sync: auto-sync from GURU-5070 at 2026-06-29 15:30:34
Author: Mike Swanson Machine: GURU-5070 Timestamp: 2026-06-29 15:30:34
This commit is contained in:
BIN
.bbfile.recovered.xlsx
Normal file
BIN
.bbfile.recovered.xlsx
Normal file
Binary file not shown.
1
.bbfile.xlsx
Normal file
1
.bbfile.xlsx
Normal file
File diff suppressed because one or more lines are too long
@@ -2,6 +2,7 @@
|
||||
|
||||
## Reference
|
||||
- [ACG resource map](reference_resource_map.md) — **READ THIS FIRST** when a task references a server/service/tenant/API. What we have access to, how to connect from this machine, per-machine exceptions, gotchas. Points at the detail files below.
|
||||
- [GuruRMM User Manager](reference_gururmm_user_manager.md) — GuruRMM has a built-in per-agent User Manager tab (reset_password/enable/disable/groups for local+domain+AAD endpoint users; domain users only on a DC via `is_dc`). Use it, NOT raw Set-ADAccountPassword via /rmm. Endpoints: /api/agents/{id}/users + /users/action.
|
||||
- [exchange-op = all-access Exchange tier](feedback_exchange_op_all_access.md) — STOP claiming "no tier can write mail." Exchange Operator app = Exchange Admin role + full_access_as_app + Exchange.ManageAsApp = full all-access (move mail, rules, config, EWS). Default to `exchange-op` for any Exchange write.
|
||||
- [Tedards tenant facts](reference_tedards_tenant_facts.md) — Bill Tedards law office; tenant `4fcbb1f4…`; bt@/y226@ mailboxes; matter-number filing; UAL ingestion OFF; 9 synced devices; botched-import DUPLICATE folder.
|
||||
- [Investigator EXO ManageAsApp gap](reference_investigator_exo_manageasapp_gap.md) — Security Investigator app lacks `Exchange.ManageAsApp` (only `full_access_as_app`) so `investigator-exo` 401s on EXO adminapi; use `exchange-op` tier for InvokeCommand.
|
||||
|
||||
25
.claude/memory/reference_gururmm_user_manager.md
Normal file
25
.claude/memory/reference_gururmm_user_manager.md
Normal file
@@ -0,0 +1,25 @@
|
||||
---
|
||||
name: reference_gururmm_user_manager
|
||||
description: GuruRMM has a built-in per-agent User Manager (endpoint local/domain/AAD users) — use it, not raw PowerShell
|
||||
metadata:
|
||||
type: reference
|
||||
---
|
||||
|
||||
GuruRMM has a **built-in per-agent User Manager tab** (Users + Groups) for managing the
|
||||
*endpoint's* Windows accounts — do NOT hand-roll `Set-ADAccountPassword`/`net user` via `/rmm`
|
||||
PowerShell for routine user ops.
|
||||
|
||||
- UI: agent detail → **User Manager** tab (`dashboard/src/components/UserManagerTab.tsx`).
|
||||
- API: `GET /api/agents/{id}/users` (inventory: users, groups, `domain_join_type`, `domain_name`,
|
||||
`m365_tenant_id`, **`is_dc`**, `last_collected`), `POST /api/agents/{id}/users/refresh`,
|
||||
`POST /api/agents/{id}/users/action` body `{username, action, value?, new_password?, group_name?}`.
|
||||
- Actions: `reset_password`, `set_enabled` (enable/disable), `set_password_never_expires`,
|
||||
`add_to_group`, `remove_from_group`.
|
||||
- **Scope gate:** local accounts always manageable; **domain accounts manageable only when the agent
|
||||
IS a DC** (`is_dc` true) — on a non-DC member they show "Managed in AD" (read-only). AAD accounts
|
||||
show "Managed in Azure" (read-only). So to reset a domain user, target a DC agent.
