-
Reddit SystemAdmin. Thanks @reddit2telegram and @r_channels.
Two domain controllers
Seeing what everyone’s input is for dns settings on two domain controllers. Do you put a loop back and then the address of the opposite dns server or
Do you use the il address of the server and the. The opposite ip address of the server
https://redd.it/1nmia3n
@r_systemadmin
Exchange hybrid free busy issue
Working on an exchange hybrid migration. Have 2 exchange 2016 servers and 1 new exchange 2019 server being used for hybrid connection to Exo, no mailboxes. Migrated 2 users as test to Exo and when they check free busy of on prem users this happens. Some work and some don't, totally random. User could work one day and not the next. All mailboxes are on a single exchange 2016 server. Not always same database for mailboxes showing no information. Any ideas?
https://redd.it/1nmg4cd
@r_systemadmin
M365 Apps unexpectedly closing on their own? Follow up
Hi Folks,
I posted a while back about an issue where M365 apps (New Teams, OneDrive, Edge, and New Outlook, Word, Excel) would all suddenly close at the same time without warning.
At the time I couldn’t reproduce it consistently, so it was hard to pin down. I thought the culprit might be the M365 cloud update, but u/martinnothnagel\_msft has confirmed the cloud update ONLY impacts apps that use the C2R. As this issue was still happening at least once per, week, whilst on the monthly enterprise channel that could not be the culprit. Further, this issue continued to occur after the cloud update was paused.
This week it finally happened on my own work laptop, and I was able to spend time digging in. Here’s what I found:
The trigger appears to be updates to the AppX package e.g. New Outlook app (olk.exe), which is delivered as an AppX package via the Microsoft Store.
Around the exact time the apps all closed, the folder C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_* had a modified timestamp, confirming an Outlook update was applied.
When this happens, not only does New Outlook restart, but other M365 apps also crash. Edge also shows “Edge closed unexpectedly” when relaunched.
In order to workaround this, i've applied a GPO to block Microsoft Store auto-updates. I’m going to monitor this week to see if the crashes stop.
This seemed to manifested the same time we enrolled all our company windows devices into Intune.
I'm not saying Intune is responsible, it's just extremely timely...!
Has anyone else seen this behavior?
https://redd.it/1nm88vr
@r_systemadmin
How do y’all deal with people that just seem to hate IT?
I get a ticket from a user Monday about not receiving emails from a vendor they’re expecting. Now I like this person, I feel we used to have pretty good rapport but I work with them much less now that they’re in sales. I do a message trace, no dice, nothing in quarantine, I see that vendor has sent emails, just not the ones he’s looking for. I say hey I don’t see anything that shows it even hit the server, so it likely is on their end. Maybe they don’t send it, or they’re having issues with their system? Do you have anyone from there I can talk to and sort it out with?
I then get an email I believe he meant to forward but replied and added his boss (sales) asking if I knew what I was doing because I’m always pushing back and not fixing his problems, then suggests I should take some formal classes in IT because I’m not helpful.
I just didn’t reply from there but I’m like, bro what the fuck? Half the time I ask you questions on your tickets and you just don’t reply? I know I love the quick fixes, but shit am I not allowed to take more than one email to fix an issue? I talk to the sales guy and show him our tickets and he’s like no no, I get it. I know you’re just trying to help, no one else here is doubting your abilities.
But like, what do I even do for people like these? If I don’t do it via ticket it’s not documented so I hate to call them or come to their desk. Also, turned out vendor was mid migration and had some issues come out that was making one of their programs that sends email fail to send intermittently.
https://redd.it/1nmaypc
@r_systemadmin
Lost Hardware
A help desk employee lost a brand new $2,500 piece of equipment and has no idea where it went. The department is a secure area, so there are cameras everywhere. Security has him on video putting the device in his backpack. He went over to pick it up and bring it back to the help desk for configuration. For some reason, people were asking me what to do, so they received "order a new one and tell his manager".
Chances are it was thrown out by accident because he comes across as too skittish to steal anything.
https://redd.it/1nm5xlu
@r_systemadmin
IT now controls the light system
I kid you not the reasoning was "it plugs into an Ethernet cable".
