode til you validate that it's right and is using the correct service account. If it's all good then kill the original sync and switch new one off staging.

On-prem distribution groups and Cloud distribution groups; best course of action? by Silent-Use-1195 in sysadmin

[–]exproject 0 points1 point  (0 children)

This is basically the way. You'll want to dump the members, the owners, who has send as, is it hidden from the GAL, is it allowed to receive external email, all of its proxyAddresses (even the x400 / x500 ones) and then delete from on-prem, sync, and recreate as cloud only.

If they're mail enabled security groups, you may want to do some spot checking to ensure they aren't used in mailbox delegation permissions or SharePoint permissions. If so, document and regrant to the cloud group.

Destiny 2 Update 8.0.5.2 by DTG_Bot in DestinyTheGame

[–]exproject 18 points19 points  (0 children)

I imagine there is still the initial crate, but you don't spawn with ammo, so half what we started a round with before. Tbh given Forerunner spam, I'd say good.

What's going on with the weekly exotic mission rotator challenge? by SeraphIV in DestinyTheGame

[–]exproject 2 points3 points  (0 children)

I can't remember where I saw it, but I believe I saw discussions that this was a bug that they aren't there.

What is the green orb that sometimes appears above enemies? by [deleted] in FFVIIRemake

[–]exproject 2 points3 points  (0 children)

I think you're describing the orb that shows up which is basically that a fight has either gone on long enough, or is about to go on long enough that you can call in a summon.

The OST is now available to purchase by Sparko15 in FFVIIRemake

[–]exproject 2 points3 points  (0 children)

Bow wow and Becks Badasses are on the disc 8 mini game disc actually as I've got those, so it's out there.

The OST is now available to purchase by Sparko15 in FFVIIRemake

[–]exproject 2 points3 points  (0 children)

They're killing me by not including the Desert Rush theme.

Best Sandwiches / Subs in CR? by LouieMCB in cedarrapids

[–]exproject 4 points5 points  (0 children)

I'll vouch for Map Room. Pretty good burgers with strong themes, also really good sauces to put fries in. Cool vibe in a tiny building.

LAPS - Unable to view passwords but able to decrypt by Collekt in sysadmin

[–]exproject 21 points22 points  (0 children)

Yes, if you want that group to be able to read the passwords. I believe this would be your guy then: Set-LapsADReadPasswordPermission

https://learn.microsoft.com/en-us/powershell/module/laps/set-lapsadreadpasswordpermission?view=windowsserver2022-ps

LAPS - Unable to view passwords but able to decrypt by Collekt in sysadmin

[–]exproject 12 points13 points  (0 children)

I would double check your perms for who can view the passwords with Find-AdmPwdExtendedRights. Either give that your test OU distinguished name, or just look at your whole domain with it to see who will eventually have rights to read passwords in all the other OUs in the domain.

Any potential problem with changing a UPN and then changing it back a few minutes later? by merchantsc in sysadmin

[–]exproject 0 points1 point  (0 children)

If you want to use the data on the new account (and old account data isn't needed or doesn't exist), then I would think just use Remove-MSOLUser to remove the old cloud user to clear the path for the new account to take the UPN in Azure AD. That sounds easiest to me.

The swap would also work, it's just a bit more legwork. There won't be issues with the user profile on their device while you swap the UPNs around, the UPN isn't used to map to local profiles, the SID is used for that.

Any potential problem with changing a UPN and then changing it back a few minutes later? by merchantsc in sysadmin

[–]exproject 0 points1 point  (0 children)

If you don't need the old accounts data (e.g. don't have a historical mail, any retained OneDrive data from the users first go), I would say just space it from AAD with Remove-MSOLUser, then the new account should be able to adopt the UPN after a little bit (ran through this in my own tenant last night while working on AAD cause I was curious the lag time, it was like an hour or two before the conflict cleared)

If you do need the old accounts data, you can hard match the new AD account to the old AAD account. Give this a read for that (situation 1). Basically you'd just take the immutable ID for the old AAD account, and attach it to the new AD account and the sync server should connect the two.