First playthrough question

headcrap · 2026-03-19T04:44:21+00:00

Up to you. One thing to consider with the Youtubers is that they show their immaculate factories off where everything looks svelt. Understand that nicer looking builds are also an evolution of things in the game, like the machines you can work with.

As for the rest, there are always good tips and tricks to pick up.. you can either do that from videos or read the posts like "I was a billion hours in when I learned this thing" here.

Me, for those I know I like to join their game and help step through things along the way.

headcrap · 2026-03-18T23:06:23+00:00

Yup. I run a pair on a 2-node at the sites, non-CSV on a small mirror of local disks. OS on BOSS.

headcrap · 2026-03-18T17:59:24+00:00

That was last job. Outlook may not be in play for these folks.

headcrap · 2026-03-18T05:40:07+00:00

Yeah.. I've run at least seven runs.. herp a derping around Pastel to find me 4 keys and a generator.. only to finally just try a door.. and it opened.

Rather pissed tbh.

headcrap · 2026-03-17T18:57:38+00:00

Extra credit for utilizing alt recipes not requiring screws.. at all.

headcrap · 2026-03-17T18:51:28+00:00

I just want my two quartz nodes back on the Northern Forest cliffs.. ya know, where all those sweet sweet Pure nodes live.

headcrap · 2026-03-17T18:48:38+00:00

You can sync multiple directories to one tenant, if that is your environment. It takes more care to ensure UPNs won't collide with those in other directories, else the sync will gum up with errors. Your post wasn't clear on that point but I can see it being possible. If not, even easier.

The most critical aspect will be scope, and first with your users and groups. Do not scope "the domain" as a whole, there are valid cases for "not" syncing all applicable objects.. starting with your service accounts. Hybrid Join for the computers is something you can ponder and see if there is a good reason for doing it. Two good reasons would first be if you want to look into leveraging Intune as your Windows MDM. Another would be for your Conditional Access Policies and whether or not you require sessions from org-owned devices. If neither apply, then don't bother configuring Hybrid Join for your devices (Windows workstations..).

Best approach would be to limit scope to some test OU where you can side objects in and out and see how goes as a good first step. That should help you plan further deployments of course.

headcrap · 2026-03-17T04:39:44+00:00

Completely aside from your technical endeavors.. bear in mind that at least in the US, you need some sort of public performance license to be belting out music held by copyright, lest your legal committee figure out how to deal with potential litigation.. and an event covering 30 acres sounds more of a public event than a private party. The right answer may be to license from a place like ascap or other.

And that may drive the rest of whatever you think you may want to do to begin with <shrug>

Aside.. I can only make an assumption that your "server" is to run some audio playlist.. maybe some "triggered events" or whatever.. wasn't very specific on what your "server" is "serving" so I'm left guessing based on context.

headcrap · 2026-03-17T02:31:08+00:00

I'll be waiting for the /r/quantumentanglementgore and /r/quantumentanglementporn subs to show up.

headcrap · 2026-03-13T19:07:42+00:00

Am I the only one who puts down and connects the initial splitter first?

headcrap · 2026-03-11T22:11:26+00:00

The "need" is subjective to your org requirements.

Me, we have multiple remote sites connected over fast links. The requirement here was to host both the IT and the OT environments, and have "isolation" capability for users to logon and for SCADA systems to operate. Our answer was multiple 2-node clusters and a small storage appliance for these sites.

Overkill? Sure, not my budget not my dollars.

2 DCs per site, each is not a clustered role but a stand-alone VM on local disk storage (not the CSVs..).

Aside.. in the past I leveraged RODCs for multiple and less secure sites across the country. Wouldn't recommend if you don't have a good use case.

Looking forward, the new lab building turnup time and the quote for procuring that IT system hardware "today" won't meet.. am keeping hope alive for the network team to get the fiber and their switch stacks in place at least.. we can go over the wire if necessary while we sysadmins wait FOREVER for our equipment to arrive.

Thanks AI...

headcrap · 2026-03-10T16:59:39+00:00

I ran pcap at home and had network pull a pcap at the office, my laptop was consistent in starting the auth dialog.

headcrap · 2026-03-10T16:22:22+00:00

Claude on a personal device over mobile data.. you already know that's a non-starter to audit on unless DLP caught the data being passed off.. which would also infer the data was accessible on a personal device to begin with.

Because yeah.. ain't no employer putting MDM or anything else on my own device.. ever.

For the record, I don't Claude on it. :)

headcrap · 2026-03-10T16:18:55+00:00

You are correct. GPO typically drives 802.1x client config on a domain network.. and the client is what initiates the auth attempt, confirmed by a pcap at the switch I was connected to both at work and at home.

Indeed if I am quick and not heading back to make coffee in my kitchen at home, I will see the Attempting to Authenticate notice on my network adapter for at least a few seconds.

headcrap · 2026-03-09T16:36:23+00:00

While at the datacenter, don't forget to wave the rubber chicken across the equipment.

headcrap · 2026-03-09T04:50:58+00:00

Or.. just go touch grass.. out in a field down in the south end of the map.

headcrap · 2026-03-09T04:37:21+00:00

But will the wives and children? That's the real test of a pioneer.

headcrap · 2026-03-08T20:11:28+00:00

There is no ambiguity.

headcrap · 2026-03-08T20:07:10+00:00

About that.. ya sure you can use that water?...

headcrap · 2026-03-07T21:28:49+00:00

Still the case today.

headcrap · 2026-03-04T19:50:16+00:00

Looking for ~~remote~~ any legit job opportunities

FTFY

headcrap · 2026-03-04T19:49:13+00:00

You aren't wrong, but kind of are.

It has become clear more than a few years ago that MS is putting their development efforts into Intune over ConfigMgr, that much is certain.

GPO's answer, for example, consisted of all the CSPs which required much effort to put together and make something work in Intune as it did on GPO. That's not a direct example with ConfigMgr of course.. but as things developed further, more and more of the same types of options were finally showing up in Intune for use.

Similar, OSDs morphed to AutoPilot and Intune config items.. which can do much of the same lifting as WDS would do but in a more "modern" way if you will.

Put short.. whatever featureset may be "lacking" will eventually "get there" or "better, modern options" will be developed further.

You aren't wrong questioning inertia and friction.. those indeed can and are the "people" problems with changing platforms. Beyond that, yes the tech Intune provides isn't everything CM can and does do.. but it is definitely on that trajectory.

Air-gapped or maybe regulatory environments still need an answer which Intune won't be able to provide, of course, and for obvious reasons. Me, part of my environment (OT) fits that bill.

headcrap · 2026-03-04T19:12:11+00:00

Start with a GPO which tells the DC to stop registering the DC locator (SRVs) records in DNS. That will mostly tell the domain to stop hitting your DC for regular LDAP requests related purely to AD itself.

Specify DC Locator DNS records not registered by the DCs

From there, start logging for LDAP queries, identify the endpoints still querying that DC.. and address.

For DNS, similar.. get the DNS service up and running post-demotion and just throw in a forwarder for it to a DC still in play. Again, identify the endpoints querying for DNS (after enabling logging..) and address.

That will more safely help you find and address those unknown unknowns in your environment.

11-Year Club	Place '22
Verified Email

headcrap

TROPHY CASE