azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eaae28c20175abbc144b2f033bd48e06ebd6f997
claudetools/clients/cascades-tucson/docs/migration/phase3-domain-join.md
Howard Enos 8d975c1b44 import: ingested 160 files from C:\Users\howar\Clients 
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:

Clients (structured MSP docs under clients/<name>/docs/):
- anaise       (NEW)  - 13 files
- cascades-tucson     - 47 files merged (existing had only reports/)
- dataforth           - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa       (NEW)  - 22 files, multi-site (camden, river)
- kittle       (NEW)  - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template    - 13-file scaffold for new clients

MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/         - clean_printer_ports, win11_upgrade,
                       screenconnect-toolbox-commands

Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
  to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
  no other credentials found

Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
  (identical duplicates of msp-audit-scripts versions)

Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)

Session log: session-logs/2026-04-16-howard-client-docs-import.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-16 19:43:58 -07:00

3.0 KiB
Raw Blame History

Step 5: Domain Join (~1-2 hours per machine, remote via ScreenConnect)

5a — Pre-join verification (once, from any INTERNAL machine)

Run scripts/phase3-pre-join-verify.ps1 or manually:

nslookup cs-server.cascades.local
nslookup _ldap._tcp.cascades.local
ping 192.168.2.254
net view \\192.168.2.254

All must succeed. If they don't, fix DNS/firewall (Step 2) before proceeding.

5b — Join non-domain machines (one at a time)

Order: DESKTOP-KQSL232 → CHEF-PC → SALES4-PC → MDIRECTOR-PC (least critical first)

Pre-requisites per machine

Machine Blocker Action Needed
DESKTOP-KQSL232 None known Verify OS edition supports domain join
CHEF-PC None known Verify OS edition supports domain join
SALES4-PC Not on network (absent from ARP/DHCP as of 2026-03-06) Locate machine, verify powered on
MDIRECTOR-PC Windows 10 Home — cannot domain-join Upgrade to Pro first (key available). Users: Anna Pitzlin, Shelby Trozzi, localadmin. No Desktop/Documents data to migrate. MAC: 98:ee:cb:9d:8a:81

For each machine, run scripts/phase3-join-domain.ps1 via ScreenConnect:

Per machine:

  1. Document current state (automated by script)

    • systeminfo, ipconfig, printers, mapped drives saved to C:\IT-Migration\

  2. Create local admin backup account

    • Localadmin local admin account (for rollback access)

  3. Verify DNS resolves AD

    • Must resolve cs-server.cascades.local
    • If fails: check DHCP DNS settings (should get 192.168.0.1 via DHCP)

  4. Join domain

    • Add-Computer -DomainName cascades.local -OUPath "OU=Staff PCs,OU=Workstations,DC=cascades,DC=local"
    • Automatic reboot

  5. Post-reboot verification (run scripts/phase3-post-join-verify.ps1):

    • gpresult /r — GPOs applied?
    • \\CS-SERVER\Shares accessible?
    • Mapped drives appear (S:, department drive)?
    • Printers auto-installed?
    • Print test page works?
    • Internet works?
    • nltest /dsgetdc:cascades.local returns CS-SERVER?

  6. Migrate user profile if needed

    • Copy local Desktop/Documents to network share
    • Or use ForensiT User Profile Wizard (free) to migrate local → domain profile

5c — Link GPOs (after first successful join)

  1. Link "CSC - Security Baseline" → domain root
  2. Link "CSC - Drive Mappings" → user OUs (Departments, Management, Sales, MemCare)
  3. Link "CSC - Printer Deployment" → OU=Workstations
  4. Link "CSC - Windows Update" → domain root
  5. Link "CSC - Folder Redirection" → user OUs

Run gpupdate /force on first machine, verify everything works.

5d — Update existing domain machines

Run on CRYSTAL-PC, ACCT2-PC, DESKTOP-H6QHRR7, DESKTOP-1ISF081:

gpupdate /force
# Verify drive mappings and printers appeared

Rollback (per machine)

  1. Log in with Localadmin local account
  2. Run: Remove-Computer -UnjoinDomainCredential (Get-Credential) -Restart
  3. Machine returns to workgroup mode with local accounts intact
Reference in New Issue View Git Blame Copy Permalink