azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5a0aaa2ff2e8612af679ac2baa9f524bca53cdcb
claudetools/wiki/clients/khalsa.md
Howard Enos ddf17454c2 sync: auto-sync from HOWARD-HOME at 2026-06-20 07:34:29 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-06-20 07:34:29
2026-06-20 07:36:01 -07:00

183 lines
8.3 KiB
Markdown
Raw Blame History

---
type: client
name: khalsa
display_name: Khalsa
last_compiled: 2026-06-19
compiled_by: GURU-5070/claude-main
sources:
- clients/khalsa/docs/overview.md
- clients/khalsa/docs/cloud/m365.md
- clients/khalsa/docs/cloud/azure.md
- clients/khalsa/docs/rmm/rmm.md
- clients/khalsa/docs/security/antivirus.md
- clients/khalsa/docs/security/backup.md
- clients/khalsa/docs/issues/log.md
- clients/khalsa/docs/apple-domain-join.md
- clients/khalsa/docs/network/README.md
- clients/khalsa/docs/network/camden/topology.md
- clients/khalsa/docs/network/camden/firewall.md
- clients/khalsa/docs/network/camden/dns.md
- clients/khalsa/docs/network/camden/dhcp.md
- clients/khalsa/docs/network/camden/vlans.md
- clients/khalsa/docs/network/river/topology.md
- clients/khalsa/docs/network/river/firewall.md
- clients/khalsa/docs/network/river/dns.md
- clients/khalsa/docs/network/river/dhcp.md
- clients/khalsa/docs/network/river/vlans.md
- clients/khalsa/PROJECT_STATE.md
---
# Khalsa
## Overview
Khalsa Montessori School (Syncro customer 9456554; also called "Khalsa Family Services" / "Khalsa Schools"). ONBOARDING status; multi-site (**Camden** + **River**). **Server + network inventory captured 2026-06-19** via Syncro asset API + ScreenConnect telemetry (triggered by Celeste Duitman asking whether the "Trout server" can be retired). M365/Azure, contract terms, and per-server share/app detail still pending.
- **Business type:** Montessori school
- **Locations:** 2 (Camden, River)
- **Domain:** khalsa.local (network 10.11.12.0/22; gateway 10.11.12.1; WAN egress 50.145.145.190)
- **Servers:** 3 known — TROUT (Camden DC, online), SALMON (River standalone, online), KHALSADC2 (intended 2nd DC, offline since 2025-08)
- **Remote access:** ScreenConnect + Splashtop + Syncro RMM. Site-to-site VPN to ACG (vault `clients/khalsa/ucg`, 172.16.50.x) is BROKEN — manage via ScreenConnect/Syncro
- **Primary contact:** Celeste Duitman (Khalsa Family Services); asset contact lulu.camacho@khalsaschools.org
- **Billing model / hours:** *(not documented)*
- **Contract status:** ONBOARDING — terms not yet documented
[WARNING] M365/azure/rmm/antivirus/backup template files still blank. No server backup configuration captured — VERIFY backups exist. Servers run Windows Defender only.
---
## Contacts
All contact fields in overview.md are blank. No primary contact, IT contact, names, phones, or emails documented.
- **Primary Contact:** *(not documented)*
- **IT Contact:** *(not documented)*
- **Location (Camden):** *(not documented)*
- **Location (River):** *(not documented)*
---
## Infrastructure
No server or workstation inventory has been captured. The following is known only from `docs/apple-domain-join.md`:
### Known Servers (live data 2026-06-19)
| Hostname | Site | IP | Role | OS | Hardware | Disk used | Status |
|----------|------|----|------|----|----------|-----------|--------|
| TROUT | Camden | 10.11.12.254 | **DC + DNS + file (K:) + QuickBooks** | WS2016 Std | Dell PowerEdge T110 II (S/N 1V20R22), Xeon E31220, 16 GB | ~490 GB / 927 GB; **C: only 12 GB free (10%)** | ONLINE |
| SALMON | River | 10.11.14.76 | Standalone file/QuickBooks (not a DC; workgroup) | WS2016 Std | Dell PowerEdge T130 (S/N 8Z8FPD2), Xeon E3-1220 v5, 8 GB | ~321 GB / 929 GB | ONLINE |
| KHALSADC2 | ? | *(unknown)* | Intended 2nd DC (eval license, whitebox) | WS2016 **Eval** | i5-4430, 8 GB, 500 GB SSD + USB | n/a | **OFFLINE since 2025-08-19** |
Detail: `clients/khalsa/docs/servers/{camden/TROUT,river/SALMON,camden/KHALSADC2}.md`.
[WARNING] TROUT is the **only functioning DC** — KHALSADC2 has not reported since mid-2025, so AD has NO redundancy. A TROUT failure = full login/DNS outage.
**TROUT retirement (Celeste's question):** TROUT used to host Schoolmaster (now archived/unused), but it has since become the Camden DC/DNS/file/QuickBooks server, so it CANNOT be removed as-is. To retire it: promote a replacement DC+DNS (SALMON or new box, or move to M365/Entra), migrate K:/QuickBooks data, transfer FSMO + DNS, demote, then power off.
