/r/sysadmin
A reddit dedicated to the profession of Computer System Administration.
A reddit dedicated to the profession of Computer System Administration
Community members shall conduct themselves with professionalism.
Do not expressly advertise products or services outside of approved threads.
More details on the rules may be found in the wiki.
For IT career related questions, please visit /r/ITCareerQuestions
Please check out our Frequently Asked Questions, which includes lists of subreddits, webpages, books, and other articles of interest that every sysadmin should read!
Checkout the Wiki Users are encouraged to contribute to and grow our Wiki.
So you want to be a sysadmin? RTFM
Official IRC Channel - #reddit-sysadmin on irc.libera.chat Official Discord - https://discord.gg/sysadmin
/r/sysadmin
Hello,
I need some help/opinion here.
I'm in a small company and I want to put all the computers in an AD to help me with the initial configurations, to gain greater control over the equipment, to manage encryptions effectively.
Since there are around 40 computers spread across the country, where some employees are teleworking, others are traveling for work, I thought that having an AD in the cloud would be a better solution.
What type of cloud AD can I apply to my situation?
Hybrid at the moment.
We are planning on moving to cloud completely, doing away with most (not yet all) physical servers. The ones that need to go first are the DC's, we want to go full Entra ID.
The issue is that we have some legacy bullshit running that won't work with modern auth, meaning we do need ADDS. My question is now: how feasible or recommended is it to lift and shift to Entra Domain Services to do the authentication? I know about the limitations with the schema extensions and so on and how we don't really have a lot of management options in it (apparently, according to what I've read on other subs).
That being said .. could we, in theory, also get by with setting up some DC's in Azure? We already have Cloud Kerberos Trust configured as we have a mix of hybrid and cloud pc's so authentication is not really a problem thanks to that connector. If we just yeet a DC with that connector in Azure, would it then be possible to make Entra the 'lead IDP' and only use ADDS on the DC for legacy auth?
I'm more of a cloud man myself so apologies if I sound dumb and uneducated. Probably am.
What video surveillance software do you use ? before we only had bosch camera and the software made it easy to read the nvrs moreover the view system was quite intuitive.
Now we have a site where we only have Hikvision camera and NVR, and i don't know what software to use with it
I need to copy a very large file (many 10s of GB) from a remote machine to which I have only RDP access.
The machine is accessible from VMs in my Azure environment and I can RDP normally.
I have been researching "azcopy" for this purpose, but so far I haven't found a scenario that would work.
Can someone give me an example of an answer file that sets the locale settings to en-US and has the ability to call or run a script, that’s stored in C:\Windows\Temp
I’m trying to run an answer file in OOBE, that runs a script or command once.
Thanks.
I work for a fairly small ISP company (less than 20 employees) as a senior network engineer - I'm pretty rusty on basic sysadmin stuff...
I would like to move away from local accounts on our networking equipment, VMware server, linux servers, and possibly even wifi and implement some form of centralized user access control. We use Office 365 for our AD needs, and I'm looking for ideas on how to setup either a cloud-based or local VM to support user logins on my equipment. I will need the ability to add additional users outside our org.
My initial thought was ldap, tacacs+, and radius all squeezed into one vm - however I'm wondering if there are newer and better solutions out there since my Windows Server 2003 days knowledge of sysadmining...
I'm also thinking ahead, and wondering of the ability to use SSO, Zero Trust, etc. with whatever system I end up implementing.
Any suggestions on a design or service to help facilitate my needs? Any other suggestions to get me started?
Context: I got hit with the old redundancy last year after working at your typical MIC-backed silicon valley based weird tech company for a few years. Was a great career jump but it wasn't to be unfortunately. Spent the past year in complete burnout, but the last few months I've been putting myself out there again and am somehow at the final interview stage for one of the bigger algo trading firms. The job is for internal infra engineering of course, I'm no developer, but reading through glassdoor/reddit has me a little terrified. It really sounds like they expect total performance constantly and the salary/total comp package seems to reflect that.
So I guess what I'm asking is: any fellow sysadmins ever taken this plunge and gone all in on making bank at the potential expense of any WLB?
So, for no reason, the authorities have decided to block internet archive website.
The site is much needed in our daily operations, for a corporate consisting of 500 employee.
What would you suggest to overcome this issue? To proxify? Or what?
Long story short, I have been working in the Azure space, mostly around DevOps and Cloud Security. I took a job at an MSP a year ago as a Cloud engineer, and shortly realized MSP life is not for me.
Right before I left that MSP, A recruiter reached out to me on linkedin 6 months ago about a contract job that was heavy on automation/DevOps at a fortune company, and I figured I'd take the contract gig and try it out, since that's where my experience lies.