I'm waiting for facilities to shove HVAC off to us as well because that's networked too. Maybe we disconnect it from the network so they can't use that argument. "Oh you're mad you cant control it from your desk anymore? I can control the lights from my desk it's nice"
https://redd.it/1nm0miq
@r_systemadmin
Kerberos update inflicted strange behavior
Asking for (expert) opinion. MSP tasked me with the assignment of updating a customers kerberos password after not changing it for more than 14 years as a security recommendation from their security partner.
After assessing the impact, checking domain controller replication for possible errors I changed the password once. The day after customer started noting problems with their citrix environment, being that application crashes occurrd, chrome.exe not working and log off issues.
The evening of changing the password I checked after changing the password for kerberos authentication errors on several servers, however I couldn’t find any. The problems have led to customer escalation and we however decided to go forward and change the Kerberos password for the second time to get rid of the golden ticket attack possibility.
The problems that are currently still occurring are focused on the customers Citrix environment with described problems above.
Customer is running an older but stable (prior to the change) version of FSLogix, in combination with Ivanti Workspace Manager, on Server 2022 Std edition.
I just want to rule out that changing the Kerberos password has anything to do with chrome.exe or pdf readers crashing. Strangely enough no eventlog registrations point us in any direction where the issue might come from.
After changing the password once and afterwards for the second time (there were 25 hours in between changing and default domain policy was set to 10 hours to expire tickets) we initiated a klist purge and rebooted the domain controllers one by one to see if this would make any difference. Further I have visually confirmed the keynumber version incrementally changed from 2 to 3 and from 3 to 4 on all domaincontrollers. This for me is an indication that the change went successfully.
I can image and understand the change could trigger something, yet crashing applications on a citrix server that have no dependencies with the domain is strange behavior. Also when not using FSLogix profiles no errors occur. When reverting back to FsLogix the issues occur. When using the most recent version of FsLogix the issue persists.
Please share your opinions and possible suggestions on how to investigate this further.
Thanks in advance.
https://redd.it/1nlwl41
@r_systemadmin
“We haven’t had our server long”
Says the president of the firm my company acquired a year ago.
—
My company, an environmental engineering holding firm has been acquiring small firms to go the business. I am tasked with helping move the small firms’ data to a cloud service provider. Part of the process is using a tool on the server in the small firm’s environment.
The latest one had checked off enough memory and storage with a newish Windows Server 2022, but no one looked at this particular server closely to notice its about 8 or 9 years old and slow as h—. And their Internet is only 50Mb upload
This will be a disaster…
https://redd.it/1nlkajw
@r_systemadmin
VP (Technology) wants password complexity removed for domain
I would like to start by saying I do NOT communicate directly with the VP. I am a couple of levels removed from him. I execute the directives I am given (in writing).
Today, on a Friday afternoon, I'm being asked to remove password complexity for our password requirements. We have a 13 character minimum for passwords. Has anyone dealt with this? I think it's a terrible idea as it leaves us open to passwords like aaaaaaaaaaaaaaaa. MFA is still required for everything offsite, but not for everything onsite.
The VP has been provided with reasoning as to why it's a bad idea to remove the complexity requirements. They want to do it anyway because a few top users complained.
This is a bad idea, right? Or am I overreacting?
Edit: Thank you to those of you that pointed out compliance issues. I believe that caused a pause on things. At the very least, this will open up a discussion next week to do this properly if it's still desired. Better than a knee-jerk reaction on a Friday afternoon.
https://redd.it/1nldpjb
@r_systemadmin
“7 Months of Microsoft 365 Support Tickets = Silence, Bounce Backs, $50k+ Loss”
I’m a solo business owner whose entire workflow depends on Microsoft 365 email. For 7+ months I’ve been stuck in what feels like a Groundhog Day support loop — dozens of tickets, no resolution, and escalating financial damage.
Here’s the short version of what’s happened:
• Tickets dropped or archived as duplicates without action.
• Escalations never executed — even when explicitly requested (e.g., case 2506130040004496 was never sent to Sender Reputation or Security Engineering).
• Same data requested over and over despite full compliance each time.
• Critical evidence ignored: non-Gmail addresses are also bouncing, but agents keep framing this as “just Gmail filtering.”
• Support silo chaos: Riya, Migz, Abhilash, Daril, Ayodele, Vedent — all separate agents, no alignment.
• 7 months of delay with no escalation path, leaving me to act as my own IT department.
Impact:
• Over $50,000 in lost business opportunities.
• My reputation with clients damaged by bounced emails.
• I’ve spent countless hours in support purgatory instead of running my business.
At this point, it feels like a case study in how siloed, non-narrative support systems can ruin small operators.
Has anyone else been trapped in a Microsoft 365 support hamster wheel like this? Any advice on how to break through, or escalate outside the endless ticket cycle? Of course,
at the end of each ticket I’ve asked to collate combine, ticket #’s escalate, etc. but the protocols do not seem to incentivize collaboration.
https://redd.it/1mv6s39
@r_systemadmin
WSUS, anyone else's gone mad yesterday?
I have a very simple Server 2022 WSUS server.
Yesterday I got a disk space alert for it which was strange as it usually has lots of spare space and the sync is early AM and the disk alert was mid afternoon.
It looks like it was re-downloading a TON of content from Microsoft's Fastly CDN IPs.
Literally nobody here has touched it to approve anything and it looks like it's now using around 75% more space than it was and I have no idea why.
It's not a big issue but did anyone else see anything similar please?
Jas
https://redd.it/1mv8513
@r_systemadmin
GA- Tenant *Poof* Gone
Our org is at a standstill. None of our apps or partners/consultants are able to contact or connect to our tenant or any apps. There are NO logins being processed for any account- and therefore no MS/SSO/Etc. It appears that somehow our Azure/Entra Global Admin is somehow no longer attached the tenant. Our CSP cannot access our tenant and Microsoft is... mostly being Microsoft. Has anyone else dealt with this? We have slowly over then last 6 years or so moved nearly 85-90% off-prem. And this is what the C-suite feared in doing so.
Is this a "compromise" and our tenant is being held hostage or just "Oops, I deleted it on accident? -CoPilot"
*edit- verbiage, grammar
https://redd.it/1musfuy
@r_systemadmin
VP Wants easy way to search all teams' messages
My VP wants the ability to search through all Teams messages for our tenant.
We have O365 Basic for most users.
I know you can do it using ediscovery, but it's clunky and slow.
Any suggestions?
https://redd.it/1murjvm
@r_systemadmin
AITA
Last night I got a call after hours which ignored as the user is not utilizing any vital applications as well as this being a normal occurance for help desk items (which do not pertain to me)
She sent an email asking for documentation that was sent a couple months ago via email (every dept has their own SharePoint and are responsible for their documents)
I replied this morning with the document and a screenshot of when It was sent. As well as a friendly reminder that they have a SharePoint also how to search outlook on the search bar.
She came back so mad and upset and said that I am in the "service industry" and it doesn't matter what she wants I must provide it to her no matter if it was previously sent. Blah blah blah
I probably shouldn't have sent the screenshot/instructions but I honestly didn't know if she knew how to search outlook. Heck I showed her how to create bookmarks on chrome last months and she's been working at the same place for 20 years...
AIYTA?
https://redd.it/1mup6nh
@r_systemadmin
GoDaddy deleted paid M365 accounts because users switched email to Google Workspace?
tl;dr: Why did GoDaddy delete the Microsoft M365 accounts my client is still paying for?
A newer client called me on 8/13/2025, said they couldn't login to their Windows 11 PC. Small business, not a domain, not even really a workgroup. They were logging in to the PC with their Microsoft account.
They'd bought their new domain name at GoDaddy a year or so ago, before I'd ever helped them. They bought GoDaddy's "Microsoft 365 Secure Business Professional" for three users as "Microsoft 365 Email Plus with Security," which created three Microsoft accounts like user@theirdomain.com, with M365 email services at each email address. These were annual subscriptions, paid up through 10/22/2025. They'd set up new PCs with these Microsoft accounts.
On 6/26/2025, they needed to switch to a new CRM that required Google email. They called me to do the migration. I switched their MX records and migrated their email without a hitch, it's been working fine ever since.
On 8/13/2025, the user@theirdomain.com Microsoft account seemed to be gone. Attempting a login at Office.com says the password is incorrect, clicking "reset the password" redirected to the GoDaddy SSO page, which said the account does not exist.
