azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
claudetools/clients/cascades-tucson/docs/migration/scripts/phase3-pre-join-verify.ps1
Howard Enos 8d975c1b44 import: ingested 160 files from C:\Users\howar\Clients 
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:

Clients (structured MSP docs under clients/<name>/docs/):
- anaise       (NEW)  - 13 files
- cascades-tucson     - 47 files merged (existing had only reports/)
- dataforth           - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa       (NEW)  - 22 files, multi-site (camden, river)
- kittle       (NEW)  - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template    - 13-file scaffold for new clients

MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/         - clean_printer_ports, win11_upgrade,
                       screenconnect-toolbox-commands

Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
  to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
  no other credentials found

Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
  (identical duplicates of msp-audit-scripts versions)

Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)

Session log: session-logs/2026-04-16-howard-client-docs-import.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-16 19:43:58 -07:00

122 lines
4.3 KiB
PowerShell
Raw Permalink Blame History

<#
.SYNOPSIS
Phase 3.0: Pre-join verification from an INTERNAL VLAN machine.
.DESCRIPTION
Tests DNS resolution, network connectivity, and SMB access to CS-SERVER.
Run from any machine on INTERNAL VLAN (10.0.20.0/24) before domain joining.
ALL tests must pass before proceeding with domain join.
#>
Write-Host "=== Phase 3.0: Pre-Join Verification ===" -ForegroundColor Cyan
Write-Host "Running from: $env:COMPUTERNAME ($((Get-NetIPAddress -AddressFamily IPv4 | Where-Object {$_.IPAddress -notlike '127.*'}).IPAddress -join ', '))"
Write-Host ""
$allPassed = $true
# --- DNS Resolution ---
Write-Host "--- DNS Tests ---" -ForegroundColor Yellow
$dnsTests = @(
@{ Name = "cs-server.cascades.local"; Expected = "192.168.2.254" }
@{ Name = "_ldap._tcp.cascades.local"; Expected = "" }
)
foreach ($test in $dnsTests) {
try {
$result = Resolve-DnsName $test.Name -ErrorAction Stop
if ($test.Expected -and $result.IPAddress -notcontains $test.Expected) {
Write-Host " [WARN] $($test.Name) resolved but not to $($test.Expected): $($result.IPAddress -join ', ')" -ForegroundColor Yellow
} else {
Write-Host " [OK] $($test.Name) resolved: $($result.IPAddress -join ', ')" -ForegroundColor Green
}
}
catch {
Write-Host " [FAIL] $($test.Name) - DNS resolution failed" -ForegroundColor Red
$allPassed = $false
}
}
# --- Network Connectivity ---
Write-Host "`n--- Network Connectivity ---" -ForegroundColor Yellow
$pingTargets = @(
@{ Name = "CS-SERVER"; IP = "192.168.2.254" }
@{ Name = "pfSense"; IP = "192.168.0.1" }
)
foreach ($target in $pingTargets) {
$result = Test-Connection -ComputerName $target.IP -Count 2 -Quiet -ErrorAction SilentlyContinue
if ($result) {
Write-Host " [OK] $($target.Name) ($($target.IP)) - reachable" -ForegroundColor Green
} else {
Write-Host " [FAIL] $($target.Name) ($($target.IP)) - NOT reachable" -ForegroundColor Red
$allPassed = $false
}
}
# --- Port Connectivity ---
Write-Host "`n--- Port Connectivity to CS-SERVER ---" -ForegroundColor Yellow
$ports = @(
@{ Port = 53; Desc = "DNS" }
@{ Port = 88; Desc = "Kerberos" }
@{ Port = 135; Desc = "RPC" }
@{ Port = 389; Desc = "LDAP" }
@{ Port = 445; Desc = "SMB" }
@{ Port = 636; Desc = "LDAPS" }
@{ Port = 3268; Desc = "Global Catalog" }
)
foreach ($p in $ports) {
try {
$result = Test-NetConnection -ComputerName "192.168.2.254" -Port $p.Port -WarningAction SilentlyContinue -ErrorAction SilentlyContinue
if ($result.TcpTestSucceeded) {
Write-Host " [OK] Port $($p.Port) ($($p.Desc)) - open" -ForegroundColor Green
} else {
Write-Host " [FAIL] Port $($p.Port) ($($p.Desc)) - CLOSED/FILTERED" -ForegroundColor Red
$allPassed = $false
}
}
catch {
Write-Host " [FAIL] Port $($p.Port) ($($p.Desc)) - test failed" -ForegroundColor Red
$allPassed = $false
}
}
# --- SMB Access ---
Write-Host "`n--- SMB Share Access ---" -ForegroundColor Yellow
try {
$shares = net view \\192.168.2.254 2>&1
if ($LASTEXITCODE -eq 0) {
Write-Host " [OK] net view \\192.168.2.254 succeeded" -ForegroundColor Green
} else {
Write-Host " [FAIL] net view \\192.168.2.254 failed: $shares" -ForegroundColor Red
$allPassed = $false
}
}
catch {
Write-Host " [FAIL] SMB access test failed: $_" -ForegroundColor Red
$allPassed = $false
}
# --- Internet ---
Write-Host "`n--- Internet Access ---" -ForegroundColor Yellow
$internet = Test-Connection -ComputerName "8.8.8.8" -Count 1 -Quiet -ErrorAction SilentlyContinue
if ($internet) {
Write-Host " [OK] Internet connectivity works" -ForegroundColor Green
} else {
Write-Host " [WARN] No internet connectivity" -ForegroundColor Yellow
}
# --- Result ---
Write-Host "`n========================================" -ForegroundColor Cyan
if ($allPassed) {
Write-Host "ALL TESTS PASSED - Safe to proceed with domain join" -ForegroundColor Green
} else {
Write-Host "SOME TESTS FAILED - Fix issues before domain joining" -ForegroundColor Red
Write-Host "Check firewall rules (Phase 1.3) and DNS (Phase 1.4)" -ForegroundColor Yellow
}
Write-Host "========================================" -ForegroundColor Cyan
Reference in New Issue View Git Blame Copy Permalink