2-3 weeks into the job, someone from my team resigns from the org and I get very much convinced into taking a full time role. After I took the role, I realized many of the job functions the previous person was doing had nothing to do with DevOps/Automation, and it seems like a huge part of my role is Windows and Mobile device management and VDI, which I honestly dread entirely. I cannot stand this type of work, however, I've already converted to a full time role from a contract, and I have only been here 6 months, my MSP role was around 5 or 6 months as well.
I'm debating on what I do, go apply and look for cloud security jobs again? Or stay here for longer and force myself to deal with device management? It feels like a 'downgrade' and a complete shift of my career, so ultimately I do not think it is benefiting me, but don't want to look like a job hopper either.
Hi All,
Is anyone else experiencing issues with Australia South East? We have a number of VM's that have dropped into "VM Agent not ready" state that were running fine, redeploy, deallocate and restart all fail to boot. Boot Diagnostics shows the Hyper-V or Windows logos not booting into Windows.
Anyone else experiencing issues?
I have a Dell R6625, With Windows Server 2022 and an NVIDIA L4 I'm trying to Passthru to a VM and it just won't work.
These are the commands I have tried
Set-VM -Name TESTVM02 -GuestControlledCacheTypes $True -LowMemoryMappedIoSpace 3Gb -HighMemoryMappedIoSpace 33280Mb
Dismount-VmHostAssignableDevice -LocationPath "PCIROOT(80)#PCI(0101)#PCI(0000)" –force
Add-VMAssignableDevice -VMName TESTVM02 -LocationPath "PCIROOT(80)#PCI(0101)#PCI(0000)"
Before I install the GPU drivers I can see it in Display Adapters without drivers, when I install the Datacentre drives I get a code 45 in device manager and it hides itself
Has anyone done a similar config and got it to work. I've had a ticket open with the vendor for a while but it seems like it's going in circles, they can replicate the issue they just don't know how to fix it.
Hey everyone,
I’m currently working on making the leap into a sysadmin role and could use some advice. Here’s a bit about me: • Education: I have an Associate’s degree in Computer Networking and I’m currently pursuing a Bachelor’s in Cybersecurity at WGU. • Certifications: I hold CompTIA A+, Network+, Security+, and Project+. • Experience: I’ve got 3 years of experience as a help desk technician and 1 year as a help desk supervisor.
I’ve gained a lot of troubleshooting and end-user support skills from my time in help desk roles, and I’ve had exposure to some basic server administration tasks (e.g., Active Directory, account management, etc.). However, I know the sysadmin role requires a deeper understanding of servers, networking, automation, and scripting, which I want to develop further.
I’d love to hear from those who have made this transition or are working as sysadmins: 1. What skills or certifications should I prioritize next? Should I look at something like Linux+ or cloud certifications (AWS, Azure)? 2. What projects or labs can I work on to showcase my skills? I’ve heard building a home lab can help, but I’m not sure where to start or what to focus on. 3. How do I position myself to employers? Should I highlight my leadership experience as a help desk supervisor, or focus more on technical skills I’ve learned?
Any other advice or resources (books, courses, etc.) you’d recommend would also be greatly appreciated! Thanks in advance for helping me level up!
Mind you I’m still in college going for computer network security-goal is to be a network/Sys admin but since I have no experience in the work field just yet, I would love to know the amount of crap you guys put up with and what I should expect when I land my first job in the industry
Unprivileged user accounts do not have write access to certificate templates.
Is there any command to check the access?
At the moment we just have all our infrastructure info stored in Confluence. Just tables of VLANs, devices, IPs, etc. And a lot of it is inaccurate.
Does anyone here have any experience with Netbox? I was just going to deploy the free, open-source version. Is it a pretty mammoth task to get this all up and running? Is it a good choice? Or is it not worth the time?
I currently have an on-prem AD environment that has some unrecoverable problems. I'd like to just start over using Microsoft's online systems, so that new PCs will authenticate to Entra ID accounts, store files on the local drive but also back then up on our E3 licensed storage, and let me make some settings via Group Policy or whatever might have replaced GPOs.
The problem is that I only vaguely know what is possible and don't know where to start.
Can anyone recommend a book, online course, YouTube playlist, etc. that I can use to start learning how to set up an environment like that?
Hi, I have a Window Server 2022 Datacenter machine with three NVME SSDs, 2 x 10TB HDDs.
I have the OS on one SSD, and am trying to use the other two SSDs as a mirror cache for a mirror of the two 10TB HDDs.
I've tried the storage bus stuff but the performance is bad and the documentation doesn't seem very clear or good ( https://learn.microsoft.com/en-us/windows-server/storage/storage-spaces/storage-spaces-storage-bus-cache ). The writes don't seem to go to the SSDs. And no, sequential writes to the HDDs are NOT faster than sequential writes to modern NVME SSDs.
