diff --git a/wiki/clients/birth-biologic.md b/wiki/clients/birth-biologic.md index f99f2955..704482c1 100644 --- a/wiki/clients/birth-biologic.md +++ b/wiki/clients/birth-biologic.md @@ -2,11 +2,13 @@ type: client name: birth-biologic display_name: BirthBiologic -last_compiled: 2026-06-02 -compiled_by: GURU-BEAST-ROG/discord-bot +last_compiled: 2026-06-26 +compiled_by: GURU-5070/claude-main sources: - clients/birth-biologic/session-logs/2026-04-21-session.md - clients/birth-biologic/session-logs/2026-06-02-session.md + - clients/birth-biologic/session-logs/2026-06/2026-06-26-mike-birthbio-mail-migration-and-datto-vm.md + - clients/birth-biologic/docs/migration/google-to-m365-scope.md backlinks: - projects/gururmm aliases: [birthbiologic] @@ -16,14 +18,18 @@ aliases: [birthbiologic] ## Profile -- **Company type:** Corporate (exact industry not documented — biological/healthcare services implied by name and SharePoint site structure: Donor Services, Quality Department, Birth Biologic Activity Reports) -- **Contract type:** [unverified — MSP-managed implied; no explicit contract type documented] +- **Company type:** Biological/healthcare services (cord blood / donor services implied by site structure: Donor Services, Quality Department, Birth Biologic Activity Reports); Stilwell, KS +- **Contract type:** Prepaid hour block - **Key contacts:** - - Annise — primary client contact for SharePoint migration; no last name or email documented - - sysadmin@birthbiologic.com — M365 shared admin account; M365 Business Premium license assigned 2026-04-21 -- **Billing rate:** [unverified] -- **Syncro ticket:** #109277420 (Datto Workplace to SharePoint Migration; assigned to Mike Swanson, user_id 1735; contact: Annise; due 2026-04-22) -- **Syncro customer ID:** [unverified — not documented in available session logs] + - Annise — primary client contact for migration work; no last name or email documented + - Kristin Steen — ksteen@birthbiologic.com (known Syncro contact; workstation KSTEENBB2025) + - sysadmin@birthbiologic.com — M365/Google shared admin account (ACG-managed); M365 Business Premium license assigned 2026-04-21; SharePoint admin role confirmed +- **Billing rate:** (verify — check Syncro invoices) +- **Hours remaining (prepaid):** 10.0 hrs as of 2026-06-26 +- **Syncro customer ID:** 17983014 +- **Managed assets (Syncro):** 13 +- **Open tickets:** 0 as of 2026-06-26 +- **Historical ticket:** #109277420 — Datto Workplace to SharePoint Migration; assigned Mike Swanson; contact Annise; closed/historical ## Infrastructure @@ -31,46 +37,72 @@ aliases: [birthbiologic] | Host | IP | Role | OS | Notes | |---|---|---|---|---| -| BB-SERVER | [unverified] | On-premise Windows server | Windows Server 2016 | GuruRMM agent installed 2026-04-21; used as command channel for Datto→SharePoint migration script execution | +| BB-SERVER | (verify) | On-premise Windows server | Windows Server 2016 | GuruRMM agent `6c02baa7-0f1c-4990-b466-c9ab9eaefd3b` installed 2026-04-21; Datto Workplace Server installed; custom Datto→SP migration script artifacts at `C:\GuruMigration`; state file shows 160 Supply Mgmt + 49 ITSvcs uploaded April 2026 | +| ACG-DWP-X-BB | 172.16.3.45 | ACG-owned Datto/SPMT migration VM (Jupiter libvirt) | Windows Server 2019 build 17763 (libvirt domain label "Windows Server 2016") | Static IP /22, GW 172.16.0.1, DNS 172.16.0.1+1.1.1.1; virtio NIC 52:54:00:d4:8e:59 on br0 (vnet14); Datto Workplace Server (svc `datto_workplace_server.default`) + SPMT (under Administrator profile); source tree `C:\Users\Public\Desktop\Datto Workplace Server Projects`; GuruRMM agent `a4524e85-8a07-45d0-91b1-51ce7e2ca74a` enrolled 2026-06-26 | ### Email & Identity -- **M365 tenant:** birthbiologic.com (tenant ID: [unverified — "not yet looked up" as of 2026-04-21 session]) -- **License:** M365 Business Premium (SKU `cbdc14ab-d96c-4132-b7f4-1f3a3a819bb4`) assigned to sysadmin@birthbiologic.com; includes EMS (standalone EMS removed after upgrade) -- **MFA status:** [unverified] -- **ACG remediation tool consent status (as of 2026-04-21):** - - Security Investigator: consented - - Tenant Admin (`709e6eed-0711-4875-9c44-2d3518c47063`): consented - - Exchange Operator: NOT consented - - User Manager: NOT consented - - Defender Add-on: NOT consented -- **sysadmin SharePoint role:** sysadmin@birthbiologic.com confirmed as SharePoint admin (required for SPMT destination access) +- **M365 tenant:** birthbiologic.com / tenant ID `19a568e8-9e88-413b-9341-cbc224b39145` +- **Target delivery domain (migration):** birthbiologic.onmicrosoft.com +- **Accepted domains:** birthbiologic.com (default), birthbiologic.onmicrosoft.com +- **MX (as of 2026-06-26):** Google Workspace (`aspmx.l.google.com` + alts) — live mail still on Google; M365 cutover NOT yet done +- **DNS host:** SiteGround (`ns1/ns2.us92.siteground.us`); Registrar: Name.com; `www` → GCP 35.215.115.203 (not in scope) +- **M365 licensing (all consumed as of 2026-06-26):** + - Business Premium (skuId `cbdc14ab-d96c-4c30-b9f4-6ada7cdc1d46`): 14/14 + - Exchange Online Plan 1 — EXCHANGESTANDARD (skuId `4b9405b0-7788-4568-add1-99614e613b69`): 7/7 + - Active-12 staff + sysadmin@ + operations@ on Business Premium; Dr. Chris Gillis (`medicaldirector@`) + Michael Merritt (`mmerritt@`) created 2026-06-26 with Exchange-only (passwords vaulted); 5 former employees (`sabron`, `aboutte`, `araso`, `khoffman`, `pnelson`) Exchange-only with sign-in disabled (future shared-mailbox targets, license reclaimable post-conversion) + - Mindi address mismatch: `mindim@` (Google) vs `mmaher@` (M365) — mapped via CSV `Username` column + `smtp:mindim@birthbiologic.com` proxy added to her mailbox via `Set-Mailbox` +- **MFA status:** (verify) +- **ACG remediation tool consent status (as of 2026-06-26 — FULLY ONBOARDED):** + - Security Investigator: consented (SP `bf684a4b-…`) + - Tenant Admin: consented (app client_id `709e6eed-0711-4875-9c44-2d3518c47063`; SP object `7a199b11-97fb-4e65-917d-f8d29a53ba49`; consent redirect URI must be `https://azcomputerguru.com`, NOT `https://rmm.azcomputerguru.com`) + - Exchange Operator: consented 2026-06-26 (SP `bab4699b-32a3-4434-9cad-7a4a08cc4d9e`; Exchange Administrator role) + - User Manager: consented 2026-06-26 (SP `3347ebcc-…`) + - Defender Add-on: consented 2026-06-26 (SP `161b8f61-…`) - **Note:** sysadmin@birthbiologic.com did not have a SharePoint/M365 license prior to 2026-04-21. For SharePoint app-only access, use Tenant Admin app with `Sites.ReadWrite.All` (no user license required for app-only). +### Google Workspace (source tenant — migration in progress) + +- **Super-admin:** sysadmin@birthbiologic.com; password vaulted at `clients/birth-biologic/google-workspace.sops.yaml` (`credentials.password`) +- **Domain-wide delegation:** acg-msp-access SA (`acg-msp-access@acg-msp-access.iam.gserviceaccount.com`); OAuth2 client ID `102231607889615995452`; GCP project `acg-msp-access` (number 806899474449) +- **Required DWD scopes (5, exact, comma-separated, no spaces):** + `https://mail.google.com/,https://www.googleapis.com/auth/calendar,https://www.google.com/m8/feeds/,https://www.googleapis.com/auth/gmail.settings.sharing,https://www.googleapis.com/auth/contacts` +- **GCP APIs enabled on acg-msp-access:** Gmail, Calendar (calendar-json), People +- **Google roster (DWD pull, 