11 KiB
11 KiB
G1 AD Hygiene Dry-Run
Command ID: 110f0836-9fa7-4773-b82c-e7f0eb9b5bbe Exit: 0 Completed: 2026-04-23T03:26:52.186400Z
STDOUT
G1 AD Hygiene - 2026-04-22 20:26:50 -07:00
Host: CS-SERVER
Mode: DRY-RUN (no changes)
Backup dir: D:\Backups\g1-hygiene-2026-04-22-202650
============================================================================
== 0. Pre-state backup (always runs)
============================================================================
[OK] Exported users-pre.csv
[OK] Exported groups-pre.csv
[OK] Exported ous-pre.csv
[OK] Pre-state saved at D:\Backups\g1-hygiene-2026-04-22-202650
Rollback commands (if needed after execute):
- proxyAddresses: Set-ADUser from users-pre.csv column ProxyAddresses
- OU moves: Move-ADObject back to old DistinguishedName
- Groups created today: Remove-ADGroup (safe since memberless)
============================================================================
== 1. OU=Excluded-From-Sync + move 4 role accounts
============================================================================
[WOULD] Create OU=Excluded-From-Sync (ProtectedFromAccidentalDeletion=true)
[WOULD] Move Culinary from OU=Culinary,OU=Departments,DC=cascades,DC=local to OU=Excluded-From-Sync,DC=cascades,DC=local
[WOULD] Move Receptionist from CN=Users,DC=cascades,DC=local to OU=Excluded-From-Sync,DC=cascades,DC=local
[WOULD] Move saleshare from OU=Marketing,OU=Departments,DC=cascades,DC=local to OU=Excluded-From-Sync,DC=cascades,DC=local
[WOULD] Move directoryshare from CN=Users,DC=cascades,DC=local to OU=Excluded-From-Sync,DC=cascades,DC=local
============================================================================
== 2. Populate proxyAddresses (34 users - live data from M365 Graph 2026-04-22)
============================================================================
[WOULD] Allison.Reibschied
before: <empty>
after: SMTP:Allison.Reibschied@cascadestucson.com
mail=<empty> -> Allison.Reibschied@cascadestucson.com
[WOULD] Alyssa.Brooks
before: <empty>
after: SMTP:alyssa.brooks@cascadestucson.com
mail=<empty> -> alyssa.brooks@cascadestucson.com
[WOULD] Ashley.Jensen
before: <empty>
after: SMTP:ashley.jensen@cascadestucson.com; smtp:ashley.jenson@cascadestucson.com
mail=<empty> -> ashley.jensen@cascadestucson.com
[WOULD] britney.thompson
before: <empty>
after: SMTP:Britney.Thompson@cascadestucson.com
mail=<empty> -> Britney.Thompson@cascadestucson.com
[WOULD] Cathy.Kingston
before: <empty>
after: SMTP:cathy.kingston@cascadestucson.com
mail=<empty> -> cathy.kingston@cascadestucson.com
[WOULD] Christina.DuPras
before: <empty>
after: SMTP:christina.dupras@cascadestucson.com
mail=<empty> -> christina.dupras@cascadestucson.com
[WOULD] Christine.Nyanzunda
before: <empty>
after: SMTP:christine.nyanzunda@cascadestucson.com
mail=<empty> -> christine.nyanzunda@cascadestucson.com
[WOULD] Christopher.Holick
before: <empty>
after: SMTP:christopher.holick@cascadestucson.com
mail=<empty> -> christopher.holick@cascadestucson.com
[WOULD] Crystal.Rodriguez
before: <empty>
after: SMTP:crystal.rodriguez@cascadestucson.com; smtp:crystal.suszek@cascadestucson.com
mail=<empty> -> crystal.rodriguez@cascadestucson.com
[WOULD] howard
before: <empty>
after: SMTP:dax.howard@cascadestucson.com; smtp:cara.lespron@cascadestucson.com
mail=<empty> -> dax.howard@cascadestucson.com
[WOULD] JD.Martin
before: <empty>
after: SMTP:jd.martin@cascadestucson.com
mail=<empty> -> jd.martin@cascadestucson.com
[WOULD] John.Trozzi
before: <empty>
