azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2adb4b9e92ffc19ce4dec4b79c180695ee4549ef
claudetools/clients/cascades-tucson/docs/migration/phase3-domain-join.md
Howard Enos 8d975c1b44 import: ingested 160 files from C:\Users\howar\Clients 
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:

Clients (structured MSP docs under clients/<name>/docs/):
- anaise       (NEW)  - 13 files
- cascades-tucson     - 47 files merged (existing had only reports/)
- dataforth           - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa       (NEW)  - 22 files, multi-site (camden, river)
- kittle       (NEW)  - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template    - 13-file scaffold for new clients

MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/         - clean_printer_ports, win11_upgrade,
                       screenconnect-toolbox-commands

Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
  to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
  no other credentials found

Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
  (identical duplicates of msp-audit-scripts versions)

Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)

Session log: session-logs/2026-04-16-howard-client-docs-import.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-16 19:43:58 -07:00

94 lines
3.0 KiB
Markdown
Raw Blame History

# Step 5: Domain Join (~1-2 hours per machine, remote via ScreenConnect)
---
## 5a — Pre-join verification (once, from any INTERNAL machine)
Run `scripts/phase3-pre-join-verify.ps1` or manually:
```cmd
nslookup cs-server.cascades.local
nslookup _ldap._tcp.cascades.local
ping 192.168.2.254
net view \\192.168.2.254
```
**All must succeed.** If they don't, fix DNS/firewall (Step 2) before proceeding.
---
## 5b — Join non-domain machines (one at a time)
**Order:** DESKTOP-KQSL232 → CHEF-PC → SALES4-PC → MDIRECTOR-PC (least critical first)
### Pre-requisites per machine
| Machine | Blocker | Action Needed |
|---------|---------|---------------|
| DESKTOP-KQSL232 | None known | Verify OS edition supports domain join |
| CHEF-PC | None known | Verify OS edition supports domain join |
| SALES4-PC | **Not on network** (absent from ARP/DHCP as of 2026-03-06) | Locate machine, verify powered on |
| MDIRECTOR-PC | **Windows 10 Home** — cannot domain-join | Upgrade to Pro first (key available). Users: Anna Pitzlin, Shelby Trozzi, localadmin. No Desktop/Documents data to migrate. MAC: 98:ee:cb:9d:8a:81 |
For each machine, run `scripts/phase3-join-domain.ps1` via ScreenConnect:
### Per machine:
1. **Document current state** (automated by script)
- systeminfo, ipconfig, printers, mapped drives saved to `C:\IT-Migration\`
2. **Create local admin backup account**
- Localadmin local admin account (for rollback access)
3. **Verify DNS resolves AD**
- Must resolve `cs-server.cascades.local`
- If fails: check DHCP DNS settings (should get 192.168.0.1 via DHCP)
4. **Join domain**
- `Add-Computer -DomainName cascades.local -OUPath "OU=Staff PCs,OU=Workstations,DC=cascades,DC=local"`
- Automatic reboot
5. **Post-reboot verification** (run `scripts/phase3-post-join-verify.ps1`):
- [ ] `gpresult /r` — GPOs applied?
- [ ] `\\CS-SERVER\Shares` accessible?
- [ ] Mapped drives appear (S:, department drive)?
- [ ] Printers auto-installed?
- [ ] Print test page works?
- [ ] Internet works?
- [ ] `nltest /dsgetdc:cascades.local` returns CS-SERVER?
6. **Migrate user profile if needed**
- Copy local Desktop/Documents to network share
- Or use ForensiT User Profile Wizard (free) to migrate local → domain profile
---
## 5c — Link GPOs (after first successful join)
1. Link "CSC - Security Baseline" → domain root
2. Link "CSC - Drive Mappings" → user OUs (Departments, Management, Sales, MemCare)
3. Link "CSC - Printer Deployment" → OU=Workstations
4. Link "CSC - Windows Update" → domain root
5. Link "CSC - Folder Redirection" → user OUs
Run `gpupdate /force` on first machine, verify everything works.
---
## 5d — Update existing domain machines
Run on CRYSTAL-PC, ACCT2-PC, DESKTOP-H6QHRR7, DESKTOP-1ISF081:
```powershell
gpupdate /force
# Verify drive mappings and printers appeared
```
---
## Rollback (per machine)
1. Log in with `Localadmin` local account
2. Run: `Remove-Computer -UnjoinDomainCredential (Get-Credential) -Restart`
3. Machine returns to workgroup mode with local accounts intact
Reference in New Issue View Git Blame Copy Permalink