--- type: client name: lamaddux display_name: Maddux / Parkinson (Household) last_compiled: 2026-06-12 compiled_by: GURU-5070/claude-main sources: - 2026-06-12 Jim Parkinson mail migration (Syncro #32411) backlinks: - systems/ix-server - clients/internal-infrastructure --- # Maddux / Parkinson (Household) Household / small-residential client. Two people, one M365 tenant (`lamaddux.com`): **LeeAnn Maddux** (mailbox `leeann@lamaddux.com`; also appears as "LeeAnn Parkinson") and her husband **Jim Parkinson** (`jim@jparkinsonaz.com`). RMM client name is "Leeann Maddux", site "Home". ## Profile - **Contract type:** Break-fix / residential (verify — check Syncro) - **Key contacts:** - LeeAnn Maddux — `leeann@lamaddux.com` (a.k.a. LeeAnn Parkinson) - Jim Parkinson — `jim@jparkinsonaz.com` (husband) - **Active ticket:** Syncro #32411 — Jim Parkinson shared-calendar / mail migration ## Email & Identity (M365 tenant lamaddux.com) - **Tenant ID:** `2f0c4c92-c608-4ee0-bdc2-87d5fd8fe929` - **Domains:** `lamaddux.com` (primary), `jparkinsonaz.com` (custom domain added + verified 2026-06-12 during Jim's migration), `lamaddux.onmicrosoft.com` - **Breakglass admin:** `admin@lamaddux.onmicrosoft.com` - **Licensing:** 2x Exchange Online Plan 1 (LeeAnn + Jim) - **Remediation onboarding:** Onboarded to the ComputerGuru remediation suite via single-consent **2026-06-12** (all apps + directory roles). See [[projects/msp-tools]]. ### Mailboxes | Mailbox | User | Notes | |---|---|---| | `leeann@lamaddux.com` | LeeAnn Maddux | Jim has FullAccess (AutoMapping on) + Send-on-Behalf | | `jim@jparkinsonaz.com` | Jim Parkinson | Migrated off on-prem Neptune Exchange 2026-06-12 | ## Jim Parkinson mail migration (2026-06-12, Syncro #32411) Moved Jim off the on-prem **Neptune** Exchange (where `jparkinsonaz.com` was an accepted domain) **into** the `lamaddux.com` M365 tenant to fix shared-calendar sync issues with LeeAnn. Neptune background lives in [[clients/internal-infrastructure]]. Steps completed: - Added + verified `jparkinsonaz.com` as a custom domain in the tenant. - Created `jim@jparkinsonaz.com` + assigned EXO Plan 1; set password + MFA (vault `clients/lamaddux/jim-parkinson-m365.sops.yaml`). - PST-exported Jim's 1.78 GB Neptune mailbox via `New-MailboxExportRequest` → `\\NEPTUNE\PSTExport$\jim-jparkinsonaz.pst` (for Outlook import). - DNS cut over to O365 (zone hosted on ACG IX — see [[systems/ix-server]]): MX `jparkinsonaz-com.mail.protection.outlook.com`; SPF `v=spf1 include:spf.protection.outlook.com -all`; autodiscover CNAME → `autodiscover.outlook.com`; DKIM selector1/selector2 CNAMEs → `...lamaddux.a-v1.dkim.mail.microsoft`. - Stripped the `jparkinsonaz.com` zone to an **O365-only** record set: removed the root A (pointed to Neptune `67.206.163.124`), the `mail` CNAME, all CalDAV/CardDAV SRV records, and cPanel DCV/ACME records. ### Mailbox sharing & calendar reconciliation - **Sharing:** Jim granted **FullAccess (AutoMapping on) + Send-on-Behalf** on `leeann@lamaddux.com`. - **Calendar fix:** 8 Jim-organized appointments that had invited LeeAnn but never reached her (the on-prem box couldn't deliver) were copied onto her calendar. - **App scoping for the calendar fix:** `Calendars.ReadWrite` + `Contacts.ReadWrite` (Graph) were added to the **ComputerGuru Exchange Operator** app (appId `b43e7342-5b4b-492f-890f-bb5a4f7f40e9`) and constrained by an EXO **ApplicationAccessPolicy (RestrictAccess)** bound to the mail-enabled security group `app-calscope@lamaddux.onmicrosoft.com` (guid `d5cf1564-...`), which contains only `jim@` and `leeann@`. Net effect: the app's Graph mailbox reach in this tenant is limited to those two mailboxes. - **Contacts cleanup:** created a clean contact "LeeAnn Maddux ``" in Jim's mailbox; removed a junk "Audible Leeann@lamaddux.com" (no-address) contact. Jim's contacts folder had no on-prem/X500 addresses. ## Endpoints (GuruRMM) - **RMM client:** "Leeann Maddux" · **Site:** "Home" · **Site ID:** `DARK-OCEAN-9950` - Jim's two machines: **DESKTOP-EDN9UDO**, **DESKTOP-M0GBKF3** ### Outlook autodiscover fix (Jim's machines) Jim's Outlook had been pinned to the old on-prem (acghosting / Neptune) endpoints by a legacy `Exclude365-Final.reg`. Remediation: - Undid `Exclude365-Final.reg`. - Set `ExcludeHttpsRootDomain=1` as an interim measure. - **Permanent fix:** removing the root A record (above) so the root-domain autodiscover probe no longer resolves to Neptune. > [WARNING] Outlook **autocomplete cache** on Jim's PC may still hold the legacy on-prem > X500 address for LeeAnn (`/o=First Organization/.../cn=LEEANN_LAMADDUX.COM`). If mail to > her NDRs, clear the autocomplete entry in Outlook — Graph cannot touch the autocomplete > cache. ## Access - **Vault paths** (do NOT inline secrets): - `clients/lamaddux/jim-parkinson-m365.sops.yaml` — Jim's M365 password + MFA - `clients/lamaddux/gururmm-site-home.sops.yaml` — RMM site "Home" - **Breakglass admin:** `admin@lamaddux.onmicrosoft.com` (password in vault) ## Active Work / Open Items - Confirm Jim's Outlook PST import looks good. - Final delta export, then **decommission `jparkinsonaz.com` on Neptune** (remove the accepted domain, the mailbox, and the old DKIM). - Remove the now-redundant `ExcludeHttpsRootDomain` registry value once stable. - Clear Jim's Outlook autocomplete cache (legacy LeeAnn X500 entry). ## Backlinks - [[systems/ix-server]] — DNS for `lamaddux.com` + `jparkinsonaz.com` zones hosted on ACG IX - [[clients/internal-infrastructure]] — Neptune Exchange (Jim's old mail host) + PST export share - [[projects/msp-tools]] — remediation-suite onboarding + Exchange Operator app scoping