Systems Triage

Most of the stuff on this list needs to be carefully to not heavily disrupt existing services, and carries risk of destruction if done incorrectly.

DNS Issues

• Move DNS out of samba
• setup reverse dns zones
• fix dhcp integration

Samba Issues

• SSL configuration issues
  • Issue server certs to dc's
• Provision dc02
• Decomission bob
• Fix DNS issues
• Work out IPv6 issues on bob
• Add unix attributes to all accounts

Internal CA

• Move to dedicated machine from bob

Reboot Fails

• nginx on bob
  • Failed last time it was rebooted, appears to be DNS related. I believe I fixed it, but havn't tested it yet --Hef (talk) 19:44, 18 September 2014 (CDT)
• Some of the vms don't wake up, despit having the "start on boot" option checked.
  • The DHCP server is notably not starting on boot.

Second Domain Controller

• Justin joined a second domain Controller to the domain. It replicates, but did not get it's dns entires created
  • The samba guys recommend setting up and using bind. This has a couple issues:
    • Samba has dlz support for bind 9.8 and 9.9, but not 9.10, which is what we are on. Iv'e started working on a patch: https://github.com/hef/samba/
    • getting Bind workind with samba_upgradedns nsupdate is an option, but I havn't been able to get it working https://wiki.samba.org/index.php/DNS_Backend_BIND#DNS_dynamic_updates_via_Kerberos_.28optional.2C_but_recommended.29

All things samba related pretty much have to be tested in a dev environment, which means setting up your own personal samba AD domain.

Move VPN off of bob

Having the VPN servers on bob makes samba detect extra interfaces that are not easily routable. The vpn services should be moved off the domain controller

All proxmox VMs need to be on the raid

A few proxmox VM's have been created on the their hypervisors local hard drive. The option to do this has been removed, but the machines that were originally setup that way still exist.

Moving machines off of the local drives on onto the san/lvm setup sounds tricky, and I haven't looked into how to do this yet. --Hef (talk) 19:44, 18 September 2014 (CDT)

GPO Updates

• All windows machines hooked into hardware should have GPO settings to disable all power saving settings.
• Enable remote desktop on workstations

User caching

This came up on the mailing list. The relevant Microsoft article is here: http://support.microsoft.com/kb/172931

It looks like a good idea, but the article doesn't reference windows 8. If it works on windows 8, it looks straight forward to add to the GPO.

Sysvol syncing

samba doesn't do automatic /sysvol replication. An automatic syncing process should be setup between bob and dc01. see https://wiki.samba.org/index.php/SysVol_Replication for reference.

Systems Monitoring solution

We had an nagios instance. We don't now. A general purpose monitor solution would be nice. A lot of our equipment seems to support being monitored.

• Deploy montoring VM
  • Install & configure nagios
  • Install & configure cacti

Backups

I have a test setup for all saltstack configured boxes to be backed up to glacier. --Hef (talk) 20:00, 18 September 2014 (CDT) The space should get an aws account with glacier, and all existing backups should be pointed at that instead.

Enable Remote Desktop for Domain Admins

Enable remote desktop for domain admins as a gpo setting.