after: SMTP:john.trozzi@cascadestucson.com
mail=<empty> -> john.trozzi@cascadestucson.com
[WOULD] Julian.Crim
before: <empty>
after: SMTP:julian.crim@cascadestucson.com
mail=<empty> -> julian.crim@cascadestucson.com
[WOULD] karen.rossini
before: <empty>
after: SMTP:karen.rossini@cascadestucson.com
mail=<empty> -> karen.rossini@cascadestucson.com
[WOULD] Kyla.QuickTiffany
before: <empty>
after: SMTP:kyla.quicktiffany@cascadestucson.com
mail=<empty> -> kyla.quicktiffany@cascadestucson.com
[WOULD] lauren.hasselman
before: <empty>
after: SMTP:lauren.hasselman@cascadestucson.com
mail=<empty> -> lauren.hasselman@cascadestucson.com
[WOULD] Lois.Lane
before: <empty>
after: SMTP:lois.lane@cascadestucson.com
mail=<empty> -> lois.lane@cascadestucson.com
[WOULD] Lupe.Sanchez
before: <empty>
after: SMTP:lupe.sanchez@cascadestucson.com
mail=<empty> -> lupe.sanchez@cascadestucson.com
[WOULD] Matt.Brooks
before: <empty>
after: SMTP:matthew.brooks@cascadestucson.com
mail=<empty> -> matthew.brooks@cascadestucson.com
[WOULD] Megan.Hiatt
before: <empty>
after: SMTP:megan.hiatt@cascadestucson.com
mail=<empty> -> megan.hiatt@cascadestucson.com
[WOULD] Meredith.Kuhn
before: <empty>
after: SMTP:meredith.kuhn@cascadestucson.com
mail=<empty> -> meredith.kuhn@cascadestucson.com
[WOULD] Michelle.Shestko
before: <empty>
after: SMTP:michelle.shestko@cascadestucson.com
mail=<empty> -> michelle.shestko@cascadestucson.com
[WOULD] Ramon.Castaneda
before: <empty>
after: SMTP:ramon.castaneda@cascadestucson.com; smtp:ramon.castanada@cascadestucson.com; smtp:ramon.casteneda@cascadestucson.com
mail=<empty> -> ramon.castaneda@cascadestucson.com
[WOULD] Ray.Rai
before: <empty>
after: SMTP:ray.rai@cascadestucson.com
mail=<empty> -> ray.rai@cascadestucson.com
[WOULD] Richard.Adams
before: <empty>
after: SMTP:richard.adams@cascadestucson.com
mail=<empty> -> richard.adams@cascadestucson.com
[WOULD] Sebastian.Leon
before: <empty>
after: SMTP:sebastian.leon@cascadestucson.com
mail=<empty> -> sebastian.leon@cascadestucson.com
[WOULD] Sharon.Edwards
before: <empty>
after: SMTP:sharon.edwards@cascadestucson.com
mail=<empty> -> sharon.edwards@cascadestucson.com
[WOULD] Shelby.Trozzi
before: <empty>
after: SMTP:Shelby.Trozzi@cascadestucson.com
mail=<empty> -> Shelby.Trozzi@cascadestucson.com
[WOULD] Sheldon.Gardfrey
before: <empty>
after: SMTP:sheldon.gardfrey@cascadestucson.com
mail=<empty> -> sheldon.gardfrey@cascadestucson.com
[WOULD] Shontiel.Nunn
before: <empty>
after: SMTP:shontiel.nunn@cascadestucson.com
mail=<empty> -> shontiel.nunn@cascadestucson.com
[WOULD] Susan.Hicks
before: <empty>
after: SMTP:susan.hicks@cascadestucson.com
mail=<empty> -> susan.hicks@cascadestucson.com
[WOULD] sysadmin
before: <empty>
after: SMTP:sysadmin@cascadestucson.com
mail=<empty> -> sysadmin@cascadestucson.com
[WOULD] Tamra.Matthews
before: <empty>
after: SMTP:tamra.matthews@cascadestucson.com; smtp:tamra.johnson@cascadestucson.com
mail=<empty> -> tamra.matthews@cascadestucson.com
[WOULD] Veronica.Feller
before: <empty>
after: SMTP:veronica.feller@cascadestucson.com
mail=<empty> -> veronica.feller@cascadestucson.com
============================================================================
== 3. Create 16 SG-* security groups (CA / file-share / break-glass)
============================================================================
[WOULD] Create SG-External-Signin-Allowed (Global Security) in OU=Groups,DC=cascades,DC=local
desc: Members may sign in from outside Cascades building (CA policy target).