2026-06-26):** 20 accounts — 15 active, 5 suspended + +### Gmail Migration Status (as of 2026-06-26) + +- **Method:** Native MS "Migration from Google Workspace" via Exchange Operator REST InvokeCommand +- **Endpoint:** `BB-Gmail` (type: Gmail; impersonation admin: sysadmin@birthbiologic.com) +- **Batch 1 (BB-Batch1):** 14 live mailboxes, mail + calendar + contacts, TargetDeliveryDomain `birthbiologic.onmicrosoft.com`, AutoStart, NotificationEmails sysadmin@; **Status: Syncing** (created 2026-06-26) +- **Batch 2:** Not started — 5 former employees; pending un-suspend in Google + free Workspace seats + ### File Storage -- **Pre-migration:** Datto Workplace (on-premise network file server, accessed from BB-SERVER) +- **Pre-migration source:** Datto Workplace (server on ACG-DWP-X-BB; original custom-script artifacts on BB-SERVER at `C:\GuruMigration`) - **Post-migration target:** Microsoft SharePoint (M365) -- **Migration tool:** Custom PowerShell script (`clients/birth-biologic/scripts/migrate-datto-to-sharepoint.ps1`) + SPMT for bulk folders +- **Migration tools:** Custom PowerShell script (`clients/birth-biologic/scripts/migrate-datto-to-sharepoint.ps1`) + SPMT (on ACG-DWP-X-BB under Administrator profile) ### SharePoint Site Map -| Datto Folder | SharePoint Site | Notes | -|---|---|---| -| Admin | birthbiologic.sharepoint.com/sites/Admin | Migrated via SPMT | -| Birth Biologic Activity Reports | birthbiologic.sharepoint.com/sites/Admin | Same site as Admin; SPMT preserves source folder name as subfolder | -| Donor Services | birthbiologic.sharepoint.com/sites/DonorServices | Migrated via SPMT | -| Quality Department | birthbiologic.sharepoint.com/sites/QualityDepartment | Migrated via SPMT | -| Supply Management | birthbiologic.sharepoint.com/sites/SupplyManagement | 160/160 files migrated via custom PS script (2026-04-21) | -| ITSvcs | EXCLUDED | ACG-owned folder; not client data | +| Datto Folder | SharePoint Site | Size / Files | Status | +|---|---|---|---| +| Admin | birthbiologic.sharepoint.com/sites/Admin | 5.8 GB / 6,279 files | SPMT last ran 2026-04-29; completion UNCONFIRMED | +| Birth Biologic Activity Reports | birthbiologic.sharepoint.com/sites/Admin (subfolder) | 1 file | SPMT; SPMT preserves source folder name as subfolder; UNCONFIRMED | +| Donor Services | birthbiologic.sharepoint.com/sites/DonorServices | 109 GB / 56,826 files | SPMT last ran 2026-04-29; completion UNCONFIRMED | +| Quality Department | birthbiologic.sharepoint.com/sites/QualityDepartment | 28 GB / 3,714 files | SPMT last ran 2026-04-29; completion UNCONFIRMED | +| Supply Management | birthbiologic.sharepoint.com/sites/SupplyManagement | 33 MB / 160 files | 160/160 migrated via custom PS script 2026-04-21 — COMPLETE | +| ITSvcs | EXCLUDED | 52 files | ACG-owned folder; never client data | -Site IDs are hardcoded in `$SITE_MAP` hashtable in the migration script. +Site IDs hardcoded in `$SITE_MAP` hashtable in the migration script. ### Network -- **ISP / WAN:** [unverified] -- **Firewall:** [unverified] -- **VPN:** [unverified] +- **ACG Jupiter (Datto VM host):** LAN 172.16.0.0/22, GW pfSense 172.16.0.1; Jupiter at 172.16.3.20 (Unraid, virsh); guest-exec helper `/root/gx.sh` +- **ACG-DWP-X-BB:** 172.16.3.45/22 static (was APIPA after ~2 months parked; pfSense DHCP not leasing that MAC; fixed 2026-06-26) +- **ISP / WAN (BirthBio site):** (verify) +- **Firewall (BirthBio site):** (verify) +- **VPN:** (verify) ## GuruRMM @@ -82,25 +114,35 @@ Site IDs are hardcoded in `$SITE_MAP` hashtable in the migration script. - **Agent enrollment key:** `clients/birthbiologic/gururmm-site-main.sops.yaml` (vault) - **Install landing