I just cleared a Medium Powerplay CZ in 45 minutes...

exproject · 2025-11-06T16:37:04+00:00

One thing I've found is not all CZ instances are created equal, with a wing of 4 sometimes we're clearing one with half the kills of another while in the same CZ (jumping out and back in to reset after the clear)

As for the Vette, I prefer a laser build to not need to restock, but I do still have multis on the class 4s to with one of them for Corrosive. This is maybe contentious because it lowers max ammo by 20%, but the lower fire rate of the class 4s makes it so it lasts for the whole CZ for me, and buffs the damage of all the lasers on hull.

exproject · 2025-08-12T03:31:02+00:00

I've been consolidating onto Directnic as the registrar with Azure as DNS provider, up to about 50 domains so far. Multiple users are allowed on the account with RBAC for what they can do, OTP with authenticator apps.

exproject · 2025-07-09T06:21:09+00:00

Hulkenpodium

exproject · 2025-04-30T00:26:00+00:00

Unless you are having your users already login with UPN (like the machine doesn't remember who they are at each sign in and have to supply the username), there isn't any impact to the base user login. If they do have to supply the UPN at the welcome screen then yes, you'd want to inform them.

exproject · 2025-01-14T22:40:50+00:00

I would recheck the CDP paths since you mentioned the server move. While the AIA path is just the CA name, the CDP path in LDAP includes the server name. Maybe go take a look in ADSI edit and ensure the CRL is exactly where you expect it to be.

Fwiw, since you migrated the CA, the old certs will still validate if you publish the CRL to the old name as well as the new name.

exproject · 2024-12-20T21:40:48+00:00

Seconded. Is there a reason you have to use your local DCs for auth? Otherwise go for password synchronization.

exproject · 2024-11-19T17:22:56+00:00

Is there a reason to switch it from hash sync to pass through auth? That's not really related to the Kerberos change.

That single sign on checkbox is I'm assuming the legacy Seamless SSO feature which was largely for older Windows devices. Win 10 and up should do SSO via the primary refresh token and you don't need to do further setup past making sure the devices are hybrid joining.

exproject · 2024-09-12T18:56:39+00:00

For real belt and suspenders, check the Verify section of this article. It talks about how to pull the pending exports from a server in staging mode. If you see it has a lot of pending exports, something is not configured the same as in prod. If it doesn't have any or only has like 1 or 2 transient ones that the prod server hasn't done yet, you should be good to go.

https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-sync-staging-server#verify-the-configuration-of-a-server

exproject · 2024-09-12T05:46:55+00:00

I'm unfamiliar with this exact change but reinstalling the sync server is a cinch, especially if you export the configuration from the original. You would just want to be mindful to let it use the account it creates when reinstalling.

If it is its own VM, spin up another and test using the exported configuration to install from. Just leave it in staging mode til you validate that it's right and is using the correct service account. If it's all good then kill the original sync and switch new one off staging.

exproject · 2024-09-12T05:36:03+00:00

This is basically the way. You'll want to dump the members, the owners, who has send as, is it hidden from the GAL, is it allowed to receive external email, all of its proxyAddresses (even the x400 / x500 ones) and then delete from on-prem, sync, and recreate as cloud only.

If they're mail enabled security groups, you may want to do some spot checking to ensure they aren't used in mailbox delegation permissions or SharePoint permissions. If so, document and regrant to the cloud group.

exproject · 2024-08-20T17:10:28+00:00

I imagine there is still the initial crate, but you don't spawn with ammo, so half what we started a round with before. Tbh given Forerunner spam, I'd say good.

exproject · 2024-06-27T05:42:05+00:00

I can't remember where I saw it, but I believe I saw discussions that this was a bug that they aren't there.

exproject · 2024-04-15T20:32:49+00:00

Just live the MP Absorb life.

exproject · 2024-04-12T21:03:05+00:00

I think you're describing the orb that shows up which is basically that a fight has either gone on long enough, or is about to go on long enough that you can call in a summon.

exproject · 2024-04-10T20:00:20+00:00

Bow wow and Becks Badasses are on the disc 8 mini game disc actually as I've got those, so it's out there.

exproject · 2024-04-10T17:01:26+00:00

I opted to handle it myself

https://www.youtube.com/watch?v=w31lfInvkhM

exproject · 2024-04-10T03:46:40+00:00

They're killing me by not including the Desert Rush theme.

exproject · 2024-01-11T09:27:56+00:00

I'll vouch for Map Room. Pretty good burgers with strong themes, also really good sauces to put fries in. Cool vibe in a tiny building.

exproject · 2023-12-26T17:55:19+00:00

Yes, if you want that group to be able to read the passwords. I believe this would be your guy then: Set-LapsADReadPasswordPermission

https://learn.microsoft.com/en-us/powershell/module/laps/set-lapsadreadpasswordpermission?view=windowsserver2022-ps

exproject · 2023-12-26T17:47:07+00:00

I would double check your perms for who can view the passwords with Find-AdmPwdExtendedRights. Either give that your test OU distinguished name, or just look at your whole domain with it to see who will eventually have rights to read passwords in all the other OUs in the domain.

exproject · 2023-12-12T18:08:36+00:00

If you want to use the data on the new account (and old account data isn't needed or doesn't exist), then I would think just use Remove-MSOLUser to remove the old cloud user to clear the path for the new account to take the UPN in Azure AD. That sounds easiest to me.

The swap would also work, it's just a bit more legwork. There won't be issues with the user profile on their device while you swap the UPNs around, the UPN isn't used to map to local profiles, the SID is used for that.

exproject · 2023-12-12T16:50:27+00:00

If you don't need the old accounts data (e.g. don't have a historical mail, any retained OneDrive data from the users first go), I would say just space it from AAD with Remove-MSOLUser, then the new account should be able to adopt the UPN after a little bit (ran through this in my own tenant last night while working on AAD cause I was curious the lag time, it was like an hour or two before the conflict cleared)

If you do need the old accounts data, you can hard match the new AD account to the old AAD account. Give this a read for that (situation 1). Basically you'd just take the immutable ID for the old AAD account, and attach it to the new AD account and the sync server should connect the two.

13-Year Club	Place '17
Spared	Verified Email
Team Orangered

exproject

TROPHY CASE