### Workstations
~20 Syncro device assets (Camden + River): DESKTOP-MAN1CGE, DESKTOP-RKKR9KN, DESKTOP-M45ARIN, LAPTOP-NIBQP9LG/JCSPNNA5/AGN1DMAR/KJJB0R90, KMS-LT11-1/2, KHALSA-R-LT1/2, UE-DONAGHY-L, PRIME-RTG-PC, AD-KHALSA-D-FRO, CAM-LULU-D, DESKTOP-9LT4ICC, AD-JANICE-D, CAM-STAFFROOM-D. (10.11.12.243 noted in apple-domain-join.md as a non-DC DNS host — role unconfirmed in this pass.)
### Active Directory
- **Domain:** `khalsa.local`
- **Domain admin account:** `guru`
- **DC hostname:** TROUT at 10.11.12.254
- **DNS primary:** 10.11.12.254 (DC/TROUT)
- **DNS secondary:** 10.11.12.1
- Kerberos (port 88), LDAP (port 389), SMB (port 445) required to reach DC
---
## Network
Two sites: Camden and River. All network template files (topology, firewall, DNS, DHCP, VLANs) are blank placeholders for both sites — no subnets, IPs, hardware, ISPs, or VPN details are recorded.
### Camden
- **Topology:** *(not documented — template only)*
- **Firewall:** *(not documented — template only)*
- **DNS:** *(not documented — template only)*
- **DHCP:** *(not documented — template only)*
- **VLANs:** Template defines VLAN IDs 1, 10, 20, 30, 40, 50, 60, 100 (standard schema: Management, Servers, Workstations, VoIP, WiFi-Corp, WiFi-Guest, Security) — but no subnets or IPs filled in.
### River
- **Topology:** *(not documented — template only)*
- **Firewall:** *(not documented — template only)*
- **DNS:** *(not documented — template only)*
- **DHCP:** *(not documented — template only)*
- **VLANs:** Same VLAN ID schema as Camden — no subnets or IPs filled in.
### Site-to-Site Connectivity
*(not documented)* — firewall.md VPN sections are blank for both sites.
### Confirmed Network Info (from apple-domain-join.md)
- DC/DNS: TROUT at 10.11.12.254 (implies /24 range starting with 10.11.12.x)
- Secondary DNS: 10.11.12.1 [unverified — likely a firewall or router]
- 10.11.12.243 is a DNS server (role unknown, not the DC)
- Site assignment of these IPs (Camden vs River) is unknown
---
## Cloud / M365
All M365 and Azure template fields are blank. No tenant name, tenant ID, domain, licenses, Exchange settings, SharePoint, Teams, Entra, or Defender details are documented.
- **M365 tenant:** *(not documented)*
- **Azure subscription:** *(not documented)*
- **Other cloud services:** *(not documented)*
---
## GuruRMM
All RMM template fields are blank.
- **Client ID:** *(not documented)*
- **Site IDs:** *(not documented)*
- **Enrolled agents:** *(not documented)*
- **Monitoring policies:** Template placeholders only (Disk Space, CPU, Service Monitor, Backup Monitor, Offline Alert — no client-specific values)
- **Patch policy:** *(not documented)*
---
## Active Projects / Open Items
- [ ] Complete onboarding — capture infrastructure details, contacts, credentials to vault
- [ ] Populate all `docs/` templates with real data (network, servers, M365, backup, AV, RMM)
- [ ] Document both Camden and River site specifics (topology, firewall rules, VLANs, IPs)
- [ ] Capture contacts to overview.md
- [ ] Store credentials in SOPS vault under `clients/khalsa/`
---
## Key Events / History
| Date | Event |
|------|-------|
| 2026-04-16 | Client directory created by Howard. Standard template applied. ONBOARDING status set. |
No issue log entries. No session logs exist for this client.
---
## Anti-Patterns / Warnings
- [WARNING] 10.11.12.243 is a DNS server but NOT the domain controller. Do not treat it as the DC. The DC is TROUT at 10.11.12.254.
- [WARNING] Onboarding is incomplete. Do not assume any template placeholder values are real — all fields other than the apple-domain-join.md content are empty.
- [WARNING] Do NOT run `dsconfigad` commands via ScreenConnect — the domain join step requires a password prompt that ScreenConnect cannot handle. Must use direct Terminal access.
- When joining a Mac that was previously joined and has a broken trust: force-remove first (`dsconfigad -remove -username guru -force`), then re-join. Skipping this causes error 2100.
- After applying `DefaultDomain` setting for login window, a reboot is required for the domain prefix to drop from login.
- No credentials are in this wiki. Retrieve from vault under `clients/khalsa/` once captured.
---
## Backlinks
- [[index]] — client index
- [[patterns/apple-domain-join]] — if a general Apple domain join pattern article exists or is created
Reference in New Issue View Git Blame Copy Permalink