|
||||
- Advantage over raw PowerShell: structured action keeps the password out of the RMM command
|
||||
history (raw `Set-ADAccountPassword` leaks the plaintext into `command_text`).
|
||||
|
||||
(Distinct from SPEC-027 / `usersApi` = GuruRMM's OWN dashboard login accounts — different thing.)
|
||||
Correction logged 2026-06-29 after I wrongly claimed no built-in action existed. See [[reference_resource_map]].
|
||||
@@ -0,0 +1,73 @@
|
||||
# BirthBiologic — "Quality Department" (old site) archival plan
|
||||
|
||||
> **STATUS: COMPLETED 2026-06-29.** Old `Quality Department` group/site soft-deleted via Graph
|
||||
> (User Manager app — the Tenant Admin app 403s on group DELETE; it only has group *membership*
|
||||
> write, not Group.ReadWrite.All). Group restorable ~30 days, site recycle ~93 days. Pre-delete
|
||||
> safety delta confirmed 0 recent old-site edits unaccounted for in QSD. QSD verified to fully
|
||||
> mirror the Datto source (0 Datto files missing). Group id `f24b2e10-2d73-49d7-ab06-fe63065301d1`,
|
||||
> deletedDateTime 2026-06-29T22:23:15Z.
|
||||
|
||||
|
||||
Prepared 2026-06-29. Goal: retire the duplicate **Quality Department** site once content and access
|
||||
are fully consolidated into the canonical **Quality Systems Department** site.
|
||||
|
||||
## Why there are two sites
|
||||
|
||||
- **Quality Department** (`/sites/QualityDepartment`) — the ORIGINAL, created 2026-04-20 as the first
|
||||
migration landing target (OneDrive-sync target on ACG-DWP-X-BB). Group email `QualityDepartment@birthbiologic.com`.
|
||||
- **Quality Systems Department** (`/sites/QualitySystemsDepartment`) — the CANONICAL site, created
|
||||
2026-06-02 to use the department's real name. Group email `QualitySystemsDepartment@birthbiologic.com`.
|
||||
|
||||
This was a rename-by-recreate (new site stood up instead of renaming the old). Content was migrated
|
||||
old -> new on 2026-06-26, but the old site remained in active use afterward.
|
||||
|
||||
## Verification (2026-06-29)
|
||||
|
||||
- **Content parity:** 0 name-orphans. OLD = 4,743 files, NEW = 4,740+ (new has the migrated set plus
|
||||
files added directly to it). Every file present in OLD exists by path in NEW.
|
||||
- **Post-migration edits in OLD (after the 6/26 copy):** only 2 files.
|
||||
- `Donor Placement Log - ported over 6.29.26.xlsx` (Julie Beck, 6/29 15:18) — **already superseded in
|
||||
NEW** (NEW copy modified 6/29 20:45). No action needed.
|
||||
- `Processor Contact Information/Processor Contact Information.In Process 5.16.24. updated Surgenex
|
||||
8.21.24.xlsx` (Alicia Meneely, 6/29 15:54, 20 KB) — was FORKED vs NEW copy (6/27 00:55, 64 KB).
|
||||
**RESOLVED 2026-06-29:** old-site version copied into QSD alongside its counterpart as
|
||||
`...Surgenex 8.21.24 (old QualityDepartment copy 6.29.26).xlsx` (20 KB). Both versions now coexist
|
||||
in QSD/Processor Contact Information/ for the Quality team to merge. No data lost on archival.
|
||||
- **Group footprint:** old group `QualityDepartment@` has proxy addresses `QualityDepartment@birthbiologic.com`
|
||||
+ `QualityDepartment@birthbiologic.onmicrosoft.com`. It is **not** nested in any other group (memberOf empty).
|
||||
- **Active use:** users (Alicia Meneely, Julie Beck) were still editing in the OLD site on 6/29 — cutover
|
||||
to the new site has not fully landed. This must be addressed or new divergence will keep appearing.
