claudetools/clients/dataforth/docs/active-directory.md

Active Directory

Domain Info

• Domain: intranet.dataforth.com
• Forest Level: Windows Server 2016
• Domain Level: Windows Server 2016
• Domain Controllers: AD1 (192.168.0.27, primary), AD2 (192.168.0.6, secondary)
• FSMO Roles: All on AD1 (assumed)

Organizational Units

OU	Purpose	Entra Sync
Domain Controllers	DCs	—
CompanyUsers	Main user OU	—
Azure_Users	Azure-related users	—
SyncedUsers	Users synced to Entra ID	Yes
ServiceAccounts	Service accounts	No
Servers	Server computer accounts	—
Workstations	Workstation computer accounts	—
DistoGroups	Distribution groups	—

Active Human Users (as of 2026-04-02)

Name	Username	Last Logon	Notes
Ben Wadzinski	bwadzinski	2026-04-01
Jacque Antar	jantar	2026-04-01
Martin Florez	mflorez	2026-04-02
Kevin Wackerly	kwackerly	2026-03-30
Otto Fest	ofest	2026-03-30
Lee Payne	lpayne	2026-03-29
John Lehman	jlehman	2026-03-29	Engineering
Georg Haubner	ghaubner	2026-03-27	Engineering, has D: backup
Kellyn Wackerly	Kellynwackerly	2026-03-26
Jaime Becerra	JBecerra	2026-03-26
Angel Lopez	alopez	2026-03-25
Dan Center	dcenter	2026-03-23	Operations
Logan Tobey	ltobey	2026-03-23
Patricia	patricia	2026-03-23
Peter Iliya	pIliya	2026-03-23	Applications Engineer
Sandra Schock	sSchock	2026-03-23
Theresa Dean	tdean	2026-03-23
Bobbi Whitson	bwhitson	2026-03-23
Ayleen Montijo	aMontijo	2026-03-23
Ken Hoffman	khoffman	2026-03-10	Also has "oemdata" account
Ken Hoffman	oemdata	N/A	TestDataSheetUploader author
Joel Lohr	jlohr	2026-03-31	Retired but account intentionally kept enabled — ntirety.com (Dataforth's DNS host) sends infrastructure notifications here; inbox rule forwards all ntirety.com mail to mike@azcomputerguru.com (set 2026-05-12)

Service / System Accounts

Username	Purpose	Notes
sysadmin	Domain Admin	—
Administrator (Admin_3652)	Built-in admin	—
svc_testdatadb	TestDataDB service	OU=ServiceAccounts, created 2026-03-28
sqluser	SQL Server service	OU=ServiceAccounts
MSOL_664594195fe2	Entra ID Sync (Azure AD Connect)	—
ClaudeTools-ReadOnly	Read-only automation access	Purpose unclear

Machine / Functional Accounts

• Assembly Stations: AS24, AS26, AS30, AS31, AS34
• Test Stations: TS1, TS1L, TS1R, TS2L, TS2R, etc. (30+ stations)
• Manufacturing: hipot, encap, Endcap, my9
• Label/Scanning: labelpc, scan, scand2
• Mobile: tablet01–07, hh01–04
• Shared: confroom, Training

Disabled Accounts

Alex Mitev, Annie Chin, Bill Oldham, Brian Faires, Brian Scaramella, calibration, Jerry Lopez, John Barrios, Linda D, Maria Cota, Michele Hvidsten, Mizan Rahman, Moe Naseem, Stephen Poanessa, Steve Lehman, Support Pool, William Oldham, wcarr

Groups

Group	Scope	Notes
Domain Admins	Global	Standard
Enterprise Admins	Universal	Forest-wide
Schema Admins	Universal	Schema modification
Administrators	DomainLocal	Local admin
ADSyncAdmins	DomainLocal	Azure AD Connect
DnsAdmins	DomainLocal	DNS management
Hyper-V Administrators	DomainLocal	Hyper-V
Key Admins	Global	Key management
Enterprise Key Admins	Universal	Enterprise keys
Storage Replica Admins	DomainLocal	Storage replication

No custom security groups found — only default/built-in groups.

Group Policy Objects

GPO	Status	Last Modified
Default Domain Policy	AllSettingsEnabled	2026-03-02
Default Domain Controllers Policy	AllSettingsEnabled	2025-09-30
TrustedZones	AllSettingsEnabled	2025-10-01
Screenconnect	AllSettingsEnabled	2025-10-01
Profwiz	AllSettingsEnabled	2025-10-08
Mapped Drives	AllSettingsEnabled	2025-10-09

Drive Mappings (GPO: Mapped Drives)

Letter	Path	Purpose
B:	\\ad1\itsvc	IT service files
Q:	\\ad2\c-drive	AD2 C-drive share
S:	\\SAGE-SQL\sage	Sage ERP
T:	\\ad2\e-drive	AD2 E-drive share
W:	\\files-d1\sales	Sales docs
X:	\\ad2\webshare	Datasheets (For_Web)
Y:	\\files-d1\archive	Archive

Action Items

• Disable jlohr account — intentionally kept enabled per Mike (2026-05-12); receiving ntirety.com mail forwards
• Investigate ClaudeTools-ReadOnly account purpose
• Ken Hoffman has two accounts (khoffman + oemdata) — consolidate?