azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from GURU-5070 at 2026-06-12 15:53:59

Browse Source 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-12 15:53:59
This commit is contained in:
Mike Swanson
2026-06-12 15:54:17 -07:00
parent af529f953d
commit e34d4268bc
4 changed files with 183 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
wiki/clients/lamaddux.md Normal file
View File

@@ -0,0 +1,112 @@
---
type: client
name: lamaddux
display_name: Maddux / Parkinson (Household)
last_compiled: 2026-06-12
compiled_by: GURU-5070/claude-main
sources:
- 2026-06-12 Jim Parkinson mail migration (Syncro #32411)
backlinks:
- systems/ix-server
- clients/internal-infrastructure
---
# Maddux / Parkinson (Household)
Household / small-residential client. Two people, one M365 tenant (`lamaddux.com`):
**LeeAnn Maddux** (mailbox `leeann@lamaddux.com`; also appears as "LeeAnn Parkinson")
and her husband **Jim Parkinson** (`jim@jparkinsonaz.com`). RMM client name is
"Leeann Maddux", site "Home".
## Profile
- **Contract type:** Break-fix / residential (verify — check Syncro)
- **Key contacts:**
- LeeAnn Maddux — `leeann@lamaddux.com` (a.k.a. LeeAnn Parkinson)
- Jim Parkinson — `jim@jparkinsonaz.com` (husband)
- **Active ticket:** Syncro #32411 — Jim Parkinson shared-calendar / mail migration
## Email & Identity (M365 tenant lamaddux.com)
- **Tenant ID:** `2f0c4c92-c608-4ee0-bdc2-87d5fd8fe929`
- **Domains:** `lamaddux.com` (primary), `jparkinsonaz.com` (custom domain added + verified
2026-06-12 during Jim's migration), `lamaddux.onmicrosoft.com`
- **Breakglass admin:** `admin@lamaddux.onmicrosoft.com`
- **Licensing:** 2x Exchange Online Plan 1 (LeeAnn + Jim)
- **Remediation onboarding:** Onboarded to the ComputerGuru remediation suite via
single-consent **2026-06-12** (all apps + directory roles). See [[projects/msp-tools]].
### Mailboxes
| Mailbox | User | Notes |
|---|---|---|
| `leeann@lamaddux.com` | LeeAnn Maddux | Jim has FullAccess (AutoMapping on) + Send-on-Behalf |
| `jim@jparkinsonaz.com` | Jim Parkinson | Migrated off on-prem Neptune Exchange 2026-06-12 |
## Jim Parkinson mail migration (2026-06-12, Syncro #32411)
Moved Jim off the on-prem **Neptune** Exchange (where `jparkinsonaz.com` was an accepted
domain) **into** the `lamaddux.com` M365 tenant to fix shared-calendar sync issues with
LeeAnn. Neptune background lives in [[clients/internal-infrastructure]].
Steps completed:
- Added + verified `jparkinsonaz.com` as a custom domain in the tenant.
- Created `jim@jparkinsonaz.com` + assigned EXO Plan 1; set password + MFA
(vault `clients/lamaddux/jim-parkinson-m365.sops.yaml`).
- PST-exported Jim's 1.78 GB Neptune mailbox via `New-MailboxExportRequest`
`\\NEPTUNE\PSTExport$\jim-jparkinsonaz.pst` (for Outlook import).
- DNS cut over to O365 (zone hosted on ACG IX — see [[systems/ix-server]]):
MX `jparkinsonaz-com.mail.protection.outlook.com`; SPF
`v=spf1 include:spf.protection.outlook.com -all`; autodiscover CNAME →
`autodiscover.outlook.com`; DKIM selector1/selector2 CNAMEs →
`...lamaddux.a-v1.dkim.mail.microsoft`.
- Stripped the `jparkinsonaz.com` zone to an **O365-only** record set: removed the root A
(pointed to Neptune `67.206.163.124`), the `mail` CNAME, all CalDAV/CardDAV SRV records,
and cPanel DCV/ACME records.
### Mailbox sharing & calendar reconciliation
- **Sharing:** Jim granted **FullAccess (AutoMapping on) + Send-on-Behalf** on
`leeann@lamaddux.com`.
- **Calendar fix:** 8 Jim-organized appointments that had invited LeeAnn but never reached
her (the on-prem box couldn't deliver) were copied onto her calendar.
- **App scoping for the calendar fix:** `Calendars.ReadWrite` + `Contacts.ReadWrite` (Graph)
were added to the **ComputerGuru Exchange Operator** app
(appId `b43e7342-5b4b-492f-890f-bb5a4f7f40e9`) and constrained by an EXO
**ApplicationAccessPolicy (RestrictAccess)** bound to the mail-enabled security group
`app-calscope@lamaddux.onmicrosoft.com` (guid `d5cf1564-...`), which contains only `jim@`
and `leeann@`. Net effect: the app's Graph mailbox reach in this tenant is limited to
those two mailboxes.
- **Contacts cleanup:** created a clean contact "LeeAnn Maddux `<leeann@lamaddux.com>`" in
Jim's mailbox; removed a junk "Audible Leeann@lamaddux.com" (no-address) contact. Jim's
contacts folder had no on-prem/X500 addresses.
## Endpoints (GuruRMM)
- **RMM client:** "Leeann Maddux" · **Site:** "Home" · **Site ID:** `DARK-OCEAN-9950`
- Jim's two machines: **DESKTOP-EDN9UDO**, **DESKTOP-M0GBKF3**
### Outlook autodiscover fix (Jim's machines)
Jim's Outlook had been pinned to the old on-prem (acghosting / Neptune) endpoints by a
legacy `Exclude365-Final.reg`. Remediation:
- Undid `Exclude365-Final.reg`.
- Set `ExcludeHttpsRootDomain=1` as an interim measure.
- **Permanent fix:** removing the root A record (above) so the root-domain autodiscover
probe no longer resolves to Neptune.
> [WARNING] Outlook **autocomplete cache** on Jim's PC may still hold the legacy on-prem
> X500 address for LeeAnn (`/o=First Organization/.../cn=LEEANN_LAMADDUX.COM`). If mail to
> her NDRs, clear the autocomplete entry in Outlook — Graph cannot touch the autocomplete
> cache.
## Access
- **Vault paths** (do NOT inline secrets):
- `clients/lamaddux/jim-parkinson-m365.sops.yaml` — Jim's M365 password + MFA
- `clients/lamaddux/gururmm-site-home.sops.yaml` — RMM site "Home"
- **Breakglass admin:** `admin@lamaddux.onmicrosoft.com` (password in vault)
## Active Work / Open Items
- Confirm Jim's Outlook PST import looks good.
- Final delta export, then **decommission `jparkinsonaz.com` on Neptune** (remove the
accepted domain, the mailbox, and the old DKIM).
- Remove the now-redundant `ExcludeHttpsRootDomain` registry value once stable.
- Clear Jim's Outlook autocomplete cache (legacy LeeAnn X500 entry).
## Backlinks
- [[systems/ix-server]] — DNS for `lamaddux.com` + `jparkinsonaz.com` zones hosted on ACG IX
- [[clients/internal-infrastructure]] — Neptune Exchange (Jim's old mail host) + PST export share
- [[projects/msp-tools]] — remediation-suite onboarding + Exchange Operator app scoping

4
wiki/clients/wolkin.md
View File

@@ -65,6 +65,10 @@ backlinks: []
- robert@rswolkin.com (primary)
- julie@rswolkin.com (assistant - has FullAccess delegation to robert@'s mailbox)
- **Mailbox Delegation:** Julie has FullAccess permissions to Robert's mailbox (configured 2026-06-07)
- **2026-06-12 — Julie Guda (`julie@rswolkin.com`) directory cleanup:** removed her cell
`702-624-3765` from the directory profile `mobilePhone` field (it was visible in the GAL /
Outlook / Teams). The number is retained **only** as her MFA authentication phone method
(`+1 7026243765`). MFA / sign-in unaffected — she also has password + Windows Hello.
### Network
- **Office LAN:** 192.168.1.0/24 (corrected 2026-06-07 — the earlier 172.17.110.x was wrong; the 172.17.110.110 "RICOH" port was an orphan with no device)