|
||||
|
||||
## Blockers to resolve before deletion
|
||||
|
||||
1. **Resolve the forked file** `Processor Contact Information...Surgenex 8.21.24.xlsx` (old 20 KB vs new
|
||||
64 KB). Decide which is authoritative; copy the winner into NEW.
|
||||
2. **Stop users editing the old site.** Repoint any OneDrive sync still aimed at `Quality Department` on
|
||||
ACG-DWP-X-BB to `Quality Systems Department`, and tell Quality staff to use the new site. Without this,
|
||||
files keep landing in the soon-to-be-deleted site.
|
||||
3. **Confirm the `QualityDepartment@` address is unused** — no mail flow / transport rules, no shared
|
||||
links, not referenced in any process doc. (memberOf already confirmed empty.)
|
||||
|
||||
## Archival steps (run after blockers cleared) — Mike, as SharePoint Admin
|
||||
|
||||
The tenant-admin app cannot manage site lock/deletion (returns "Unsupported app only token"), so these
|
||||
run via PnP PowerShell or the SharePoint admin center.
|
||||
|
||||
```powershell
|
||||
# 1) Lock the old site read-only (stops further divergence; immediately signals the cutover)
|
||||
Connect-PnPOnline -Url https://birthbiologic-admin.sharepoint.com -Interactive
|
||||
Set-PnPTenantSite -Url https://birthbiologic.sharepoint.com/sites/QualityDepartment -LockState ReadOnly
|
||||
|
||||
# 2) After a grace period (e.g. 2 weeks) with no issues, delete the group-connected site.
|
||||
# Because it is group-connected, removing the M365 group tears down the connected site too.
|
||||
# Recoverable: group soft-delete ~30 days; site recycle bin ~93 days.
|
||||
Remove-PnPMicrosoft365Group -Identity f24b2e10-2d73-49d7-ab06-fe63065301d1 # QualityDepartment@ group id
|
||||
```
|
||||
|
||||
## Reference
|
||||
|
||||
- Old site id/group id: group `f24b2e10-2d73-49d7-ab06-fe63065301d1`
|
||||
- Old drive total: ~29.1 GB / 4,743 files
|
||||
- Orphan diff tool: `scratchpad/bb_quality_diff.py`; full (now-empty) orphan list: `quality-orphaned-files.txt`
|
||||
- Access state (2026-06-29): sysadmin@ is owner+member on Quality Systems Department (granted today);
|
||||
was owner on Quality Department.
|
||||
File diff suppressed because it is too large
Load Diff
@@ -29,10 +29,19 @@
|
||||
| Delete SMS auth method (`+1 602-228-3396`) | HTTP 204 |
|
||||
| Delete Microsoft Authenticator (iPhone 14 Plus) | HTTP 204 |
|
||||
| Revoke all sign-in sessions | `value: true` |
|
||||
| Block sign-in (`accountEnabled=false`) | HTTP 204 — verified false |
|
||||
| Remove User Administrator directory role | HTTP 204 — role now has zero members; user has no roles |
|
||||
| Verify auth methods | Only `passwordAuthenticationMethod` remains (no MFA) |
|
||||
|
||||
New password stored in vault: `clients/valleywide/teresa-m365-offboarded`. Account left
|
||||
**enabled** with license + mailbox retained for handoff (not disabled per Mike's scope).
|
||||
Account is **cloud-only** (`onPremisesSyncEnabled: null`) — the on-prem AD account is a separate
|
||||
identity. New password stored in vault: `clients/valleywide/teresa-m365-offboarded`. License +
|
||||
mailbox retained for handoff (account disabled, not deleted).
|
||||
|
||||
**Billing:** Syncro **#32487** (Emergency offboarding) — 1.0 hr emergency remote billed as `26184`
|
||||
@ qty 1.5 (prepaid premium); invoice $0.00, block 15.5 → 14.0 hrs.