page:** `https://rmm.azcomputerguru.com/install/BRIGHT-PEAK-5980` - **MSI download:** `https://rmm.azcomputerguru.com/sites/3b20ef97-c764-4ef8-9154-79c3d5b486f8/installer` +- **RMM one-liner (Windows):** `irm https://rmm.azcomputerguru.com/install/BRIGHT-PEAK-5980/windows | iex` ### Enrolled Agents -| Agent | Host | OS | Agent ID | Notes | -|---|---|---|---|---| -| BB-SERVER | BB-SERVER | Windows Server 2016 | `6c02baa7-0f1c-4990-b466-c9ab9eaefd3b` | Installed 2026-04-21; used as command channel throughout Datto→SP migration; runs Datto Workplace **Server** | -| KSTEENBB2025 | KSTEENBB2025 | Windows 11 | `ee3c6aea-e9cc-4d2f-9e79-a38dd0eb129e` | Kristin Steen's workstation | -| EVO-X1 | EVO-X1 | Windows 11 | `9595f002-5cfe-4db6-b7aa-1df4a20e9f9b` | Vicki Fountain's workstation; used as SmartBadge fleet reference | -| BB-Office2 | BB-Office2 | Windows 11 | `48763401-4859-49f9-b64a-7a50d0148b23` | Shared/office workstation | +| Agent | Host | OS | Agent ID | IP | Notes | +|---|---|---|---|---|---| +| BB-SERVER | BB-SERVER | Windows Server 2016 | `6c02baa7-0f1c-4990-b466-c9ab9eaefd3b` | (verify) | Installed 2026-04-21; original Datto→SP command channel; Datto Workplace Server; custom migration script artifacts | +| KSTEENBB2025 | KSTEENBB2025 | Windows 11 | `ee3c6aea-e9cc-4d2f-9e79-a38dd0eb129e` | — | Kristin Steen's workstation | +| EVO-X1 | EVO-X1 | Windows 11 | `9595f002-5cfe-4db6-b7aa-1df4a20e9f9b` | — | Vicki Fountain's workstation; SmartBadge fleet reference machine | +| BB-Office2 | BB-Office2 | Windows 11 | `48763401-4859-49f9-b64a-7a50d0148b23` | — | Shared/office workstation | +| ACG-DWP-X-BB | ACG-DWP-X-BB | Windows Server 2019 | `a4524e85-8a07-45d0-91b1-51ce7e2ca74a` | 172.16.3.45 | ACG-owned; Jupiter libvirt VM; Datto Workplace Server + SPMT migration host; enrolled 2026-06-26 under BirthBiologic/Main Office | ## Access - **GuruRMM:** Dashboard → BirthBiologic → Main Office - **M365 admin:** sysadmin@birthbiologic.com +- **Google Workspace admin:** sysadmin@birthbiologic.com (same account; password vaulted) - **Vault paths:** - `clients/birthbiologic/gururmm-site-main.sops.yaml` — GuruRMM site enrollment key - `msp-tools/computerguru-tenant-admin.sops.yaml` → `credentials.credential` — Tenant Admin app secret + - `msp-tools/computerguru-exchange-operator.sops.yaml` → `credentials.client_secret` — Exchange Operator app secret + - `msp-tools/acg-msp-access-google-workspace.sops.yaml` → `credentials.credential` — Google SA JSON key (full) + - `clients/birth-biologic/google-workspace.sops.yaml` → `credentials.password` — Google Workspace super-admin password + - `clients/birth-biologic/m365-medicaldirector.sops.yaml` — Dr. Chris Gillis M365 initial password (forceChangePasswordNextSignIn=true) + - `clients/birth-biologic/m365-mmerritt.sops.yaml` — Michael Merritt M365 initial password (forceChangePasswordNextSignIn=true) - **Tenant Admin app:** client_id `709e6eed-0711-4875-9c44-2d3518c47063`; consent redirect URI must be `https://azcomputerguru.com` (NOT `https://rmm.azcomputerguru.com`) +- **Exchange Operator SP:** `bab4699b-32a3-4434-9cad-7a4a08cc4d9e`; Exchange Administrator role; drive via REST InvokeCommand (see Patterns) - **Migration script:** `clients/birth-biologic/scripts/migrate-datto-to-sharepoint.ps1` +- **Migration runbook:** `projects/msp-tools/runbooks/google-workspace-to-m365-migration.md` (updated 2026-06-26 — exact 5-scope string, all-or-nothing gotcha, Contacts API retired/People API, GCP-owner requirement) ## Patterns & Known Issues @@ -116,21 +158,33 @@ Site IDs are hardcoded in `$SITE_MAP` hashtable in the migration script. - **GuruRMM command body requirements:** `command_type` field is