Posts made by magicmarker

I’ve been researching methods to be alerted of security threats in Office 365. I’m currently using a single EMS 5 license that I assign to one global admin account that give me access to the Office 365 cloud security portal. The O365 cloud security portal does give me access to multiple alerts and you can setup events be alerted via email and even SMS. I’m curious what others are using for Office 365 cybersecurity protection and notification. I was looking at a SAAS cybersecurity company called Coronet (https://www.coro.net/). It looks like Coronet created a nice simple interface to Office 365/G-Suite to monitor security threats. Anyone familiar or know anyone that used Coronet?

I wanted to update this post for anyone searching this in the future. After I actually went through all the devices that would have a hard coded static IP address, I was only presented with a list 15 devices throughout my entire infrastructure (5 branch offices). The list does not include server VM DNS entries though. Updating the DNS settings on the hard coded devices is definitely a better route than what I was trying to originally accomplish by keeping the original DC IP address. Attempting a work around with Active Directory would potentially cause much more chaos. Updating 15 devices and server IP DNS entries is going to take me less than an hour. So take the advice in this post as long as you know your network.

Well, I'm glad I have this forum to bounce ideas off. I will plan to take everyone's advice and just promote a new Windows 2016 DC with a new name and new IP and demote the Windows 2008R2 DC1. I should be able find all the devices that have the DC1 IP address hard coded.

@JaredBusch said in How do I replace one Domain Controller server with another and keep IP address?:

Migrate FSMO to DC2, Demote DC1, Disjoin DC1 from domain, Shutdown DC1.

Cleanup DC1 references.

Spin up new DC3 using IP of DC1.

DC2 already holds the FSMO roles. No need to migrate. I'm having a hard time understanding why it's crazy to want to keep the same IP address. Changing the IP address is more crazy to me. I feel it would be more disruptive to change the IP address. The server DC1 has been a DC for more than 20+ years. Finding the devices and equipment that are using the IP address is more work than keeping the IP address.

I have 2 Domain Controllers on my network. Call them DC1: 192.168.1.10 and DC2: 192.168.1.11. I want to replace DC1 running Windows 2008R2 with a new Windows 2016 server and keep the IP address. DC1 is only running Active Directory and nothing else. DC2 (Windows 2012R2) has the FSMO and DHCP server roles. I would like to present my punch list to see if I got the migration steps correct to replace DC1 with a new Windows 2016 Domain controller and keep the IP address.

• Check health of domain with dcdiag and correct any issues displaying errors.

• Spin up new Windows 2016 server VM, join to domain, and install Active Directory services. The IP Address on install will be different than DC1. Let’s go with name DC3 and IP address 192.168.1.12.

• Wait 5 business days (Mon-Fri) for AD Replication to fully propagate to DC3.

• After 5 business days start preparation to remove DC1 out of domain during the weekend.

• Remove DC1 IP address 192.168.1.10 from DNS Zone Replication List (Name Servers)

• Decommission DC1 out from domain via dcpromo

• Change DC1 (now stand-alone server) to a new IP address such as 192.168.1.13

• Change IP address 192.168.1.12 on new DC3 to DC1 old IP address of 192.168.1.10

• Reboot new DC3 server

• Reboot DC2 server

• Re-add original DC1 IP (now DC3) IP address to DNS Zone Replication List (Name Servers)

• Cleanup AD meta data via AD Sites and Services or Ntdsutil.exe command line tool to remove any existing entries of DC1.

• Add DNS A record to point decommissioned DC1 server name to 192.168.1.10 - Optional

Summary:
DC1 (Win2008R2)-> 192.168.1.10 (AD/DNS only) -> 192.168.1.13 -> Shutdown indefinitely
DC2 (Win2012) -> 192.168.1.11 (FSMO & DHCP roles)
DC3 (Win2016) -> 192.168.1.12 -> 192.168.1.10 (new AD/DNS server)

These are notes from when I replaced a Windows 2003 DC to the Windows 2008R2 DC. It seems these steps should still work.

I would hate to have to manage O365 and an on-premise Exchange server. Any plans to decommission that on-premise Exchange server? To relay LAN devices, we setup a Windows IIS server to relay the copiers, Veeam, notification emails. You create a mail flow connector in the O365 Exchange admin center to your Windows IIS box. We used Skykick when we migrated to O365, so all the email on the on-premises Exchange was migrated into the O365 accounts. I could not wait to get rid of our on-premises Exchange box after migration to O365. I’m sure you don’t want that thing anymore either.

@JaredBusch said in Replacing a VGA projector in the main conference room:

@magicmarker

You are correct that your best choice is a projector with HDMI. Wireless jsut sucks. the dedicated apps do not work on all platforms and are often laggy.