|
||||
|
||||
**Rose access:** could not verify delegate/SendAs — EXO read returns HTTP 401 (Security Investigator
|
||||
SP lacks Exchange Admin role on this tenant). Earlier breach check showed no foreign delegates.
|
||||
|
||||
## [CRITICAL] Cleanup required — human Global Admin action
|
||||
|
||||
@@ -47,12 +56,19 @@ PAA is now on our SP in the VWP tenant and must be removed by a human Global Adm
|
||||
This is a script design flaw (logged to errorlog) — likely also left standing PAA on
|
||||
**birthbiologic.com** (the 2026-06-08 reset). Worth a fleet sweep.
|
||||
|
||||
## Still open (Mike's decision / separate access)
|
||||
## Still open
|
||||
|
||||
- **Block sign-in / remove User Administrator role** — not done (scope was sessions+pw+MFA).
|
||||
Recommended for a clean offboard.
|
||||
- **On-prem AD `VWP.US`** — disable her personal user; the **`VWP\Payroll`** account she used on
|
||||
the XP Orders VM is likely *shared* — confirm before disabling.
|
||||
- **On-prem AD `VWP.US`** — disable her personal user. **BLOCKED on VPN** (no route to
|
||||
192.168.0.25; needs VWP OpenVPN connected). The **`VWP\Payroll`** account she used on the XP
|
||||
Orders VM is likely *shared* — confirm before disabling.
|
||||
- Shared mailboxes `payroll@` / `orders@` — rotate / remove her access if delegated.
|
||||
- VPN (OpenVPN on UDM), RDP/RemoteApp to VWP-QBS, QuickBooks login.
|
||||
- Optional: convert her mailbox to shared or set a manager delegate for handoff.
|
||||
|
||||
## Handoff (done 2026-06-29)
|
||||
|
||||
Granted **`payroll@valleywideplastering.com` FullAccess** on `teresa@` (InheritanceType All,
|
||||
AutoMapping on) via Exchange Operator — Teresa's mailbox auto-mounts in the payroll Outlook
|
||||
profile. FullAccess only; no Send-As/Send-on-Behalf. Verified (not inherited, Deny: False).
|
||||
Documented on Syncro #32487 (public + emailed comment). Note: the **Exchange Operator** SP
|
||||
IS consented + Exchange-Admin-roled on VWP — the earlier 401 was the *Security Investigator*
|
||||
SP (different app); gotchas tenant table is stale on VWP.
|
||||
|
||||
10
errorlog.md
10
errorlog.md
@@ -17,6 +17,16 @@ Categories (the `[type]` tag): _(none)_ = skill/command execution failure ·
|
||||
|
||||
<!-- Append entries below this line -->
|
||||
|
||||
2026-06-29 | GURU-5070 | remediation-tool/graph | [friction] Tenant Admin app 403s on group DELETE (has GroupMember write, not Group.ReadWrite.All); use User Manager app for M365 group deletion [ctx: tenant=birthbiologic op=group-delete]
|
||||
|
||||
2026-06-29 | GURU-5070 | rmm/rsync-cygwin | [friction] cwRsync (cygwin) on AD2 misreads a Windows 'C:path' DESTINATION as a remote host; pulls silently fail. Use /cygdrive/c/... for local src AND dst [ctx: host=AD2 ref=dataforth-dos-sync]
|
||||
|
||||
2026-06-29 | GURU-5070 | graph/sharepoint-upload | BirthBio media upload: all 10 large files failed at chunk 0 (connection closed on send + 503) with 60MB chunks; docs OK [ctx: site=birthbiologic chunk=60MB fix=reduce-to-10MiB+retry]
|
||||
|
||||
2026-06-29 | GURU-5070 | rmm/user-management | [correction] Claimed GuruRMM has no built-in user-password action; it DOES - the per-agent User Manager tab (Users/Groups) manages local + domain (on a DC) + AAD users: reset_password, set_enabled, set_password_never_expires, add/remove_from_group. Used raw Set-ADAccountPassword PowerShell instead (which also leaked the pw into command history). [ctx: endpoint=/api/agents/{id}/users + /users/action component=UserManagerTab.tsx]