[WOULD] Create SG-Caregivers (Global Security) in OU=Groups,DC=cascades,DC=local
desc: All shift-work caregivers. CA policy target for shared-phone mobile policy.
[WOULD] Create SG-FrontDesk (Global Security) in OU=Groups,DC=cascades,DC=local
desc: Front desk receptionists sharing reception PCs.
[WOULD] Create SG-CourtesyPatrol (Global Security) in OU=Groups,DC=cascades,DC=local
desc: Courtesy patrol staff.
[WOULD] Create SG-Drivers (Global Security) in OU=Groups,DC=cascades,DC=local
desc: Transportation drivers (AD accounts being disabled 2026-04-22 - group retained for history).
[WOULD] Create SG-Management-RW (Global Security) in OU=Groups,DC=cascades,DC=local
desc: Read/write on \\CS-SERVER\Management file share (Phase 4).
[WOULD] Create SG-Sales-RW (Global Security) in OU=Groups,DC=cascades,DC=local
desc: Read/write on \\CS-SERVER\SalesDept file share (Phase 4).
[WOULD] Create SG-Culinary-RW (Global Security) in OU=Groups,DC=cascades,DC=local
desc: Read/write on \\CS-SERVER\Culinary file share (Phase 4).
[WOULD] Create SG-IT-RW (Global Security) in OU=Groups,DC=cascades,DC=local
desc: Read/write on \\CS-SERVER\IT file share (Phase 4).
[WOULD] Create SG-Receptionist-RW (Global Security) in OU=Groups,DC=cascades,DC=local
desc: Read/write on \\CS-SERVER\Receptionist file share (Phase 4).
[WOULD] Create SG-Directory-RW (Global Security) in OU=Groups,DC=cascades,DC=local
desc: Read/write on \\CS-SERVER\directoryshare file share (Phase 4).
[WOULD] Create SG-Server-RW (Global Security) in OU=Groups,DC=cascades,DC=local
desc: Read/write on \\CS-SERVER\Server share (IT admin, Phase 4).
[WOULD] Create SG-Chat-RW (Global Security) in OU=Groups,DC=cascades,DC=local
desc: Read/write on \\CS-SERVER\chat file share (Phase 4).
[WOULD] Create SG-Office-PHI-External (Global Security) in OU=Groups,DC=cascades,DC=local
desc: Office PHI staff with external sign-in permission (CA policy).
[WOULD] Create SG-Office-PHI-Internal (Global Security) in OU=Groups,DC=cascades,DC=local
desc: Office PHI staff limited to in-building sign-in (CA policy).
[WOULD] Create SG-CA-BreakGlass (Global Security) in OU=Groups,DC=cascades,DC=local
desc: Break-glass accounts excluded from all Conditional Access policies.
============================================================================
== 4. DisplayName cosmetic fixes (3 users)
============================================================================
[WOULD] Crystal.Rodriguez DisplayName: 'Crystal Rodriguez' -> 'Crystal Rodriguez'
[WOULD] howard DisplayName: 'howard' -> 'Howard Dax'
[WOULD] Cathy.Kingston DisplayName: 'Cathy.Kingston' -> 'Cathy Kingston'
============================================================================
== 5. Summary
============================================================================
Mode: DRY-RUN (no changes)
Created: 17
Moved: 4
Updated: 37
Skipped: 0
Errors: 0
Backup dir: D:\Backups\g1-hygiene-2026-04-22-202650
DRY-RUN complete. To execute:
1. Review the [WOULD] lines above
2. Re-run this script with $doExecute = $true
3. Compare post-state vs pre-state CSVs in the backup dir
Completed at 2026-04-22 20:26:51 -07:00
stderr: