azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a173c706331f037ddabe107e905b09ef26c9e14e
claudetools/clients/dataforth/docs/active-directory.md
Howard Enos 8d975c1b44 import: ingested 160 files from C:\Users\howar\Clients 
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:

Clients (structured MSP docs under clients/<name>/docs/):
- anaise       (NEW)  - 13 files
- cascades-tucson     - 47 files merged (existing had only reports/)
- dataforth           - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa       (NEW)  - 22 files, multi-site (camden, river)
- kittle       (NEW)  - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template    - 13-file scaffold for new clients

MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/         - clean_printer_ports, win11_upgrade,
                       screenconnect-toolbox-commands

Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
  to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
  no other credentials found

Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
  (identical duplicates of msp-audit-scripts versions)

Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)

Session log: session-logs/2026-04-16-howard-client-docs-import.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-16 19:43:58 -07:00

110 lines
4.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Active Directory
## Domain Info
- Domain: intranet.dataforth.com
- Forest Level: Windows Server 2016
- Domain Level: Windows Server 2016
- Domain Controllers: AD1 (192.168.0.27, primary), AD2 (192.168.0.6, secondary)
- FSMO Roles: All on AD1 (assumed)
## Organizational Units
| OU | Purpose | Entra Sync |
|----|---------|------------|
| Domain Controllers | DCs | — |
| CompanyUsers | Main user OU | — |
| Azure_Users | Azure-related users | — |
| SyncedUsers | Users synced to Entra ID | Yes |
| ServiceAccounts | Service accounts | No |
| Servers | Server computer accounts | — |
| Workstations | Workstation computer accounts | — |
| DistoGroups | Distribution groups | — |
## Active Human Users (as of 2026-04-02)
| Name | Username | Last Logon | Notes |
|------|----------|------------|-------|
| Ben Wadzinski | bwadzinski | 2026-04-01 | |
| Jacque Antar | jantar | 2026-04-01 | |
| Martin Florez | mflorez | 2026-04-02 | |
| Kevin Wackerly | kwackerly | 2026-03-30 | |
| Otto Fest | ofest | 2026-03-30 | |
| Lee Payne | lpayne | 2026-03-29 | |
| John Lehman | jlehman | 2026-03-29 | Engineering |
| Georg Haubner | ghaubner | 2026-03-27 | Engineering, has D: backup |
| Kellyn Wackerly | Kellynwackerly | 2026-03-26 | |
| Jaime Becerra | JBecerra | 2026-03-26 | |
| Angel Lopez | alopez | 2026-03-25 | |
| Dan Center | dcenter | 2026-03-23 | Operations |
| Logan Tobey | ltobey | 2026-03-23 | |
| Patricia | patricia | 2026-03-23 | |
| Peter Iliya | pIliya | 2026-03-23 | Applications Engineer |
| Sandra Schock | sSchock | 2026-03-23 | |
| Theresa Dean | tdean | 2026-03-23 | |
| Bobbi Whitson | bwhitson | 2026-03-23 | |
| Ayleen Montijo | aMontijo | 2026-03-23 | |
| Ken Hoffman | khoffman | 2026-03-10 | Also has "oemdata" account |
| Ken Hoffman | oemdata | N/A | TestDataSheetUploader author |
| Joel Lohr | jlohr | 2026-03-31 | **RETIRING — disable after 03/31** |
## Service / System Accounts
| Username | Purpose | Notes |
|----------|---------|-------|
| sysadmin | Domain Admin | — |
| Administrator (Admin_3652) | Built-in admin | — |
| svc_testdatadb | TestDataDB service | OU=ServiceAccounts, created 2026-03-28 |
| sqluser | SQL Server service | OU=ServiceAccounts |
| MSOL_664594195fe2 | Entra ID Sync (Azure AD Connect) | — |
| ClaudeTools-ReadOnly | Read-only automation access | Purpose unclear |
## Machine / Functional Accounts
- Assembly Stations: AS24, AS26, AS30, AS31, AS34
- Test Stations: TS1, TS1L, TS1R, TS2L, TS2R, etc. (30+ stations)
- Manufacturing: hipot, encap, Endcap, my9
- Label/Scanning: labelpc, scan, scand2
- Mobile: tablet0107, hh0104
- Shared: confroom, Training
## Disabled Accounts
Alex Mitev, Annie Chin, Bill Oldham, Brian Faires, Brian Scaramella, calibration, Jerry Lopez, John Barrios, Linda D, Maria Cota, Michele Hvidsten, Mizan Rahman, Moe Naseem, Stephen Poanessa, Steve Lehman, Support Pool, William Oldham, wcarr
## Groups
| Group | Scope | Notes |
|-------|-------|-------|
| Domain Admins | Global | Standard |
| Enterprise Admins | Universal | Forest-wide |
| Schema Admins | Universal | Schema modification |
| Administrators | DomainLocal | Local admin |
| ADSyncAdmins | DomainLocal | Azure AD Connect |
| DnsAdmins | DomainLocal | DNS management |
| Hyper-V Administrators | DomainLocal | Hyper-V |
| Key Admins | Global | Key management |
| Enterprise Key Admins | Universal | Enterprise keys |
| Storage Replica Admins | DomainLocal | Storage replication |
**No custom security groups found** — only default/built-in groups.
## Group Policy Objects
| GPO | Status | Last Modified |
|-----|--------|---------------|
| Default Domain Policy | AllSettingsEnabled | 2026-03-02 |
| Default Domain Controllers Policy | AllSettingsEnabled | 2025-09-30 |
| TrustedZones | AllSettingsEnabled | 2025-10-01 |
| Screenconnect | AllSettingsEnabled | 2025-10-01 |
| Profwiz | AllSettingsEnabled | 2025-10-08 |
| Mapped Drives | AllSettingsEnabled | 2025-10-09 |
## Drive Mappings (GPO: Mapped Drives)
| Letter | Path | Purpose |
|--------|------|---------|
| B: | \\\\ad1\itsvc | IT service files |
| Q: | \\\\ad2\c-drive | AD2 C-drive share |
| S: | \\\\SAGE-SQL\sage | Sage ERP |
| T: | \\\\ad2\e-drive | AD2 E-drive share |
| W: | \\\\files-d1\sales | Sales docs |
| X: | \\\\ad2\webshare | Datasheets (For_Web) |
| Y: | \\\\files-d1\archive | Archive |
## Action Items
- **[HIGH]** Disable jlohr account — retirement was 2026-03-31, **OVERDUE**
- Investigate ClaudeTools-ReadOnly account purpose
- Ken Hoffman has two accounts (khoffman + oemdata) — consolidate?
Reference in New Issue View Git Blame Copy Permalink