azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from HOWARD-HOME at 2026-05-29 16:07:21

Browse Source 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-05-29 16:07:21
This commit is contained in:
Howard Enos
2026-05-29 16:07:30 -07:00
parent be6b1c40e7
commit 309baa57b7
1 changed files with 59 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
clients/cascades-tucson/session-logs/2026-05-29-session.md
View File

@@ -153,3 +153,62 @@ Screen AC : 0x00000384 (900 seconds = 15 min)
### Status
Machine fully configured. Lois Lane domain-joined, folder redirection live, power settings done. Remaining: she needs to log in to M365 (OU=Care-Assisted Living not yet in Entra Connect sync scope — cloud-only password still active), and re-pin Quick Access sidebar shortcuts.
---
## Update: 15:59 PT — Karen Rossini ALIS login issue
## User
- **User:** Howard Enos (howard)
- **Machine:** Howard-Home
- **Role:** tech
### Session Summary
Howard reported that Karen Rossini (Health Services Manager, OU=Care-Assisted Living) was not supposed to be in SG-Caregivers. Investigated via GuruRMM remote PowerShell on CS-SERVER.
First confirmed Karen was NOT in SG-Caregivers (38 members, she was absent — no action needed). Pulled her full AD group memberships and found she has zero group memberships of any kind. Cross-referenced against the migration plan and Entra setup notes:
- `OU=Care-Assisted Living` is outside the Entra Connect sync scope (only `OU=Caregivers` syncs) — Karen has no M365/Entra cloud presence
- She has no AD group assignments because Wave 2 (office staff reorganization) has not reached her account yet
- Per the migration plan she should eventually be in: `SG-Office-PHI-External`, `SG-SSPR-Eligible`, and `SG-External-Signin-Allowed`
The actual problem was separate: Karen could not log into ALIS because ALIS had 2FA enabled on her direct (non-SSO) ALIS account and she had no way to complete it. Howard called ALIS support and they disabled 2FA on her account, restoring her login. Howard does not have ALIS admin permissions to edit her staff record directly — John will need to assist with updating her email field to `karen.rossini@cascadestucson.com` and verifying her ALIS role.
A coord todo was created (id: cc7686a2) assigned to howard for the John-assisted ALIS account update.
### Key Decisions
- Karen's zero group memberships are expected at this stage — Wave 2 work has not reached her yet, not an error
- No changes made to AD groups — she was never in SG-Caregivers
- ALIS native 2FA disabled by ALIS support as a workaround; SSO is the long-term fix once Wave 2 expands sync scope to `OU=Care-Assisted Living`
### Commands & Outputs
**SG-Caregivers membership check (CS-SERVER, cmd: e44fb6b3):**
```
[INFO] karen.rossini was not found in SG-Caregivers - no action taken
SG-Caregivers now has 38 members
```
**Karen Rossini group memberships (CS-SERVER, cmd: df9e860e):**
```
Display Name: Karen Rossini
Title: (blank)
Department: (blank)
Enabled: True
DN: CN=Karen Rossini,OU=Care-Assisted Living,OU=Departments,DC=cascades,DC=local
Group Memberships: (none)
```
### Pending / Incomplete Tasks
- John to assist Howard with editing Karen Rossini's ALIS staff record: update email to `karen.rossini@cascadestucson.com`, verify role/permissions — coord todo cc7686a2
- Wave 2: add Karen to `SG-Office-PHI-External`, `SG-SSPR-Eligible`, `SG-External-Signin-Allowed` when her OU is brought into Entra Connect scope
- Long-term: `OU=Care-Assisted Living` needs to be added to Entra Connect sync scope as part of Wave 2
### Reference Information
- Coord todo: cc7686a2 (Karen Rossini ALIS account follow-up, assigned howard)
- RMM commands: e44fb6b3 (SG-Caregivers check), df9e860e (group memberships)
- CS-SERVER agent: c39f1de7-d5b6-45ae-b132-e06977ab1713