azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bc39d7530497928da8d59c05fbc94cef583088d1
claudetools/clients/cascades-tucson/session-logs/2026-05-05-howard-zachary-nelson-onboarding.md
Howard Enos bc39d75304 sync: auto-sync from HOWARD-HOME at 2026-05-05 16:44:25 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-05-05 16:44:25
2026-05-05 16:44:26 -07:00

6.7 KiB
Raw Blame History

Cascades — Zachary Nelson onboarding (Accounting Assistant)

Date: 2026-05-05 Tenant: cascadestucson.com (207fa277-e9d8-4eb7-ada1-1064d2221498)

User

  • User: Howard Enos (howard)
  • Machine: Howard-Home
  • Role: tech

Summary

Created new M365 account for Zachary Nelson (Accounting Assistant) via the remediation-tool user-manager tier. Assigned Microsoft 365 Business Premium (SPB) license. Random initial password issued; user must change at first sign-in.

Account details

Field Value
Display name Zachary Nelson
UPN zachary.nelson@cascadestucson.com
Object ID b17a4645-01f7-4c0e-be1b-563d405867a2
Job title Accounting Assistant
Usage location US
Account enabled true
Created 2026-05-05T16:42:24Z
License SPB (cbdc14ab-d96c-4c30-b9f4-6ada7cdc1d46) — Microsoft 365 Business Premium
forceChangePasswordNextSignIn true

License selection rationale

Tenant has two coexisting Business-tier subs:

  • SPB — 34 prepaid, 2 consumed pre-creation (32 free) — active subscription with Defender for Business + Intune + AAD P1
  • O365_BUSINESS_PREMIUM (Business Standard, legacy) — 0 prepaid, 32 consumed — what existing users (e.g. Allison Reibschied) still have; appears mid-migration

Mike chose SPB for Zachary. Other recent users may need to be migrated to SPB to drop the legacy SKU; tracked as a follow-up below.

Operations performed

  1. Acquired investigator token for read-only checks (license inventory, naming convention, dup check).
  2. Acquired user-manager token for write ops.
  3. POST /v1.0/users with passwordProfile.forceChangePasswordNextSignIn=true.
  4. POST /v1.0/users/{id}/assignLicense with addLicenses=[SPB], removeLicenses=[].
  5. Re-read user — confirmed accountEnabled=true, usageLocation=US, assignedLicenses=[SPB].

Not done (deferred — confirm scope with Mike)

  • Manager assignment — none set (need name from accounting team lead, e.g. Meredith Kuhn or whoever runs accounting).
  • Group memberships — no groups added. Sample peers in the tenant have either no groups or Managers. Will follow up on which CA / mail / Teams groups Accounting normally joins.
  • MFA enrollment — handled at first sign-in by tenant CA policy; nothing pre-staged here.
  • On-prem AD account / mailbox folder redirection / homes share — Cascades is mid Entra Connect staging-mode rollout; new cloud-only users don't get on-prem AD provisioning yet. If Zachary needs domain-joined workstation access, on-prem account + folder-redirection OU placement is a separate task.
  • License migration tracking — 32 users still on legacy O365_BUSINESS_PREMIUM SKU (zero prepaid). Worth a sweep to migrate everyone to SPB and clean up the overage.

Password handoff

Initial password delivered to Mike in chat (one-time). Not committed to repo. User will change at first sign-in.

Verification (M365)

GET /v1.0/users/b17a4645-01f7-4c0e-be1b-563d405867a2
{
  "userPrincipalName": "zachary.nelson@cascadestucson.com",
  "displayName": "Zachary Nelson",
  "jobTitle": "Accounting Assistant",
  "accountEnabled": true,
  "usageLocation": "US",
  "createdDateTime": "2026-05-05T16:42:24Z",
  "assignedLicenses": [{"skuId":"cbdc14ab-d96c-4c30-b9f4-6ada7cdc1d46"}]
}

On-prem AD account (cascades.local)

Created via GuruRMM remote PowerShell on CS-SERVER (agent 6766e973-e703-47c1-be56-76950290f87c). Mirrored Allison Reibschied's setup exactly per Mike's instruction.

Field Value
sAMAccountName Zachary.Nelson
UPN Zachary.Nelson@cascadestucson.com
EmailAddress Zachary.Nelson@cascadestucson.com
DistinguishedName CN=Zachary Nelson,OU=Administrative,OU=Departments,DC=cascades,DC=local
SID S-1-5-21-388235164-2207693853-3666415804-1208
Created 2026-05-05 09:57:23 (server local)
Enabled true
ChangePasswordAtLogon true (PasswordExpired=True confirmed)
Group memberships Domain Users only (matches Allison)
HomeDirectory / HomeDrive / ProfilePath / ScriptPath unset (matches Allison — folder redirection is GPO-driven)
Title / Department / Office unset (matches Allison)

Note: AD UPN suffix is @cascadestucson.com (matches Allison's existing config), even though Mike initially said "separate" — pivoted on the second instruction to mirror Allison verbatim. Future Connect sync (when staging mode exits) would soft-match this AD account against the cloud-only M365 account I created earlier today; we'll need to decide soft-match strategy then.

Shares

Mike will set department share access manually and update us when done. No share or D:\Homes\Zachary.Nelson ACLs touched in this session.

Password handoff

Two separate one-time passwords delivered to Mike in chat:

  • M365 cloud account password
  • AD domain account password

Neither committed to repo. Both forced to change at first sign-in.

Update: 16:42 PT — Syncro ticket #32255 invoiced

Ticket #32255 — Zachary Nelson onboarding (Invoiced)

  • Customer: Cascades of Tucson (Syncro 20149445)
  • Subject: Zachary Nelson - New user / email / desktop setup
  • Issue type: New User / Workstation Deployment. Priority: 2 Normal. Status: Invoiced.
  • Contact: null (Cascades blank-contact rule).
  • Initial issue comment summary: Set up new M365 email and user account for Zachary Nelson; configured account on his desktop; added Zachary to share folders on cascadesDS — ALdocs, Business Office, Business AL.
  • Billing: Onsite labor (product 26118): 1.0 hr @ $175/hr — applied to Cascades prepay block.
  • Invoice: #67565 — total $0.00 (1.0 hr applied to prepay; no taxable items). Labor line shows "Applied 1.0 Prepay Hours".

Coverage note

This ticket bills only the desktop / share-folder portion of today's Zachary work. The M365 cloud account creation, on-prem AD account creation on CS-SERVER, license assignment (SPB), and password handoff to Mike are documented earlier in this log and folded into the same 1.0-hr onsite block. If this scope ends up needing a second pass (manager assignment, group memberships, or the broader O365_BUSINESS_PREMIUM → SPB migration sweep tracked in "Not done"), open a follow-up ticket rather than appending to #32255.

Cascades prepay block (post-billing)

  • Block at 50.0 hours before today's billing session.
  • Decremented 1.5 hours total today (0.5 on #32253 + 1.0 on #32255) → 48.5 hours remaining.

Cross-reference

Skill bug hit on Ticket #32253 (Syncro timer_entry response shape) is documented in the parallel chef-pc-slow log (2026-05-05-howard-chef-pc-slow-and-mdirector-ram.md, "Update: 16:42 PT" section). Ticket #32255 was created cleanly after the workaround was understood.

Reference in New Issue View Git Blame Copy Permalink