|
||||
|
||||
2026-06-29 | GURU-5070 | remediation-tool | [correction] assumed 'AD account' meant Entra/M365 account; user meant ON-PREM AD. 365/email stays disabled; on-prem handled separately (no ADsync - cloud-only user). [ctx: client=VWP user=teresa@valleywideplastering.com]
|
||||
|
||||
2026-06-29 | GURU-5070 | remediation-tool/reset-password.sh | [friction] JIT de-elevation can never succeed: an app-only SP cannot remove its OWN Privileged Authentication Administrator assignment ('no privilege to remove self'). Every admin-account reset leaves standing PAA on the ComputerGuru Tenant Admin SP; requires a human Global Admin to remove. Likely also left PAA on birthbiologic.com (2026-06-08). [ctx: tenant=5c53ae9f-7071-4248-b834-8685b646450f sp=fccda86c-77ca-4248-b876-b0cdba8605d4 role=PrivilegedAuthAdmin fix=PIM-or-second-principal-or-human-GA]
|
||||
|
||||
2026-06-29 | GURU-5070 | remediation-tool | reset-password: failed to remove JIT Privileged Auth Admin role - standing privilege left behind, REMOVE MANUALLY [ctx: tenant=5c53ae9f-7071-4248-b834-8685b646450f assignment=ikzke6-tKk6E1qsmSeCKE2yozfzKd0hCuHawzbqGBdQ-1 http=400]
|
||||
|
||||
@@ -0,0 +1,141 @@
|
||||
## User
|
||||
- **User:** Mike Swanson (mike)
|
||||
- **Machine:** GURU-5070
|
||||
- **Role:** admin
|
||||
|
||||
## Session Summary
|
||||
|
||||
Multi-client continuation session covering Dataforth, Birth Biologic, and Peaceful Spirit, plus
|
||||
closing out a prior /save. First, the Birth Biologic Calm Ops media upload (background task from the
|
||||
prior session) was found to have failed: 33 docs uploaded but all 10 large media files died at chunk
|
||||
0 (connection-closed-on-send + 503) using 60 MB chunks. The uploader was fixed (10 MiB chunks,
|
||||
Expect:100-continue disabled, `-MediaOnly` switch to skip the already-uploaded docs); re-upload was
|
||||
prepared but the user indicated the media was handled, so it was not re-run.
|
||||
|
||||
Second, a Dataforth issue from John Lehman: test database file 5BMAIN.DAT updated 6/26 shows in
|
||||
`K:\TS-*\ProdSW\5BDATA` but production DOS test stations don't pick it up on restart. Loaded the
|
||||
DOS-test-machine context and traced the whole pipeline via AD2's RMM agent (read-only). Confirmed
|
||||
the updated 5BMAIN.DAT (6/26, 83,200 B) is staged correctly on AD2 AND on the D2TESTNAS NAS the
|
||||
stations pull from — so sync is healthy. Root cause: `NWTOC.BAT` v5.0 (deployed 2026-03-16), the
|
||||
on-boot updater, copies only `*.BAT` (from `T:\COMMON\ProdSW`) and `*.EXE` (from `T:\Ate\ProdSW`);
|
||||
its own note reads "removed DATA folder copies (avoid cyclic overwrites)," so stations stopped
|
||||
refreshing master spec DATs (5BMAIN/8BMAIN/DSCMAIN4/SCTMAIN/7BMAIN). CHECKUPD detects updates but
|
||||
NWTOC never applies them. Per Mike's instruction the work was parked: opened Syncro ticket #32489
|
||||
(Scheduled), booked a Wednesday 2026-07-01 8:00 AM appointment, and posted a customer-visible note
|
||||
telling John the fix lands Wednesday with a validation method.
|
||||
|
||||
Third, Birth Biologic flagged a "broken" Excel file in the QualitySystemsDepartment SharePoint site.