I argued with GoDaddy support for a good 90 minutes, asking them why they deleted the underlying Microsoft accounts. All we'd done on 6/26 was shift the MX records, which GoDaddy does not control. The name servers are at yet another company that manages their web site. GoDaddy still controlled the tenant for M365, as shown by the redirection to their SSO page.
For the first 60 minutes of the call, GoDaddy said they had to delete the accounts because you can't have email services in two places. This did not make sense to me, as I believe the MX records are the deciding factor. The client was still paying for the GoDaddy M365 email service, but was not using that, (nor even using Office,) but they were relying on the underlying Microsoft accounts to login to their PC.
Around 60 minutes in, the GoDaddy support tech began to claim that he'd found a note on the account that said that Google had deleted the four Microsoft accounts on 7/7/2025, which did not make sense to me. I asked "how?" and "why?" and they had no answer, but they suggested I needed to talk to Google. Of course, I asked Google and they said they had not done anything like that, nor could they.
I don't see what would break for GoDaddy because they noticed that the MX records had changed and that a Google domain ownership verification TXT was present in DNS. I don't see why they would cancel services that are paid-up until 10/22.
The product is still there in the client's GoDaddy account, but there's nothing to manage because the Microsoft accounts are gone.
I don't see what would break for Google if the Microsoft accounts still existed, nor can I imagine that they had a way to reach into GoDaddy's tenancy and delete Microsoft accounts. I'm surprised that the PC login continued to work from 7/7 to 8/13.
At the end of the GoDaddy call, I asked them to release the M365 tenant. I presumed this defederation would at least stop the redirection through the GoDaddy SSO and offer a chance to create new Microsoft accounts at the domain. Indeed, now at Office.com, the initial login says the account does not exist.
I found many descriptions of how to defederate from GoDaddy M365. They all expected you'd be renewing M365 either direct or with another provider, which would imply the underlying Microsoft accounts would continue to exist. I did not find any guides that described how to stop the M365 subscription and yet retain the underlying Microsoft accounts.
I thought I had until 10/22 to decide how to handle that aspect. Their is no need for this client to continue M365 for Office or email, but Microsoft certainly likes users to have a (free) Microsoft account with the username as an email address. It's a moot point for this
Do you all plan to further in your career or are you comfortable at sysadmin?
Do you all plan to further in your career or are you comfortable at sysadmin? Just curious on what ppl takes are on moving up in their career.
https://redd.it/1nmcgol
@r_systemadmin
Moving from folder redirection to OneDrive known folder move seamlessly and transparently to users?
I'm currently using Folder Redirection & would like to move to OneDrive Known Folder Move, and am wondering how others have done this, in environments where there is a high expectation of seamlessness, simplicity and reliability for end users (who are not tech savvy), and where desktops still exist and it's not strictly one user = one device.
I know I can upload people's Desktop, Documents, etc folders to their OneDrives with the SharePoint migration tool, and have tested that far already. I know I can make OneDrive redirect known folders by default once the user logs into OneDrive.
The things I am still struggling with are:
* The GPO or Intune settings to automatically sign in OneDrive can't (obviously) do so if MFA is required and not satisfied. I don't see any option to enforce that a user has to sign into OneDrive before saving files on the machine.
* I know Windows Hello for Business is the answer for users who carry a laptop; make their Windows sign in satisfy MFA. I am referring to users who sign into the shared desktop in whichever classroom they are in today.
* I can't seem to get a machine from our current folder redirection GPO to OneDrive KFM, without the machine trying to copy files anywhere (letting us handle it with the SharePoint Migration Tool).
One of the main issues is that folders OneDrive KFM refuses to touch, such as Videos, are redirected inside the documents folder rather than alongside it in the current setup. That causes KFM to refuse to touch Documents. I assume this will be a multi step process to get Folder Redirection to pull Videos and Pictures out of Documents, let clients get that policy, and then move to KFM.
The other issue is idiot proofing. Folder Redirection has had offline files disabled for many years because with it on, users don't pay attention to or resolve sync conflicts, and data is lost. Is there any way to make OneDrive more aggressive about resolving conflicts? The goal is to eliminate cases where user error can result in saving files locally that are not backed up.
https://redd.it/1nm81s7
@r_systemadmin
How do you handle problems that resolve themselves?