Any suggestions on how to actually configure stuff so that the reads and writes are cached and fast (until the cache is low)?
Update: I managed to get much better write performance by setting -WriteCacheSize to a few hundred GB when using New-Volume ( https://learn.microsoft.com/en-us/powershell/module/storage/new-volume?view=windowsserver2025-ps ). However I still don't understand how the StorageBusCache works with this, is it still useful to have or should I get rid of StorageBusCache and have more space for WriteCacheSize? Should I have a small SSD tier and a huge WriteCacheSize? From some Dell documentation it seems like the tiering stuff only changes on a daily basis by default ( https://www.dell.com/support/manuals/en-my/storage-md1420-dsms/dsms_bpg_pub-v2/storage-tiers?guid=guid-2058afac-c705-412e-902d-61504b50843e&lang=en-us )
Requirment: Access to Microsoft AD DS domain controllers, Microsoft AD CS CA servers, Microsoft AD FS servers and Microsoft Entra Connect servers is limited to privileged users that require access.
How do I implement this?
Hi all,
Have recently been tasked with chasing up some non compliant Windows Servers that have been failing patching, which have me stumped. We use ConfigMgr to patch our environment of many hundreds of servers and it mostly works great, the odd server needs remediation but usually not a problem. However, I've noticed a very small number of 2019 servers which are downloading the cumulative each month, "installing" and rebooting in a maintenance window, and then reporting they don't have the patch and are awaiting the next maintenance window to install it. .NET patches are all installing fine.
I've checked the behaviour locally on one of the servers with an MSU from the catalog and I can see the same thing happening. Any cumulative Windows patch I try to install runs, briefly says installing, then immediately skips to complete and asks for a reboot. No error codes, just instant "success" and then on reboot, no sign of the patch.
I'm figuring the last installed cumulative got corrupted or otherwise installed incorrectly, but I'm not sure how to fix it. I did find Dism /RevertPendingActions as a possible option, but it needs to be run from a WinPE environment i.e. install media I guess, so I'm hoping I might have missed a better way to address this problem before I jump to that. But it is an option I haven't tried yet.
TL;DR: Small number of 2019 servers unable to be patched any more, all cumulatives immediately ask for reboot but do not actually install. Help do the needful. :P
I'm currently looking at BitDefender and Huntress as possible solutions for commercial clients. My pricing for Bitdefender is 1.75 for the core product and 3.72 for the Foundational MDR add-on. That's 5.47, an endpoint. The price goes down once I hit 100 endpoints, then down to 4.69 an endpoint.
Huntress on the other hand is 5.00 a month until you hit 50 endpoints then it's 3.50. Technically, 35 is the break-even point between the two prices.
Now, does Bitdefender do anything that Huntress doesn't do that would prevent me from spending the extra funds for those products? I see things like a content filter, and a password management tool that comes with the Bitdefender product, but I have better tools for that so I wouldn't use it anyway. I'm also looking at Sophos, but finding a distributor who can tell me the price is hard. They keep asking me how many endpoints they need to generate a quote.
Software (fake) RAID 1 array with (2) 4TB drives from a Dell Perc S130. They had a pipe burst and water leak on the floor above the server and the server itself is toast. Literally water pouring out of it when I arrived. The drives I recovered seemed dry so I figured it was worth a shot trying to get the data off instead of the lengthy process of restoring cloud backups. Everything I've read says RAID 1 is super easy to recover, just plug the drive into anything and copy the data off, but that doesn't seem to be the case here. Perhaps due to this being from a software RAID? Anyhow, I plug the drive into another computer and it doesn't mount. Shows up in Disk Management as two separate 1.6TB partitions with a little unallocated space. In the original RAID these would have been something like a 500GB C: system partition and then a 3.4TB D: data partition or somewhere thereabouts. So straight away the difference in partition size seems concerning. I've tried mounting and reading these on two windows machine and on ubuntu with no luck yet. Are these drives toast? Should they be working or is there maybe another hoop I need to jump through since they came from a software RAID?
I lurk a lot on here and learn what I can. I posted a while back of a local rec center that I help out with their IT needs. (https://www.reddit.com/r/sysadmin/s/PLNbJopc43)
Long story short, contract was canceled with old VoIP MSP. MSP has sent final bill charging for the equipment still in their rack.
Tried logging into the Lanner box serving as their router/gateway but had no luck. Couldn’t find the IP of the Netgear switch to try and log into (GS728TP).
Posting if anyone has suggestions on how to pull some configs off these devices or best to proceed. The Lanner is connected to a 100Mbps circuit via an AT&T Edgewater EdgeMarc 4808 Multi-Service VoIP Gateway. For new router, I would need the IP/subnet/gateway AT&T needs our equipment to use, correct?