required (use `"powershell"` for PS scripts). Missing field returns 422. JWT must include `sub`, `role`, `orgs`, `exp`, `iat` claims — any missing claim returns 401. - **GuruRMM `.stdout` null handling in watch scripts:** `jq -r '.stdout'` emits the literal 4-char string `"null"` when the API returns JSON `null` for stdout. Always use `.stdout // empty` (or `.stdout // ""`) so that a null field becomes an empty string, not the word "null". Affects any script that greps command output for a sentinel line. - **PS5.1 quirks on BB-SERVER:** No Unicode box-drawing characters (parse error in PS5.1); no `@{} + @{}` hashtable merge (use foreach loop); use `${encodedPath}` not `$encodedPath:` in URL strings (colon interpreted as drive reference). +- **Google→M365 migration requires exactly Microsoft's 5-scope DWD set:** Google rejects the migration token all-or-nothing if any scope is missing (`unauthorized_client: … not authorized for any of the scopes requested`). The original DWD grant had only 3 of 5; missing were `m8/feeds` and `gmail.settings.sharing`. The `m8/feeds` scope is a still-valid alias for contacts auth, served by the People API; the standalone Contacts API was retired 2022 (not enableable in GCP, not needed). See exact 5-scope string in the Google Workspace section above. +- **Enabling GCP APIs in acg-msp-access requires ACG project owner identity:** Running `gcloud services enable` as a client super-admin (`sysadmin@birthbiologic.com`) fails — that account has no rights to ACG's `acg-msp-access` GCP project. Must be authenticated as the ACG GCP project owner. +- **Exchange driven via REST InvokeCommand — EXO PS module not available:** Exchange Operator app token (`scope=https://outlook.office365.com/.default`), endpoint `POST https://outlook.office365.com/adminapi/beta/{tenant}/InvokeCommand`, body `{"CmdletInput":{"CmdletName":"…","Parameters":{…}}}`. EXO PowerShell module not installed; the app has no vaulted cert, so `Connect-ExchangeOnline` app-only auth is not available. Byte-array parameters (`ServiceAccountKeyFileData`, `CSVData`) must be passed as base64 strings. +- **`vault.sh get-field` requires dotted field path for nested secrets:** `credentials.client_secret` and `credentials.credential` work; bare leaf names (`client_secret`) return a literal 4-char `null`. Always specify the full dotted path. +- **Tenant's real Business Premium skuId is `cbdc14ab-d96c-4c30-b9f4-6ada7cdc1d46`:** The scope doc had a stale GUID (`cbdc14ab-d96c-4132-b7f4-1f3a3a819bb4`). License assign 400'd until corrected. Pull skuId live from Graph `/subscribedSkus` before any license assignment. ## Active Work -- **Datto → SharePoint migration:** Supply Management folder complete (160/160 files). SPMT launched for Admin, Birth Biologic Activity Reports, Donor Services, Quality Department as of end of 2026-04-21 session (20% on Donor Services at session end). [WARNING] Migration completion unconfirmed — no follow-up session log found. Outstanding tasks from session log: - - Verify SPMT migration complete for all 4 folders - - Verify file counts in each SharePoint site match Datto source - - Notify Annise to test access - - Schedule delta sync (`-DeltaOnly` flag) after client confirms - - Delete two duplicate Syncro comments on #109277420 (GUI only) - - Verify ITSvcs state file on BB-SERVER is not causing issues +- **Google → M365 mail migration (IN PROGRESS):** BB-Batch1 auto-started 2026-06-26, Status: Syncing, 14 live mailboxes (mail + calendar + contacts). Pending: + - Monitor BB-Batch1: Provisioning → Syncing → Synced + - When Synced: flip MX in SiteGround DNS → M365; update SPF (`include:spf.protection.outlook.com`); enable/publish