Exactly as stated.
We recently had an issue where a large number of our pooled VDI machines lost contact with the with the DC's and started complaining about time differences. We didnt change anything to fix it, we just rebooted the unused machines in the pool and it seems to have cleared up. The group that controls the DC's swears it wasnt a time issue on their end and I know its not a time issue on the pooed VDI machines.
The issue just went away and im having trouble letting it go. I need to know the cause before I can move on and im struggling. Besides that, its hard to give a downtime summary to leadership when you cant confirm the cause for a fact.
https://redd.it/1nmats1
@r_systemadmin
Company Provided Cell Phones
Just curious how many of you have companies that provide mobile devices for your end users?
How do you go about managing them day to day and how many total devices?
https://redd.it/1nm36eo
@r_systemadmin
Military equivalent of DevOps
I’m active duty in the Army, working as a 35T. From what I can tell, my role lines up pretty closely with DevOps/sysadmin: I handle system integration, troubleshooting, networking, security, and keeping mission-critical systems running.
Here’s where I’m at:
Certs: Only have Security+ right now
Clearance: Active TS/SCI
Experience: 5 years in the field (all hands-on, operational environments)
Education: No degree yet — considering WGU’s Software Engineering BS/MS because of flexibility & cost
My questions:
•Would a degree from WGU or UMGC actually help me when I separate, or should I just keep stacking certs?
•For DevOps roles, which certs would you recommend I target next (AWS, Azure, Linux, Kubernetes, etc.)?
•For those who made the jump from military IT/maintenance into DevOps/SRE, what helped you the most when transitioning?
Trying to set myself up for success when I ETS. Appreciate any advice.
https://redd.it/1nm6t4w
@r_systemadmin
Large Enterprise ADFS Migration - Seeking Community Experiences
Hi all,
Our organization is a large enterprise that has been heavily invested in Active Directory Federation Services (ADFS) for years. We're now considering initiating a project to review and potentially trial more modern authentication mechanisms, but the scope feels daunting given our deep integration.
# Our Current Situation:
* Extensive ADFS deployment with numerous integrated applications
* Complex on-premises infrastructure dependencies
* Significant investment in existing ADFS customizations and configurations
* Large user base with established authentication workflows
# What We're Seeking:
I'd love to hear from others who have navigated similar transitions:
**Migration Experiences:**
* Has anyone here led or been part of a large-scale ADFS migration?
* What were the biggest challenges you encountered?
* How did you handle the transition timeline and user impact?
* What lessons learned would you share?
**Solution Comparisons:**
* **Microsoft Entra ID (Azure AD)**: Experiences with hybrid deployments, cost implications, feature gaps vs ADFS?
* **Third-party solutions** (Okta, Ping Identity, Auth0, etc.): How do they compare in enterprise environments?
* **Other modern alternatives**: What else should we be evaluating?
**Practical Considerations:**
* Cost analysis: Hidden costs beyond licensing?
* Integration challenges with legacy applications?
* Change management strategies that worked well?
* Security and compliance considerations during migration?
# Specific Questions:
1. For those who moved to Entra ID - was the cost savings as significant as Microsoft claims?
2. Any experiences with running parallel systems during transition?
3. How did you handle applications that were tightly coupled to ADFS?
Any insights, war stories, recommendations, or cautionary tales would be incredibly valuable as we plan our approach.
Thanks in advance for sharing your experiences!
https://redd.it/1nlvdm6
@r_systemadmin
Calling All Sysadmins! What’s Your Best Advice or Fun Welcome Message for a Fresh Sysadmin?
Hey everyone,
We’ve got a fresh sysadmin diving into this crazy, ever-changing world of systems administration. Whether you’re a seasoned pro, someone who’s still figuring things out, or just have quirky advice to share—this is your moment!
What’s the best advice, tip, or funny “welcome to the team” phrase you’d give to someone just starting their sysadmin journey? Could be a golden rule, a survival tip, or a cheeky phrase like “Welcome to rest in peace!”
No advice is too big or too small. No joke is too silly. Just throw it all in—let’s create a treasure trove of wisdom and humor for the newbies.