Buy the projector and test it out. Then have it wired. If the projector has VGA still, leave the old cable if possible. It never hurts to have options.

@JaredBusch Thank you. This is the response I was looking for. The projector has no DVI input so I will just replace the projector, keep the VGA cable and run a new HDMI to the projector.

I’m looking to replace an InFocus projector in our main conference room. The projector only has VGA inputs. When the projector was installed years ago, we had a low voltage contractor run a VGA wire to the conference room floor to allow anyone to easily display a PowerPoint, word, or excel document from their laptop. We are now running into issues with guests that have laptops with no VGA output. We have a small mobile projector we use temporarily in that case. Ultimately, I think we need to replace the InFocus projector in the celling. I’ve tried using different HDMI/DP to VGA adapters to the projector and never got them to work. The screen just randomly stops working after a few minutes, and goes through a loop of working, not working. I need to keep the presentation setup easy for employees and guests to do presentations. I’m aware there are wireless units and even wireless VGA that are out there in the market. However, most units require installing an app to work with the wireless presentation unit. My thought was to replace the VGA only InFocus projector in the ceiling and have a new HDMI wire run to the conference room floor to stick with the KISS method. There is always an adapter for HDMI. Is there anything I’m missing?

Running Sophos Central Endpoint here. Have had zero issues on Windows 7 machines after installing 4493472 last night. I have about 35 Windows 7 machines in my domain.

@JaredBusch said in Make Simple User Passwords:

@scottalanmiller said in Make Simple User Passwords:

Ever need to make passwords for users and, let's face it, in the real world a lot of customers demand some pretty silly simply passwords. Using password generators often results in passwords that customers will not (and maybe cannot) use. A ridiculous situation, obviously, but it is reality. Passwords are simply difficult to often pass on to someone.

When generating temporary passwords, having something super strong is rarely very important. But avoiding something too hard to be used is needed. But just making up something non-random or even non-unique is really bad.

What's a compromise?

https://www.dinopass.com/

Yup, here is reality. Sometimes children's tools just make more sense when, well, you can draw your own conclusions.

I use CHBS
http://correcthorsebatterystaple.net/

Thanks for this link Jared. This is excellent!

I've been working with Veeam support on this. They are telling me that I can use the new Cloud Tier option in update 4 instead of Cloudberry to offload Veeam backups to cheap cloud storage (I plan to choose Wasabi). Since this feature is so new it's hard to know all the cons at the moment. I'm going to try and skip the extra CloudBerry license costs to use the new Veeam Cloud Tier option already built into my Veeam Enterprise license to offload backups to Wasabi. I can update this post after I complete it.
Edit: Here is a link to setting up Cloud Tier with Wasabi if anyone is interested.

@dave_c said in Looking to migrate backup service to Unitrends.:

@magicmarker
Take a look here before: https://rhyshammond.com/veeam-cloud-tier/
It is probably not what you think

Great link @dave_c! Your right, it isn't what I thought. Back to using Cloudberry and Veeam. The Cloud Tier is more for off-site cloud storage of you SORP.

@wrx7m said in Looking to migrate backup service to Unitrends.:

@scottalanmiller said in Looking to migrate backup service to Unitrends.:

@wrx7m said in Looking to migrate backup service to Unitrends.:

@scottalanmiller - Native integration in Veeam BR Update 4. That is what I have been waiting for. I have quite the setup to get backup files to Amazon S3 right now. This would simplify it and dramatically reduce the cost.

For Wasabi?

Yup-
https://wasabi-support.zendesk.com/hc/en-us/articles/115001486671-How-do-I-use-Veeam-with-Wasabi-

I'll be skipping the Cloudberry install now and just use Veeam backup to Wasabi cloud using the Cloud Tier in update 4. Looks like I bought Veeam just at the right time.

@JaredBusch said in Looking to migrate backup service to Unitrends.:

@magicmarker said in Looking to migrate backup service to Unitrends.:

@JaredBusch said in Looking to migrate backup service to Unitrends.:

@scottalanmiller said in Looking to migrate backup service to Unitrends.:

@magicmarker said in Looking to migrate backup service to Unitrends.:

Looking at the Veeam scenario. If I create a SAM-SD as my Veeam repository for local backups. Can someone point me to what middleman software I should be looking to replicate those local backups to the cloud on the SAM-SD to Backblaze B2? This is easy with a Veeam cloud connect partner since I can do this within the Veeam console, but what about going to a third party cloud backup provider?

CloudBerry, or just a script. No special tools needed to send things to B2. B2 provides libraries for it.

Cloudberry is a backup solution itself. You would use that to manage your backup scheudles and such as well as to send the data to offsite storage.