DKIM (2 CNAMEs); autodiscover CNAME → `autodiscover.outlook.com`; review DMARC; run final delta; complete batch + - Batch 2 — 5 former employees → shared mailboxes: un-suspend each in Google (free Workspace seats by suspending migrated live users first), run Gmail migration batch (`aboutte`, `araso`, `khoffman`, `pnelson`, `sabron` — already EXO-licensed, sign-in disabled), convert to shared mailboxes (<=50 GB = free), reclaim 5 EXO licenses + - Confirm Valerie VanEaton's status (active or departed since mid-May; if departed → former/shared track) + - Confirm Michael Merritt's long-term licensing tier + - Confirm `operations@` fate post-cutover (retain BP or convert to shared) +- **Datto → SharePoint migration reconciliation (BLOCKED — awaiting ACG-DWP-X-BB Datto re-sync):** + - Supply Management complete (160/160 files, 2026-04-21) + - 4 large SPMT folders (Admin 5.8 GB, Donor Services 109 GB, Quality 28 GB, Activity Reports) last SPMT run 2026-04-29; completion UNCONFIRMED — reconciliation pending Datto re-sync on ACG-DWP-X-BB + - After re-sync: compare source vs each SharePoint site, determine what April SPMT run left incomplete, schedule completion run(s) + - Notify Annise to test SharePoint access once confirmed complete; run delta sync (`-DeltaOnly`) post-confirmation +- **pfSense:** add DHCP reservation for 172.16.3.45 (MAC `52:54:00:d4:8e:59`) or confirm it is outside the DHCP pool ## History Highlights | Date | Event | |---|---| +| 2026-06-26 | Mike (GURU-5070): Google→M365 mail migration initiated; BB-Batch1 live (14 mailboxes, Status: Syncing). Identified Datto/SPMT migration VM as Jupiter libvirt domain ACG-DWP-X-BB (actual WS2019 build 17763); had APIPA after ~2 months parked (pfSense not leasing MAC); fixed with static IP 172.16.3.45/22; GuruRMM agent enrolled (`a4524e85-…`); Datto Workplace Server reconnected + re-syncing. Confirmed April SPMT run (4 large folders) completion unconfirmed. Fully onboarded BirthBio M365 to ACG suite (Exchange Operator + User Manager + Defender Add-on consented via `onboard365.sh provision`). Provisioned Exchange-only mailboxes for Dr. Chris Gillis (`medicaldirector@`) and Michael Merritt (`mmerritt@`); license redistribution: Mei Mei + Valerie +BP, Savanna BP→EXO, 4 disabled formers +EXO. Created Gmail migration endpoint BB-Gmail; created + auto-started BB-Batch1 (14 mailboxes, TargetDeliveryDomain birthbiologic.onmicrosoft.com). Vaulted Google super-admin creds + new M365 user passwords. | | 2026-06-02 | Mike (BEAST/discord-bot): SMARTBADGE-WATCH fired a false-positive DRIFT alert. Root cause: `jq -r '.stdout'` emitting literal `"null"` when RMM API returned JSON null stdout. Live re-verify via RMM confirmed KSTEENBB2025 clean (`RESULT: PASS`). Fixed `check-ksteen-smartbadge.sh` (commit `551aaf2`): `.stdout // empty` coercion, INFRA-ERROR vs DRIFT distinction, stderr/exit_code in diagnostics, poll window 80s→120s. | | 2026-05-29 | Mike: Corrected the SmartBadge fix — Kristin's machine had been left on the *older* Workplace Desktop v8 (diverged from fleet). Revo-removed v8, installed Workplace v10.53.4 (Workplace2), aligned SmartBadge `_CC` add-in/CLSID to EVO-X1, cleared her stuck per-user `LoadBehavior=2`. Verified working. Public tech notes + 1hr warranty on Syncro #32339. Stood up a 7-day daily verification (scheduled task on GURU-5070 + coord todo `4a5b09b3`, expires 2026-06-05). | | 2026-05-28 | Mike: Initial Kristin Steen SmartBadge remediation (Syncro #32339) — diagnosed dual Workplace2/Workplace Desktop install; **uninstalled the wrong one (Workplace2 v10)**, leaving v8 Desktop (corrected 2026-05-29). | @@ -138,4 +192,4 @@ Site IDs are