azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2adb4b9e92ffc19ce4dec4b79c180695ee4549ef
claudetools/clients/dataforth/reports/2026-05-03-account-status-check.md
Howard Enos b6eb59e8ed Session work 2026-05-04: Grabb Leap calendar fix, Dataforth lobby phone VLAN, IMC printer + VPN 
- Grabb & Durando: investigated and resolved Svetlana Larionova's Leap-to-M365 calendar OAuth consent issue (Graph-side report + session log). Syncro #32245.
- Dataforth: lobby phone (ext 201) was offline due to D1-Server-Room port 1 being on the wrong VLAN; reconfigured to VLAN 100, phone re-provisioned and registered. Session log + PROJECT_STATE update. Syncro #32246.
- Instrumental Music Center: Station 2 receipt printer reconnect + VPN install on Manda's machine. Syncro #32247.
- Memory: generalized the Syncro blank-contact rule (was Cascades-only) and added the labor-type rule (never use "Prepaid project labor") per Winter's 2026-05-04 corrections.
- Gitignored `.claude/tmp/` so per-session helper scripts don't sneak in.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-04 13:51:59 -07:00

70 lines
4.0 KiB
Markdown
Raw Blame History

# Dataforth — Account Status Check
**Date:** 2026-05-03 (UTC)
**Tenant:** Dataforth Corporation (`dataforth.com`, `7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584`)
**Tool:** ComputerGuru Security Investigator (App ID `bfbc12a4-f0dd-4e12-b06d-997e7271e10c`) — Graph read-only
**Scope:** Status lookup only (enabled / licensed / last sign-in / object type). No remediation.
**Operator:** Howard Enos
## Summary
- 1 of 4 addresses is an **active licensed user** (`jantar@`).
- 1 of 4 is an **active distribution list** (`sales@`) routing to 3 employees.
- 2 of 4 (`dchapman@`, `dhenderson@`) **do not exist** anywhere in the directory — no user, no group, no contact, no alias, not in the 30-day soft-delete recycle bin.
## Results
| Address | Object type | Enabled | Licensed | Last sign-in (interactive) | Notes |
|---|---|---|---|---|---|
| `sales@dataforth.com` | Mail-enabled distribution list ("Sales") | Active | n/a | n/a | Members: ltobey@, ghaubner@, tdean@ |
| `jantar@dataforth.com` | User — Jacque Antar | Yes | 1 license | 2026-04-20 17:44 UTC (~13d ago) | Primary SMTP confirmed |
| `dchapman@dataforth.com` | **Does not exist** | — | — | — | Not a user, group, contact, or alias; not in soft-delete |
| `dhenderson@dataforth.com` | **Does not exist** | — | — | — | Not a user, group, contact, or alias; not in soft-delete |
## What "does not exist" means here
For `dchapman@` and `dhenderson@` we checked, against the live tenant:
1. `/users` filtered on `mail` and `proxyAddresses/any(p: p eq 'smtp:<addr>')` — 0 results. Rules out the address being a primary SMTP, a UPN, or a secondary alias on any mailbox.
2. `/groups` same filter — 0 results. Rules out distribution lists and M365 groups.
3. `/directory/deletedItems/microsoft.graph.user` — 0 results. The user object was not soft-deleted in the past 30 days (so not recoverable via the standard restore path).
4. `/contacts` (beta, org-level mail contacts) — 0 results.
If mail to these addresses is bouncing now, that is consistent — the tenant has no recipient with that smtp address. If mail to these addresses was being delivered historically and we need to know when they were removed, that requires a unified audit log search (`auditLogs/directoryAudits` with `activityDisplayName eq 'Delete user'`) over a longer window — say so and I can run it.
## Per-address detail
### sales@dataforth.com — Distribution List
- Group ID: `6dd5ec2b-c220-49bf-bd00-8d4d123914e7`
- mail-enabled, security-disabled, classic DL (no `groupTypes`)
- Proxy addresses: `SMTP:sales@dataforth.com`, `smtp:sales1@dataforthcom.onmicrosoft.com`
- Members (3): Logan Tobey (`ltobey@`), Georg Haubner (`ghaubner@`), Theresa Dean (`tdean@`)
### jantar@dataforth.com — Jacque Antar
- `accountEnabled`: true
- 1 assigned license
- Last interactive sign-in: 2026-04-20 17:44:45 UTC
- Proxy addresses: `SMTP:jantar@dataforth.com`, `smtp:jantar@dataforthcom.onmicrosoft.com`
### dchapman@dataforth.com — not found
- All four directory queries returned 0.
### dhenderson@dataforth.com — not found
- All four directory queries returned 0.
## Data artifacts
Raw JSON in `/tmp/remediation-tool/7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584/account-active/`:
- `sales@dataforth.com-users.json`, `sales@dataforth.com-groups.json`
- `jantar@dataforth.com-users.json`, `jantar@dataforth.com-groups.json`
- `dchapman@dataforth.com-users.json`, `dchapman@dataforth.com-groups.json`, `dchapman@dataforth.com-deleted.json`, `dchapman@dataforth.com-orgcontact.json`
- `dhenderson@dataforth.com-users.json`, `dhenderson@dataforth.com-groups.json`, `dhenderson@dataforth.com-deleted.json`, `dhenderson@dataforth.com-orgcontact.json`
## Operational note
PyJWT + cryptography are not installed on HOWARD-HOME, so `get-token.sh` cert-auth (the new default) failed silently and the secret-auth fallback was used (`REMEDIATION_AUTH=secret`). Token issuance still works either way; cert-auth is preferred per the recent migration. Fix on this machine:
```bash
py -m pip install PyJWT cryptography
```
Reference in New Issue View Git Blame Copy Permalink