So, what’s your story? What should every fresh sysadmin know or laugh about before they jump in?
Can’t wait to hear your thoughts!
https://redd.it/1nlrgzg
@r_systemadmin
Today's one panel cartoon in the Wall Street Journal addresses IT outsourcing
For a quick chuckle: https://www.wsj.com/opinion/pepperand-salt-541ab8d8?mod=pepperandsalt\_article\_pos1
https://redd.it/1nlg0dh
@r_systemadmin
Issues with Microsoft 365 logins
We are getting reports of user not able to log into email. Upon investigation we are seeing users able to complete MFA and then be redirected to specifically m365.cloud.microsoft/?auth=2
And failing to redirect any further.
Going to outlook.office.com after MFA allowed the user to access email.
It seems there is something wrong with the hand off from MFA/logins to Microsoft services.
https://redd.it/1mve29d
@r_systemadmin
Yealink Meeting Room Firmware sets admin password to an empty string
There was a firmware update last week (155.15.0.100) and I noticed, that the time displayed was wrong. The NTP Server was still configured though…
Anyway I tried to login into the device (local and web), but it claimed “wrong password”. I then changed the password in the Yealink Cloud but that did not work.
Turns out that somehow the “new” password is now just empty. Just press login and you are in. Anyone else experiencing this? Was the firmware update just a coincidence?
https://redd.it/1mv8v09
@r_systemadmin
Then they came for IT, or poor one out?
With my job I get some information before others. One of the pieces is getting a heads up about investigations for HR etc just so we can put items on hold or setup some monitoring etc. Normally the folks are either ones I don't know or ones that in the back of my head brings a smile since they're pretty much a hole anyway. Today was different one of my co-workers (in a different group but still IT) has the process started for them. HR reached out and asked for my part to start. There a chance they'll survive but it rare.
It one of those things we talk about it and at the end of the day we know stuff like this is part of the job and even though you want to tell them to run, you can't really. It just easier when it someone you really are rooting to be kicked out of the building.
The only saving grace is knowing there a reorganization coming up that is suppose to be a mess that hasn't been communicated out to everyone. At least the person won't suffer like I know we all will, dealing with that.
https://redd.it/1mv39kr
@r_systemadmin
Job Hugging
I saw an article on Reddit about “Job Hugging” meaning people are clinging to their jobs out of fear with all the instability. I turned down a very, very nice opportunity for a new branch of an established company last year in the EV space and one of the driving factors of that decision was all the unknown around the EV market going into 2025. About 4 months after my would-be start date in January they shuttered all construction on the facility indefinitely and are laying off pretty much everyone including some of the people I interviewed with. I think I’ll hug my Job very tight for a while!
Bullet dodged!
https://redd.it/1muubof
@r_systemadmin
Is requiring CTRL ALT DEL to logon or unlock Windows a useful security policy?
Does this still have value to mitigate Windows security threats in 2025?
https://redd.it/1munwzf
@r_systemadmin
client, as the accounts are already gone.
This seems to be an edge case where someone could lose a great deal because GoDaddy deleted Microsoft accounts.
I would think there should be a well-defined way that Microsoft accounts could move from paid tenants to free accounts.
In this case, thank goodness, there were no Bitlocker'd drives or OneDrive usage or other info stored in the Microsoft accounts. The C:\User files were still there and I could recover them the hard way, as it was not possible to login to the PC. There was never a local account.
https://redd.it/1mumwfb
@r_systemadmin
Shadow IT Queen Strikes Again
We set up a brand new Windows Server 2025 so everyone could work faster, safer, and from one place. Old workstations are basically thin clients now. Simple setup and takes care of a lot of "My computer is running slow" issues...
Except one user — the Shadow IT Queen. She refuses to use the server because her Chrome bookmarks weren’t there. Instead of calling me, she “fixed it herself”.
I only found out of her activity when I ran query user logs on the individual VM. When I pay a visit to her office I find out she hasn’t been saving anything to the server anyway. I have to transfer the difference, but she took care of that too... Because she’s been emailing all her files to herself.
She breaks compliance every chance she gets. Shadow IT Queen doesn’t just bend rules, she invents new ones, and new ways of doing things.
Long live the Queen...
https://redd.it/1mulz8b
@r_systemadmin