|
||||
Resolved the share link via Graph (read-only): the 64,466-byte ".xlsx" is actually ASCII text —
|
||||
space-separated decimal byte values starting `80 75 3 4` (= the `PK` zip signature). A broken upload
|
||||
wrote the byte array as a stringified decimal list instead of raw bytes. Reconstructed the 19,124
|
||||
real bytes into a valid xlsx (verified OOXML structure + real contact data: "Processor Contact
|
||||
Information"). The file was created by our Tenant Admin app on 6/26, implying a systemic bug in that
|
||||
migration batch. Built a recovery tool (`bb-recover.py`) that enumerates the site's libraries,
|
||||
detects the decimal-text signature, reconstructs + validates each, and re-uploads in place; launched
|
||||
a dry-run scan of the QualitySystemsDepartment site (still running at session end).
|
||||
|
||||
Fourth and largest: Peaceful Spirit deletion-scope investigation. Mara worried other files
|
||||
disappeared with Glennda's. A live-filesystem mtime scan flagged 13 client folders changed in the
|
||||
6/24 10:05-12:05 window across the alphabet — initially read as "widespread," but a per-folder
|
||||
restore-point diff (cbb) showed those were `DELETED=0, added=1` (normal new scans, not deletions),
|
||||
confirming the mtime heuristic was noise. Pivoted to Mike's approach: restore the pre-deletion state
|
||||
to staging and diff locally. Verified space (C: 803 GB free; @Clients = 72.5 GB / 142,288 files),
|
||||
stopped the MSP360 backup, and launched a staging restore of the 6/24 10:05 AM restore point to
|
||||
`C:\PST-Recovery\PreDelete-0624`. A second restore of the oldest point (6/29/2025) is queued to
|
||||
check whether mass deletion happened before. Both restores feed fast local diffs.
|
||||
|
||||
## Key Decisions
|
||||
|
||||
- Parked the Dataforth NWTOC fix to a scheduled Wednesday appointment rather than fixing live —
|
||||
it touches every test station's boot and needs John to confirm the authoritative master-spec
|
||||
file list first. Fix will be NWTOC v5.1: copy ONLY engineering-owned master spec files one-way
|
||||
from `T:\Ate\ProdSW\*DATA`, avoiding the cyclic-overwrite the v5.0 change guarded against.
|
||||
- Recovered the corrupt BirthBio xlsx by parsing decimal-byte text back to binary rather than
|
||||
treating it as data-loss — the original file was intact inside the text. Only auto-replace files
|
||||
whose reconstruction yields a known binary magic (PK/%PDF/OLE/PNG/etc.); others flagged for review.
|
||||
- Abandoned the live-mtime heuristic for PST deletion scope after the cbb diff proved the flagged
|
||||
folders were additions, not deletions. Adopted restore-to-staging + local diff as the trustworthy,
|
||||
complete method (catches victim folders the mtime scan hides because they were touched later).
|
||||
- Ran the two PST restores sequentially (not concurrently) to avoid a same-bunch usage lock; staged
|
||||
to C: (most free space) rather than D: (VM files) or G: (the live data drive).
|
||||
- Logged a root-level multi-client session log (spans 3 clients) — no single wiki article implied.
|
||||
|
||||
## Problems Encountered
|
||||
|
||||
- BirthBio media upload failed (10/10 large files, 60 MB chunks) — fixed uploader to 10 MiB chunks +
|
||||
Expect:100-continue off + per-chunk retry; re-run deferred (user handled media).
|
||||
- SSH-as-SYSTEM on AD2 could not use sysadmin's key (`Permission denied (publickey,password)`) — the
|
||||
RMM agent runs as SYSTEM; used the rsync daemon (password auth) for read-only NAS listing instead.
|
||||
- cwRsync (cygwin) on AD2 misread a Windows `C:\path` DESTINATION as a remote host; single-file pulls
|
||||
silently failed. Fix: use `/cygdrive/c/...` for the local destination. (Logged as friction.)