hardcoded in `$SITE_MAP` hashtable in the migration script. ## Backlinks -- [[projects/gururmm]] — BB-SERVER enrolled (site: Main Office) +- [[projects/gururmm]] — BB-SERVER + ACG-DWP-X-BB enrolled (site: Main Office) diff --git a/wiki/index.md b/wiki/index.md index 945448f2..e08923a7 100644 --- a/wiki/index.md +++ b/wiki/index.md @@ -1,6 +1,6 @@ # Wiki Index -Last updated: 2026-06-25 +Last updated: 2026-06-26 Compiled by: HOWARD-HOME/claude-main This wiki is LLM-maintained. Do not edit articles manually — run `/wiki-compile` to update. @@ -24,7 +24,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks. | [Jimmy Company](clients/jimmy.md) | Break-fix, $150/hr; single aging workstation BLASTER2 (Win10 22H2 EOL, i5-3470/3.8GB — replace); backups the recurring theme (QuickBooks data); onboarded to GuruRMM 2026-06-19 (RDP NLA + Kaseya removal + cleanup); MSP360 local backup drive full, 90-day retention set, space reclaim pending in console (cloud B2 healthy) | 2026-06-19 | | [Valley Wide Plastering](clients/valleywide.md) | Prepaid block, 15.5 hrs remaining; plastering/stucco contractor; HP DL360 Gen10 + XenServer; VWP-FILES (G:) on Hyper-V — SMB1 enabled for the legacy XP Orders VM (V-XP); VB6 app modernization project; RDWeb brute-force incident; 11 Yealink phones pending | 2026-06-23 | | [ACG Internal Infrastructure](clients/internal-infrastructure.md) | ACG's own hosting infra — Neptune Exchange (cert expires 2026-05-31, DkimSigner disabled), IX server, Cloudflare tunnel workaround, ACG M365 tenant gaps | 2026-05-24 | -| [BirthBiologic](clients/birth-biologic.md) | Bio/healthcare; BB-SERVER (WS2016) GuruRMM enrolled; Datto→SharePoint migration incomplete; M365 apps partially consented | 2026-05-24 | +| [BirthBiologic](clients/birth-biologic.md) | Bio/healthcare (cord blood/donor services), Stilwell KS; Syncro 17983014, prepaid 10.0 hrs; **Google Workspace→M365 mail migration LIVE** (Batch 1 syncing — 14 mailboxes, mail+cal+contacts; MX still on Google, cutover pending); tenant FULLY onboarded (Exchange Operator/User Manager/Defender added 2026-06-26); 14 Business Premium + 7 Exchange-Online-P1 (all consumed); **Datto→SharePoint** migration VM ACG-DWP-X-BB (Jupiter, 172.16.3.45) recovered + RMM-enrolled + re-syncing — 4 SPMT folders (Admin/Donor Services 109GB/Quality/Activity) UNCONFIRMED pending sync | 2026-06-26 | | [CryoWeave](clients/cryoweave.md) | Custom cryogenic cable assemblies; cPanel on IX; website redesign + SEO project in progress; Syncro ID not documented | 2026-05-24 | | [Darrell Delphen](clients/darrell-delphen.md) | Break-fix residential (Yantis, TX); single Windows workstation DDDOffice072023 (GuruRMM); 2026-06-18 Outlook email links failing = ISP-managed Extreme EXOS gateway "NetIQ" SNI-filtering of Intermedia's url.emailprotection.link rewriter (WARP interim bypass, ISP disabled the feature for permanent fix); Syncro #35996725 | 2026-06-18 | | [Glaz-Tech Industries](clients/glaztech.md) | ~200 users, 9 locations; prepaid ~22.25 hrs; web server WWW (192.168.8.72 / 65.113.52.88) — IIS 10/VB.NET e-commerce; CRITICAL security posture: website connects to GTI-INV-SQL as sysadmin (login `tom`, named SQL login, C0 top finding) + plaintext PANs+CVV (stored by GTIware PSA, not website) + plaintext passwords + SQLi via `quo()` + XSS; apex 404 fixed + payment TLS fixed 2026-06-03; intrusion/brute-force log review 2026-06-04 (no attacker found; H5 detection blind spot confirmed — HTTP 200 on both success/failure + no failed-login logging); #32378 Waiting on Customer (assessment + reports + Appendix A delivered); M365 no MFA; SCL bypass rules for vendor DMARC + MailProtector digests | 2026-06-04 |