It’s a pretty simple shop - maybe 10 or so PCs/laptops, 2 WAPs, and 10 Ooma VoIP phones. I know they had at least 2 vlans.
I was thinking of replacing the Lanner with a Fortigate 40F and resetting the Netgear switch.
Open to suggestions or things to consider. Thanks in advance!
Hi all,
Hoping to get some pointers on the renewal process, I think I've got the initial steps down. What I'm struggling to understand is the AIA and CDP locations. Once the ca certificate has been renewed do I need to publish the certificate to these locations even if the locations are ldap ?
Also my machines are ad joined and have the auto enrollment policy applied, do I still need to distribute the new ca to the intermediate certification store via GPO?
Thanks in advanced
Maybe once a year we will have a domain user who after changing their login password will develop at least 1,000 failed logins from their computer. This only happens for users who use AutoCAD.
Also, outside of a fresh start of the computer causing the login failures, what can I do to take care of the login failures? We are trying to avoid fresh starting the computer.
We already cleared all cached passwords for this user.
I'm having problems figuring out how to prove to our ISP that we have download issues.
We started having slow download issues with high packet loss, according to our firewall over the weekend. There have been no changes on the network in a couple of weeks. Our connection is 1000Mbps up/down and we are getting 900Mbps up but our download throughout the day has been 20 to 100 Mbps. The packet loss on the firewall went away after a reboot this morning but has returned throughout the day.
I opened a ticket with the ISP and they said they are not seeing any issues and want traceroutes and ping tests showing the issue but everywhere I run these they come back without issue. As soon as I do a speed test or try to download something, that is where I see the super slow downloads but for some reason, they cannot (The ISP does have access to the MX firewall to run tests from there). On an internal workstation, I have bypassed internal DNS, Cisco Umbrella, and it still has slow downloads so it doesn't appear to be DNS-related.
Our internet hits a Ciena box before hitting the MX and I plan to reboot that, and reseat the fiber connections, in the morning but wanted to see if there are any other things I can send the ISP proving we are having issues.
This seems like it should not be that big of a deal to prove and I feel bad for having to ask but for some reason, I cannot think of a way to show this to them.
Hello -
I am trying to find an easy solution that allows a "single point of contact" for phone calls and texting, that also integrates with MS Teams. We have considered and rejected Avaya Cloud (long story).
In order of priority we need:
We were told Avaya Cloud could do this but they have been terrible to work with. I can't get clarity on whether an MS Teams phone system will allow sending SMS texts to non-Teams contacts.
The use case for texting is that I meet someone at a conference, or I am working with someone, and want to text them a question on a one to one basis. I want that number to be the same as the voice number; and I would like call and text to integrate with Teams so that when the phone number is dialed it rings within MS Teams as well (or SMS messages show up in the Teams app). Needs to work for Android and Apple.
Any such solutions exist? Thanks.
I've seen some information on .MSIX packages, but I am curious what everyone's experience is with them.
I'm setting up a new Server 2025 Hyper-V host using 6, 960GB SSDs in RAID 10. Can anyone help me choose a "Stripe Element Size" for a PERC H755 Controller. I'm seeing a lot of conflicting information out there. This array is going to be used for virtual disk storage. I have a separate array for the Host OS. I want to strike a balance between performance and not wasting a lot of storage.
I've been seeing the following information.
- Always use a small stripe size for SSDs like 64KB
- Stripe Element Size doesn't have a lot of performance impact on SSDs, just use something in the middle like 256KB.
- A lot of recommendations from 10 years ago which probably doesn't apply these days
Also, I'm planning on a read policy of adaptive read ahead, and a write policy of write back. I have a backup battery for the controller. Please chime in on these settings as well if you have experience. Thanks for your help.
Management has requested that all usernames and passwords we use be consolidated into a single, central location where credentials can be managed across different platforms to prevent unauthorized access.
I’m still relatively new, but I’m not sure how feasible this is without utilizing a dedicated password manager. Are there tools or systems in place for managing credentials centrally that I might not be aware of? Or does everyone just manage credentials independently across various platforms? For instance, I have a Microsoft email account and this Reddit account, with passwords saved in my browser. These aren’t centrally managed, except perhaps through a tool like Bitwarden.
Has anyone ever tried running Windows Server with Hyper-V on this specific device.
Website is https://www.minisforum.com/page/g7pt/index.html?lang=en
Google AI indicates it should be possible but my company's lead sysadmin doesn't believe it will work.
This is mainly for a personal project of mine and not anything directly work specific.
The goal is to use the device to get more familiar with Hyper-V while outside of work, which would benefit me on the job.
The processor is a AMD Ryzen™ 9 7945HX Processor, 16 Cores / 32 Threads (64M Cache, up to 5.4 GHz) so core count shouldn't be an issue when it comes to running maybe 2 or 3 VMs.