|
||||
- Read the wrong (inactive) sync script first (`Sync-FromNAS.ps1`, SCP); the scheduled task actually
|
||||
runs `Sync-FromNAS-rsync.ps1`. Confirmed via the task action.
|
||||
- PST scope: 60s/folder cbb listing × ~2,500 folders made a full tree diff infeasible interactively;
|
||||
resolved by the restore-and-local-diff approach.
|
||||
- Bash 120s tool timeout repeatedly cut polling of long RMM commands; mitigated with detached
|
||||
server-side jobs writing to files, polled across calls.
|
||||
|
||||
## Configuration Changes
|
||||
|
||||
- Syncro: created ticket #32489 (Dataforth, Scheduled) + 2 comments + appointment id 5626864474
|
||||
(Wed 2026-07-01 8:00-9:00 AM MST, Remote).
|
||||
- PST-SERVER: MSP360 backup "Files Backup 2025" STOPPED (must restart after restores).
|
||||
- PST-SERVER: created restore plan `ZPreDelete0624` (run-once) → restoring to
|
||||
`C:\PST-Recovery\PreDelete-0624` (in progress); also `C:\PST-Recovery\scope-diff.ps1` (detached
|
||||
diff job) and `deletion-scope-report.txt`.
|
||||
- Local repo: removed stray `.pst_sweep` / `.pst_when` (prior session); no other repo edits this session.
|
||||
- Scratch (not committed): `scratchpad/bb-recover.py`, `upload-calmops.ps1` (fixed), `.bbfile.xlsx`
|
||||
(broken), `.bbfile.recovered.xlsx` (recovered).
|
||||
|
||||
## Credentials & Secrets
|
||||
|
||||
- BirthBio Tenant Admin app (Graph): vault `msp-tools/computerguru-tenant-admin.sops.yaml`, field
|
||||
`credentials.client_secret`. Tenant `19a568e8-9e88-413b-9341-cbc224b39145`, client
|
||||
`709e6eed-0711-4875-9c44-2d3518c47063`.
|
||||
- Dataforth D2TESTNAS rsync daemon: host 192.168.0.9 port 873, module `test` (=/data/test),
|
||||
user `rsync` / `IQ203s32119` (from `Sync-FromNAS-rsync.ps1`). NAS root SSH key on AD2:
|
||||
`C:\Users\sysadmin\.ssh\id_ed25519` (usable only as sysadmin, not SYSTEM).
|
||||
- Dataforth AD sysadmin: `INTRANET\sysadmin` / `Paper123!@#`. No new secrets created.
|
||||
|
||||
## Infrastructure & Servers
|
||||
|
||||
- Dataforth AD2: 192.168.0.6, RMM agent `cfa93bb6-0cdc-4d4e-a29e-1609cda6f047`. Sync task runs
|
||||
`Sync-FromNAS-rsync.ps1` every 15 min. `test` share = `C:\Shares\test`. Stray `TS-21\ProdSW` is a
|
||||
file (not dir) → sync `Errors=1`/`LastResult=1` each run (cleanup pending, not the cause).
|
||||
- DOS update chain: AUTOEXEC -> STARTNET (maps T:=\\D2TESTNAS\test, X:=datasheets) -> NWTOC v5.0
|
||||
(COMMON\ProdSW *.BAT to C:\BAT, Ate\ProdSW *.EXE to C:\ATE) -> CTONW. Master spec DATs live in
|
||||
`Ate\ProdSW\*DATA` and per-station `TS-*\ProdSW\*DATA`; COMMON\ProdSW\5BDATA is empty.
|
||||
- BirthBio QualitySystemsDepartment site id
|
||||
`birthbiologic.sharepoint.com,3173c017-58bd-406a-8858-2c969667336f,ab1e4b4f-0f71-4c15-a4b4-fa900c189ac3`,
|
||||
one library "Documents", broken-file parent drive
|
||||
`b!F8BzMb1YakCIWCyWlmczb09LHqtxDxVMpLT6kAwYmsM7NUY4oPLSRq7ng3tJq-E9`.
