azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
claudetools/clients/dataforth/reports/2026-05-03-account-status-check.md
Howard Enos b6eb59e8ed Session work 2026-05-04: Grabb Leap calendar fix, Dataforth lobby phone VLAN, IMC printer + VPN 
- Grabb & Durando: investigated and resolved Svetlana Larionova's Leap-to-M365 calendar OAuth consent issue (Graph-side report + session log). Syncro #32245.
- Dataforth: lobby phone (ext 201) was offline due to D1-Server-Room port 1 being on the wrong VLAN; reconfigured to VLAN 100, phone re-provisioned and registered. Session log + PROJECT_STATE update. Syncro #32246.
- Instrumental Music Center: Station 2 receipt printer reconnect + VPN install on Manda's machine. Syncro #32247.
- Memory: generalized the Syncro blank-contact rule (was Cascades-only) and added the labor-type rule (never use "Prepaid project labor") per Winter's 2026-05-04 corrections.
- Gitignored `.claude/tmp/` so per-session helper scripts don't sneak in.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-04 13:51:59 -07:00

4.0 KiB
Raw Permalink Blame History

Dataforth — Account Status Check

Date: 2026-05-03 (UTC) Tenant: Dataforth Corporation (dataforth.com, 7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584) Tool: ComputerGuru Security Investigator (App ID bfbc12a4-f0dd-4e12-b06d-997e7271e10c) — Graph read-only Scope: Status lookup only (enabled / licensed / last sign-in / object type). No remediation. Operator: Howard Enos

Summary

  • 1 of 4 addresses is an active licensed user (jantar@).
  • 1 of 4 is an active distribution list (sales@) routing to 3 employees.
  • 2 of 4 (dchapman@, dhenderson@) do not exist anywhere in the directory — no user, no group, no contact, no alias, not in the 30-day soft-delete recycle bin.

Results

Address Object type Enabled Licensed Last sign-in (interactive) Notes
sales@dataforth.com Mail-enabled distribution list ("Sales") Active n/a n/a Members: ltobey@, ghaubner@, tdean@
jantar@dataforth.com User — Jacque Antar Yes 1 license 2026-04-20 17:44 UTC (~13d ago) Primary SMTP confirmed
dchapman@dataforth.com Does not exist Not a user, group, contact, or alias; not in soft-delete
dhenderson@dataforth.com Does not exist Not a user, group, contact, or alias; not in soft-delete

What "does not exist" means here

For dchapman@ and dhenderson@ we checked, against the live tenant:

  1. /users filtered on mail and proxyAddresses/any(p: p eq 'smtp:<addr>') — 0 results. Rules out the address being a primary SMTP, a UPN, or a secondary alias on any mailbox.
  2. /groups same filter — 0 results. Rules out distribution lists and M365 groups.
  3. /directory/deletedItems/microsoft.graph.user — 0 results. The user object was not soft-deleted in the past 30 days (so not recoverable via the standard restore path).
  4. /contacts (beta, org-level mail contacts) — 0 results.

If mail to these addresses is bouncing now, that is consistent — the tenant has no recipient with that smtp address. If mail to these addresses was being delivered historically and we need to know when they were removed, that requires a unified audit log search (auditLogs/directoryAudits with activityDisplayName eq 'Delete user') over a longer window — say so and I can run it.

Per-address detail

sales@dataforth.com — Distribution List

  • Group ID: 6dd5ec2b-c220-49bf-bd00-8d4d123914e7
  • mail-enabled, security-disabled, classic DL (no groupTypes)
  • Proxy addresses: SMTP:sales@dataforth.com, smtp:sales1@dataforthcom.onmicrosoft.com
  • Members (3): Logan Tobey (ltobey@), Georg Haubner (ghaubner@), Theresa Dean (tdean@)

jantar@dataforth.com — Jacque Antar

  • accountEnabled: true
  • 1 assigned license
  • Last interactive sign-in: 2026-04-20 17:44:45 UTC
  • Proxy addresses: SMTP:jantar@dataforth.com, smtp:jantar@dataforthcom.onmicrosoft.com

dchapman@dataforth.com — not found

  • All four directory queries returned 0.

dhenderson@dataforth.com — not found

  • All four directory queries returned 0.

Data artifacts

Raw JSON in /tmp/remediation-tool/7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584/account-active/:

  • sales@dataforth.com-users.json, sales@dataforth.com-groups.json
  • jantar@dataforth.com-users.json, jantar@dataforth.com-groups.json
  • dchapman@dataforth.com-users.json, dchapman@dataforth.com-groups.json, dchapman@dataforth.com-deleted.json, dchapman@dataforth.com-orgcontact.json
  • dhenderson@dataforth.com-users.json, dhenderson@dataforth.com-groups.json, dhenderson@dataforth.com-deleted.json, dhenderson@dataforth.com-orgcontact.json

Operational note

PyJWT + cryptography are not installed on HOWARD-HOME, so get-token.sh cert-auth (the new default) failed silently and the secret-auth fallback was used (REMEDIATION_AUTH=secret). Token issuance still works either way; cert-auth is preferred per the recent migration. Fix on this machine:

py -m pip install PyJWT cryptography
Reference in New Issue View Git Blame Copy Permalink