claudetools/wiki/clients/lamaddux.md

type, name, display_name, last_compiled, compiled_by, sources, backlinks

type	name	display_name	last_compiled	compiled_by	sources	backlinks
client	lamaddux	Maddux / Parkinson (Household)	2026-06-12	GURU-5070/claude-main	2026-06-12 Jim Parkinson mail migration (Syncro	systems/ix-server clients/internal-infrastructure

Maddux / Parkinson (Household)

Household / small-residential client. Two people, one M365 tenant (lamaddux.com): LeeAnn Maddux (mailbox leeann@lamaddux.com; also appears as "LeeAnn Parkinson") and her husband Jim Parkinson (jim@jparkinsonaz.com). RMM client name is "Leeann Maddux", site "Home".

Profile

• Contract type: Break-fix / residential (verify — check Syncro)
• Key contacts:
  • LeeAnn Maddux — leeann@lamaddux.com (a.k.a. LeeAnn Parkinson)
  • Jim Parkinson — jim@jparkinsonaz.com (husband)
• Active ticket: Syncro #32411 — Jim Parkinson shared-calendar / mail migration

Email & Identity (M365 tenant lamaddux.com)

• Tenant ID: 2f0c4c92-c608-4ee0-bdc2-87d5fd8fe929
• Domains: lamaddux.com (primary), jparkinsonaz.com (custom domain added + verified 2026-06-12 during Jim's migration), lamaddux.onmicrosoft.com
• Breakglass admin: admin@lamaddux.onmicrosoft.com
• Licensing: 2x Exchange Online Plan 1 (LeeAnn + Jim)
• Remediation onboarding: Onboarded to the ComputerGuru remediation suite via single-consent 2026-06-12 (all apps + directory roles). See projects/msp-tools.

Mailboxes

Mailbox	User	Notes
leeann@lamaddux.com	LeeAnn Maddux	Jim has FullAccess (AutoMapping on) + Send-on-Behalf
jim@jparkinsonaz.com	Jim Parkinson	Migrated off on-prem Neptune Exchange 2026-06-12

Jim Parkinson mail migration (2026-06-12, Syncro #32411)

Moved Jim off the on-prem Neptune Exchange (where jparkinsonaz.com was an accepted domain) into the lamaddux.com M365 tenant to fix shared-calendar sync issues with LeeAnn. Neptune background lives in clients/internal-infrastructure.

Steps completed:

• Added + verified jparkinsonaz.com as a custom domain in the tenant.
• Created jim@jparkinsonaz.com + assigned EXO Plan 1; set password + MFA (vault clients/lamaddux/jim-parkinson-m365.sops.yaml).
• PST-exported Jim's 1.78 GB Neptune mailbox via New-MailboxExportRequest → \\NEPTUNE\PSTExport$\jim-jparkinsonaz.pst (for Outlook import).
• DNS cut over to O365 (zone hosted on ACG IX — see systems/ix-server): MX jparkinsonaz-com.mail.protection.outlook.com; SPF v=spf1 include:spf.protection.outlook.com -all; autodiscover CNAME → autodiscover.outlook.com; DKIM selector1/selector2 CNAMEs → ...lamaddux.a-v1.dkim.mail.microsoft.
• Stripped the jparkinsonaz.com zone to an O365-only record set: removed the root A (pointed to Neptune 67.206.163.124), the mail CNAME, all CalDAV/CardDAV SRV records, and cPanel DCV/ACME records.

Mailbox sharing & calendar reconciliation

• Sharing: Jim granted FullAccess (AutoMapping on) + Send-on-Behalf on leeann@lamaddux.com.
• Calendar fix: 8 Jim-organized appointments that had invited LeeAnn but never reached her (the on-prem box couldn't deliver) were copied onto her calendar.
• App scoping for the calendar fix: Calendars.ReadWrite + Contacts.ReadWrite (Graph) were added to the ComputerGuru Exchange Operator app (appId b43e7342-5b4b-492f-890f-bb5a4f7f40e9) and constrained by an EXO ApplicationAccessPolicy (RestrictAccess) bound to the mail-enabled security group app-calscope@lamaddux.onmicrosoft.com (guid d5cf1564-...), which contains only jim@ and leeann@. Net effect: the app's Graph mailbox reach in this tenant is limited to those two mailboxes.
• Contacts cleanup: created a clean contact "LeeAnn Maddux <leeann@lamaddux.com>" in Jim's mailbox; removed a junk "Audible Leeann@lamaddux.com" (no-address) contact. Jim's contacts folder had no on-prem/X500 addresses.

Endpoints (GuruRMM)

• RMM client: "Leeann Maddux" · Site: "Home" · Site ID: DARK-OCEAN-9950
• Jim's two machines: DESKTOP-EDN9UDO, DESKTOP-M0GBKF3

Outlook autodiscover fix (Jim's machines)

Jim's Outlook had been pinned to the old on-prem (acghosting / Neptune) endpoints by a legacy Exclude365-Final.reg. Remediation:

• Undid Exclude365-Final.reg.
• Set ExcludeHttpsRootDomain=1 as an interim measure.
• Permanent fix: removing the root A record (above) so the root-domain autodiscover probe no longer resolves to Neptune.

[WARNING] Outlook autocomplete cache on Jim's PC may still hold the legacy on-prem X500 address for LeeAnn (/o=First Organization/.../cn=LEEANN_LAMADDUX.COM). If mail to her NDRs, clear the autocomplete entry in Outlook — Graph cannot touch the autocomplete cache.

Access

• Vault paths (do NOT inline secrets):
  • clients/lamaddux/jim-parkinson-m365.sops.yaml — Jim's M365 password + MFA
  • clients/lamaddux/gururmm-site-home.sops.yaml — RMM site "Home"
• Breakglass admin: admin@lamaddux.onmicrosoft.com (password in vault)

Active Work / Open Items

• Confirm Jim's Outlook PST import looks good.
• Final delta export, then decommission jparkinsonaz.com on Neptune (remove the accepted domain, the mailbox, and the old DKIM).
• Remove the now-redundant ExcludeHttpsRootDomain registry value once stable.
• Clear Jim's Outlook autocomplete cache (legacy LeeAnn X500 entry).

Backlinks

• systems/ix-server — DNS for lamaddux.com + jparkinsonaz.com zones hosted on ACG IX
• clients/internal-infrastructure — Neptune Exchange (Jim's old mail host) + PST export share
• projects/msp-tools — remediation-suite onboarding + Exchange Operator app scoping