# Active Directory ## Domain Info - Domain: intranet.dataforth.com - Forest Level: Windows Server 2016 - Domain Level: Windows Server 2016 - Domain Controllers: AD1 (192.168.0.27, primary), AD2 (192.168.0.6, secondary) - FSMO Roles: All on AD1 (assumed) ## Organizational Units | OU | Purpose | Entra Sync | |----|---------|------------| | Domain Controllers | DCs | — | | CompanyUsers | Main user OU | — | | Azure_Users | Azure-related users | — | | SyncedUsers | Users synced to Entra ID | Yes | | ServiceAccounts | Service accounts | No | | Servers | Server computer accounts | — | | Workstations | Workstation computer accounts | — | | DistoGroups | Distribution groups | — | ## Active Human Users (as of 2026-04-02) | Name | Username | Last Logon | Notes | |------|----------|------------|-------| | Ben Wadzinski | bwadzinski | 2026-04-01 | | | Jacque Antar | jantar | 2026-04-01 | | | Martin Florez | mflorez | 2026-04-02 | | | Kevin Wackerly | kwackerly | 2026-03-30 | | | Otto Fest | ofest | 2026-03-30 | | | Lee Payne | lpayne | 2026-03-29 | | | John Lehman | jlehman | 2026-03-29 | Engineering | | Georg Haubner | ghaubner | 2026-03-27 | Engineering, has D: backup | | Kellyn Wackerly | Kellynwackerly | 2026-03-26 | | | Jaime Becerra | JBecerra | 2026-03-26 | | | Angel Lopez | alopez | 2026-03-25 | | | Dan Center | dcenter | 2026-03-23 | Operations | | Logan Tobey | ltobey | 2026-03-23 | | | Patricia | patricia | 2026-03-23 | | | Peter Iliya | pIliya | 2026-03-23 | Applications Engineer | | Sandra Schock | sSchock | 2026-03-23 | | | Theresa Dean | tdean | 2026-03-23 | | | Bobbi Whitson | bwhitson | 2026-03-23 | | | Ayleen Montijo | aMontijo | 2026-03-23 | | | Ken Hoffman | khoffman | 2026-03-10 | Also has "oemdata" account | | Ken Hoffman | oemdata | N/A | TestDataSheetUploader author | | Joel Lohr | jlohr | 2026-03-31 | **RETIRING — disable after 03/31** | ## Service / System Accounts | Username | Purpose | Notes | |----------|---------|-------| | sysadmin | Domain Admin | — | | Administrator (Admin_3652) | Built-in admin | — | | svc_testdatadb | TestDataDB service | OU=ServiceAccounts, created 2026-03-28 | | sqluser | SQL Server service | OU=ServiceAccounts | | MSOL_664594195fe2 | Entra ID Sync (Azure AD Connect) | — | | ClaudeTools-ReadOnly | Read-only automation access | Purpose unclear | ## Machine / Functional Accounts - Assembly Stations: AS24, AS26, AS30, AS31, AS34 - Test Stations: TS1, TS1L, TS1R, TS2L, TS2R, etc. (30+ stations) - Manufacturing: hipot, encap, Endcap, my9 - Label/Scanning: labelpc, scan, scand2 - Mobile: tablet01–07, hh01–04 - Shared: confroom, Training ## Disabled Accounts Alex Mitev, Annie Chin, Bill Oldham, Brian Faires, Brian Scaramella, calibration, Jerry Lopez, John Barrios, Linda D, Maria Cota, Michele Hvidsten, Mizan Rahman, Moe Naseem, Stephen Poanessa, Steve Lehman, Support Pool, William Oldham, wcarr ## Groups | Group | Scope | Notes | |-------|-------|-------| | Domain Admins | Global | Standard | | Enterprise Admins | Universal | Forest-wide | | Schema Admins | Universal | Schema modification | | Administrators | DomainLocal | Local admin | | ADSyncAdmins | DomainLocal | Azure AD Connect | | DnsAdmins | DomainLocal | DNS management | | Hyper-V Administrators | DomainLocal | Hyper-V | | Key Admins | Global | Key management | | Enterprise Key Admins | Universal | Enterprise keys | | Storage Replica Admins | DomainLocal | Storage replication | **No custom security groups found** — only default/built-in groups. ## Group Policy Objects | GPO | Status | Last Modified | |-----|--------|---------------| | Default Domain Policy | AllSettingsEnabled | 2026-03-02 | | Default Domain Controllers Policy | AllSettingsEnabled | 2025-09-30 | | TrustedZones | AllSettingsEnabled | 2025-10-01 | | Screenconnect | AllSettingsEnabled | 2025-10-01 | | Profwiz | AllSettingsEnabled | 2025-10-08 | | Mapped Drives | AllSettingsEnabled | 2025-10-09 | ## Drive Mappings (GPO: Mapped Drives) | Letter | Path | Purpose | |--------|------|---------| | B: | \\\\ad1\itsvc | IT service files | | Q: | \\\\ad2\c-drive | AD2 C-drive share | | S: | \\\\SAGE-SQL\sage | Sage ERP | | T: | \\\\ad2\e-drive | AD2 E-drive share | | W: | \\\\files-d1\sales | Sales docs | | X: | \\\\ad2\webshare | Datasheets (For_Web) | | Y: | \\\\files-d1\archive | Archive | ## Action Items - **[HIGH]** Disable jlohr account — retirement was 2026-03-31, **OVERDUE** - Investigate ClaudeTools-ReadOnly account purpose - Ken Hoffman has two accounts (khoffman + oemdata) — consolidate?