Elsewhere on the internet...

The League of Reason has some social media accounts! You can find us on Facebook or on Twitter for some interesting links and things.

My current nightmare at work.

Post new topic Reply to topic  Page 1 of 1
 [ 4 posts ] 
My current nightmare at work.
Author Message
DustniteUser avatarPosts: 506Joined: Wed May 27, 2009 9:11 pm Gender: Cake

Post My current nightmare at work.

Hey guys,

If you don't already know I'm a systems administrator for a small MSP and I was tasked with taking a predominately Mac OS X (mixed version) environment with some Windows XP, 7 and various linux OS mixed in and combine it into one directory for single sign on. I'm talking literally 1200 Macs, 400 Windows computers, and about 100 linux workstations mostly running red hat.

Now, the fun part was when I got there this school had zero documentation. I did not have passwords, IPs, DNs or even a network diagram to figure out how this whole smash was running. After heavy use of ophcrack and single user mode (Macs are super easy to get into), I finally got the whole school pushed over to one local administrator account and during this process I discovered that the school had 6 existing seperate domains.... Yep, all binded to different domains and some to servers that didn't exist anymore!

I proceeded then to find all the servers located on campus, which happened to be in the most random places you could imagine... For example, found their accounting server with all their payroll sitting in a janitor's closet plugged directly into the wall with no redundant power....With no password...Awesome.. After a couple weeks, I found most of the hidden servers that were all supplying their own seperate DNS entries (awesome) I was finally able to bring my main directory online (Active Directory) and start pushing everything onto that.

Not so fast....Macs can't be controlled by Group Policy using just Active Directory you silly sysadmin. In the past, I've only had to deal with maybe 20 apple computers in a photography lab which is pretty easy to do with managed services, but we were talking a massive amount of Macs with no existing Open Directory to deliver a schema. So, I had to build an LDIF file from scratch taken from various scripts online mainly because 800 of these macs are still running Tiger which supports none of the newer 3rd party solutions for this even... My life is going great at this point...

So this week the system is fully operational under one single sign on using Active Directory and Group Policy with an extended schema for apple attributes. Linux took me 30 minutes to configure... Macs took me a better part of 2 months to complete. This was probably the worst network I've ever had to bring online and I still have to rebuild their 12 year old infrastructure over the summer as the entire building is cabled with CAT 3 :\

Ya, the fun never stops..
"But this is irrelevant because in either case, whether a god exists or not, whether your God (with a capital G) exists or not, it doesn't matter. We both are, in either case, evolved apes. " - Nesslig20
Tue Mar 26, 2013 8:13 pm
ProlescumWebhamsterUser avatarPosts: 4998Joined: Thu Dec 31, 2009 8:41 pmLocation: Peptone-upon-Sores

Post Re: My current nightmare at work.

Ouch!
if constructive debate is allowed to progress, better ideas will ultimately supplant worse ideas.

Comment is free, but facts are sacred
Tue Mar 26, 2013 8:29 pm
Master_Ghost_KnightContributorUser avatarPosts: 2630Joined: Sat Feb 21, 2009 11:57 pmLocation: Netherlands Gender: Male

Post Re: My current nightmare at work.

Wouldn't it be easier to do it from scratch?
"I have an irrefutable argument for the existence of...." NO, STOP! You are already wrong!
Tue Mar 26, 2013 11:00 pm
DustniteUser avatarPosts: 506Joined: Wed May 27, 2009 9:11 pm Gender: Cake

Post Re: My current nightmare at work.

Master_Ghost_Knight wrote:Wouldn't it be easier to do it from scratch?


It essentially was, but I had to demote everything so I could bring all the computers off their seperate domains and then deploy the new AD which I did through Apple Remote Desktop and unix script. I should also note that every computer in the network had been STATIC assigned their IPv4 including DNS.... Yeah...

*EDIT* The DNS servers for half of these computers were defunct so the end users had not even been going onto the internet because domain names couldnt be resolved. Go figure right?
"But this is irrelevant because in either case, whether a god exists or not, whether your God (with a capital G) exists or not, it doesn't matter. We both are, in either case, evolved apes. " - Nesslig20
Tue Mar 26, 2013 11:09 pm
Post new topic Reply to topic  Page 1 of 1
 [ 4 posts ] 
Return to Developers' Corner

Who is online

Users browsing this forum: No registered users and 1 guest