|
||||
- PST-SERVER: 192.168.0.2, RMM agent `87293069-33b6-45e8-a68f-6811216cdb96`. MSP360 bunch
|
||||
`6a121575-84a0-4e98-9c0f-4a656d1a5132`, account ACG-PST `084b5069-d634-434b-84a2-971b1dcb4b43`,
|
||||
prefix PST-SERVER, cbb `C:\Program Files\Arizona Computer Guru\Online Backup\cbb.exe`.
|
||||
- PST restore points: oldest `20250629170034` (6/29/2025 10:00:34 AM, Full); pre-incident
|
||||
`20260624170506` (6/24 10:05:06 AM); post-deletion `20260624190522` (6/24 12:05:22 PM).
|
||||
- PST volumes: C: 803.5 GB free / D: (VM Files) 109.9 / G: (data) 193.3. @Clients = 72.5 GB / 142,288 files.
|
||||
|
||||
## Commands & Outputs
|
||||
|
||||
- Graph share resolve: `GET /shares/u!<base64url>/driveItem`. Reconstruct: `bytes(int(t) for t in text.split())`.
|
||||
- cbb restore to alt location: `cbb addRestorePlan -n <name> -aid 084b5069-... -bp PST-SERVER -bunch 6a121575-... -restorePoint <id> -rt "<date>" -d "G:\Shares\Scanned\@Clients" -rl "<destpath>" -ro yes -deleted yes` then `cbb plan -r "<name>"`. Stop backup: `cbb plan -s "Files Backup 2025"`.
|
||||
- cbb `list` is NON-recursive, ~60s/folder; `-rlocation` = original|path; `-d` = source dir.
|
||||
- PST scope-diff sample: every mtime-flagged folder = `DELETED=0 added=1` (adds, not deletions).
|
||||
|
||||
## Pending / Incomplete Tasks
|
||||
|
||||
- **CRITICAL: PST-SERVER backup "Files Backup 2025" is STOPPED** — must restart after restores complete.
|
||||
- **PST restore #1** (`ZPreDelete0624` → C:\PST-Recovery\PreDelete-0624) IN PROGRESS (72 GB from B2).
|
||||
- **PST restore #2** (oldest `20250629170034` → C:\PST-Recovery\Oldest-20250629) — launch after #1 finishes.
|
||||
- **PST local diffs:** (a) PreDelete-0624 vs LIVE = complete deleted-file list + repair source (copy-back no-overwrite); (b) oldest vs pre-incident = "has this happened before."
|
||||
- **BirthBio QualitySystemsDepartment scan** (bb-recover.py dry-run) running — review list, then run `--apply` to recover+replace in place.
|
||||
- **BirthBio Calm Ops media** (10 files) re-upload still available if needed (uploader fixed).
|
||||
- **Dataforth ticket #32489** — Wed 2026-07-01 8a: confirm master-spec file list with John, build NWTOC v5.1, test on TS-3R, roll out; cleanup AD2 TS-21 stray + NAS COMMON\ProdSW junk; build John a validation BAT.
|
||||
|
||||
## Reference Information
|
||||
|
||||
- Syncro ticket #32489 id 113201089; appointment 5626864474; Dataforth Corp customer 578095; John Lehman contact 2851723.
|
||||
- RMM API `http://172.16.3.30:3001`. Graph `https://graph.microsoft.com/v1.0`.
|
||||
- Recovery tool: `scratchpad/bb-recover.py`. Recovered sample: `.bbfile.recovered.xlsx`.
|
||||
- Server artifacts: `C:\PST-Recovery\` (rps.txt, deletion-scope-report.txt, scope-diff.ps1, PreDelete-0624\, Glennda_0605\, Gtest\).
|
||||
Reference in New Issue
Block a user