sync: auto-sync from GURU-5070 at 2026-06-27 04:42:51

Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-27 04:42:51
This commit is contained in:
2026-06-27 04:43:46 -07:00
parent 03ee61f0a6
commit 4321dbbbc0
4 changed files with 246 additions and 3 deletions

View File

@@ -191,3 +191,96 @@ mailboxes, mail + calendar + contacts) was created and auto-started — Status:
- RMM install one-liner (BirthBio site): `irm https://rmm.azcomputerguru.com/install/BRIGHT-PEAK-5980/windows | iex`.
- Discord DMs to Mike: message_id 1520034139900739627 (initial DWD), 1520055625302675537 (corrected 5-scope).
- Vault enrollment key: `clients/birth-biologic/gururmm-site-main` (site BRIGHT-PEAK-5980, id 3b20ef97-…).
---
## Update: 04:42 PT (2026-06-27) — Datto->SharePoint delta completion, Quality recovery, April-vs-now reconcile, ticket #32187 billed
Continuation of the same session. Covers the SharePoint side: completing the additive delta, recovering an
accidentally-deleted Quality site, reconciling SharePoint to match Datto (source of truth), freezing the
Datto source, and updating/billing the Datto migration ticket.
### Session Summary (update)
After ACG-DWP-X-BB finished re-syncing with Datto cloud, ran the **Datto -> SharePoint delta**. The April
SPMT run was additive and never re-synchronized, so the delta only needed to add files that had never
transferred. Built `delta-recon-v2.ps1` (sanitize-aware reconcile: matches on both raw and sanitized
paths to find GENUINELY_MISSING files) and `delta-upload-v3.ps1` (simple-PUT for <=244MB auto-creating
parent folders, EnsureFolder + chunked for larger, FileShare.ReadWrite shared reads for Datto-locked
files, long-path `\\?\` for [IO.File] reads, SanRemote trim of leading/trailing spaces + trailing dots).
Reconciled to **0 missing** across Supply Management, Admin, Birth Biologic Activity Reports, Donor
Services (107 GB / ~57K files), and Quality. Renamed 19 Datto source files to match SharePoint (stripped
leading/trailing spaces + trailing dots).
**Quality site recovery.** The Quality Department SharePoint site was deleted 6/26. Unified audit log
showed `operations@` deleted the connected M365 Group, which cascaded (AAD -> SharePoint sync) to remove
the site. Restored from the SharePoint deleted-site recycle bin (cert-based app token; SP REST rejects
app-only tokens). Since Quality is being reorganized into the **Quality Systems Department (QSD)** site,
relocated the migrated Quality content there via server-side copy, then filled 44 missing + 3 file-lock
stragglers. Old `/sites/QualityDepartment` auto-purges ~7/26.
**April-vs-now divergence + mirror.** Because the April push was additive (not a sync), anything deleted,
moved, or changed in Datto after April was stale in SharePoint. Treating Datto as source of truth, built
a consolidated change-list (`consolidated_changelist.csv`): **1,583 deleted/moved + 161 modified (~1,744
differences)**. Cross-checked the SP unified audit log to find files users had created/edited directly in
SharePoint (operations@, ksteen, jbeck, etc. on live sites) and **flagged 11 to protect**. Ran
`mirror-execute.ps1` (re-validates each row against a frozen Datto set, DELETEs stale by path-addressed
Graph DELETE -> recycle bin, refreshes modified via PUT, skips protected): **deleted=1,564, refreshed=160,
protected-skip=11, fail=0**. For the 1 modified protected file, pushed the Datto version beside the user's
edit as "...Datto Copy.docx"; the 10 deleted/moved protected are SP-only (no Datto copy) -> left as-is.
**Froze the source.** Stopped + disabled the Datto Workplace Server service on ACG-DWP-X-BB so the source
no longer changes (also resolves the "reappearing files" complaint by removing the stale SP copies).
**Ticket #32187 (Datto, Syncro 109277420).** Posted a highly-detailed public+email completion/remediation
note and billed **5.0h Labor - Remote Business ($150/hr = $750)**. Posted #bot-alerts notifications.
### Key Decisions (update)
- **Datto = source of truth** for the reconcile; SharePoint mirrored to it. Deletes go to the SP recycle
bin (recoverable 93 days), never hard-deleted.
- **Protect user-touched SP files** — never overwrite/delete the 11 flagged via audit log; for the one
edited file, keep both (Datto pushed as "Datto Copy") rather than overwrite.
- **Relocate Quality content to QSD** rather than rebuild under the restored old site, matching the planned
reorg; let the old site auto-purge.
- **Root-cause correction (Mike):** the "reappearing" files were NOT a Datto resurrection. They were stale
SP copies sitting in SharePoint since the April additive push (files deleted from Datto after April were
never removed from SP). Rewrote the ticket note's root-cause section accordingly.
### Problems Encountered (update)
- **SP REST "Unsupported app only token"** -> SharePoint requires a cert-based token; granted
Sites.FullControl.All and used a client_assertion JWT (x5t = cert thumbprint b64url). Fixed.
- **Chunked-upload 400 into brand-new folders** -> switched to simple-PUT (auto-creates parents). Fixed.
- **Long-path SKIP-nofile** -> `\\?\` prefix for [IO.File] reads (not for Rename-Item/File.Move in PS5.1).
- **Filename 400s** = leading/trailing spaces / trailing dots -> SanRemote trim; renamed 19 source files.
- **Datto file-locks** -> FileShare.ReadWrite shared read. Fixed.
- **Background poller broke** (curl --data-binary @file errored each iteration due to $0-relative temp paths
under run_in_background) -> read the mirror log directly instead. Logged as friction.
- **bot-alert missing link** -> first #bot-alerts post for #32187 omitted the mandated `-> <link>` tail; the
helper posts text verbatim and does not auto-append. Reposted correctly + logged friction.
### Configuration Changes (update)
- Created on ACG-DWP-X-BB / scratchpad: `delta-recon-v2.ps1`, `delta-upload-v3.ps1`, `mirror-execute.ps1`,
`consolidated_changelist.csv`, divergence CSVs, `mirror-execute.log`.
- Stopped + disabled Datto Workplace Server service on ACG-DWP-X-BB.
- Renamed 19 Datto source files (whitespace/trailing-dot cleanup) under
`C:\Users\Public\Desktop\Datto Workplace Server Projects`.
### Pending / Incomplete Tasks (update)
- **Mail:** MX cutover still pending (Batch 1 complete). Then authorize Workspace write scopes
(apps.licensing + admin.directory.user + Licensing API), unlicense migrated Google users, run Batch 2.
- **SP-only user files** (Shift Coms / DEMO and similar) — decide whether to fold into Datto.
- Old `/sites/QualityDepartment` auto-purges ~7/26 (no action needed).
### Reference Information (update)
- Datto migration ticket: #32187 (Syncro id 109277420). Comment id 420992239 (public+email);
line item id 43043687 (5.0h Labor - Remote Business, product 1190473, $150).
- #bot-alerts: message_id 1520266361996316802 (corrected, with link).
- SP site IDs — Donor: `birthbiologic.sharepoint.com,bcbfa272-dc85-424c-af66-3f14c75ffeb4,8b0975dd-...`;
Admin: `...,1baf65c1-c4b3-4602-9111-1f99ae800023,...`; Supply: `...,4700ecf3-25ba-41b6-918c-9fe620038172,...`;
QSD: `...,3173c017-58bd-406a-8858-2c969667336f,...`.
- Tenant 19a568e8-9e88-413b-9341-cbc224b39145; Graph app client 709e6eed-0711-4875-9c44-2d3518c47063.