Cloudberry does exactly what I was talking about in my previous post by the way.

I've now got my Veeam install up and going and sending backups to my SAM-SD repository (working great BTW!). I'm wanting to install the CloudBerry server client on my SAM-SD (CentOS 7) and upload my Veeam repo to BackBlaze B2 for offsite storage. I'm having trouble wrapping my head around the proper Veeam backup method to send to the SAM-SD repo and have CloudBerry upload to BackBlaze efficiently. I've currently got the Veeam backup job setup on the Forward Incremental Forever Backup Method. What is the best Veeam backup method to send to the repo that CloudBerry can upload to BackBlaze B2 efficiently, and reduce the amount of uploaded data keeping in mind CloudBerry has the Synthetic Full Backup feature that reuses the existing data stored in the cloud.

You don't. You are mixing two different backup solutions.

@JaredBusch This is such a simple comment, but it's really the best response. I really don't want to setup tapes ever again, even if it's virtual. I've already purchased Veeam Enterprise, but the path to put Veeam backups to the cloud is best done through cloud connect partners or Starwind VTL. CCP's are expensive and Starwind VTL is a PITA setup. Here is a thought...continue to use Veeam to backup to my SAM-SD repo. Then I would install CloudBerry managed backup service on 21 of my important VM's to just backup to Backblaze B2 for offsite backup. The CloudBerry managed backup is priced at $25/per Windows VM with the volume discount.

@ysapir said in Looking to migrate backup service to Unitrends.:

I have some buddies who work at Unitrends in their Engineer dept. that can help talk some things through if you need.
also I know some end users I can refer you to if you want some references that use Unitrends for the same.
and if you need any other options let me know...I love these types of projects.

Thanks for your comment, but I realized Unitrends was not going to work out for me. Other players such as Veeam, Nakivo, Cloudberry are better options for me.

@JaredBusch said in Looking to migrate backup service to Unitrends.:

@magicmarker said in Looking to migrate backup service to Unitrends.:

@JaredBusch said in Looking to migrate backup service to Unitrends.:

@magicmarker said in Looking to migrate backup service to Unitrends.:

What other options can someone point me in the direction of for good priced Veeam offsite storage other than the main AWS and Azure options. The Starwind VTL option to BackBlaze is not very attractive right now. I thought I was going to be able to do this with CloudBerry on my SAM-SD, but that seems like it's going to kill my upload bandwidth since it's not in sync with the Veeam backup job.

Just use Cloudberry and not Veeam.

Haha, this post pointed me in the direction of Veeam. I’ve already purchased Veeam. I now wished I looked into Nakivo and CloudBerry more before I pulled the trigger.

I love Veeam, but if you want to have low bandwidth needs for offsite, then you need to step up to the entrprise version and ro an integrated hosted service.

I got the Enterprise version. What is ro? You referring to a cloud connect partner?

@JaredBusch said in Looking to migrate backup service to Unitrends.:

@magicmarker said in Looking to migrate backup service to Unitrends.:

What other options can someone point me in the direction of for good priced Veeam offsite storage other than the main AWS and Azure options. The Starwind VTL option to BackBlaze is not very attractive right now. I thought I was going to be able to do this with CloudBerry on my SAM-SD, but that seems like it's going to kill my upload bandwidth since it's not in sync with the Veeam backup job.

Just use Cloudberry and not Veeam.

Haha, this post pointed me in the direction of Veeam. I’ve already purchased Veeam. I now wished I looked into Nakivo and CloudBerry more before I pulled the trigger.

Looks like there is going to be some increased cloud backup flexibility with Veeam update 4. Veeam is announcing the updated features tomorrow. Could be exactly what I need.

@Obsolesce said in Looking to migrate backup service to Unitrends.:

@magicmarker said in Looking to migrate backup service to Unitrends.:

What other options can someone point me in the direction of for good priced Veeam offsite storage other than the main AWS and Azure options. The Starwind VTL option to BackBlaze is not very attractive right now. I thought I was going to be able to do this with CloudBerry on my SAM-SD, but that seems like it's going to kill my upload bandwidth since it's not in sync with the Veeam backup job.

Maybe you mentioned this earlier somewhere in here... but how much total data, and how much incrementally?

Total full backup compressed is at 800GB (1.5TB non compressed). Still trying to get good idea of the incremental since I just setup the backup job on Friday. Right now the incremental is at 12-15GB.

What other options can someone point me in the direction of for good priced Veeam offsite storage other than the main AWS and Azure options. The Starwind VTL option to BackBlaze is not very attractive right now. I thought I was going to be able to do this with CloudBerry on my SAM-SD, but that seems like it's going to kill my upload bandwidth since it's not in sync with the Veeam backup job.