Took a school admin job - wondering if I should resign
Posted by plonkster@reddit | sysadmin | View on Reddit | 281 comments
Hi all.
So I took an IT manager position at a north-european school. It's been a couple months and I'm seriously considering just giving up and looking for something else. Looking for opinions / advices.
I'm basically a Linux person, did a lot of Linux sysadmin and like 10 years of development in various sectors, mostly C and PHP, a lot of scripting and such as well. Worked a lot with AWS / Terraform, moved on-prem infrastructures to cloud.
After moving to another country for a reason unrelated to work, I had to find some kind of job. Couldn't land anything I was good at (mainly coding). Never got past the initial interview phase, even for jobs I was super mega spot-on qualified for. Like the job was made for me and I could absolutely kick ass at the position as I had experience in successfully building precisely that niche thing they were trying to build. They didn't want me. Over and over again. Whatever.
After a year passed, I was getting nervous and started applying to mostly anything IT-related I saw. I applied for that school sysadmin job. The description didn't really give that much detail other than that they used GWorkspace and MS365 and that experience with school software was a plus. Other than that, it didn't even mention Windows.
I was desperate to find work so I just went ahead and was very happy when they made me an offer that I accepted.
Fast-forward to today. I'm the only IT guy for the whole organization. The job feels like a trap.
Around 500 devices of all kinds for well over 1000 users. Windows laptops and workstations of every possible manufacturer, model and version. Chromebooks. Macbooks. IPads. Phones. A salad of old network equipment and an outdated firewall that is no longer receiving patches. All of that network equipment has a hard time talking to each other as they are all very different. Several physical sites. They use MS365 and Google Workspace, as well as just vanilla local Office installations with network shares all around.
Active Directory. (I only heard the name before, I literally had no idea what does Active Directory do before I took that job. It wasn't on the job description.) Dozens and dozens of weird Windows packages they use to teach. One package is so old that you can only find references to it on archive.org, no installer to be found, have to deploy an already installed directory and do registry hacks to make it work. There's not a hint of anything resembling security. A dozen of different Windows servers in a server room.
About a dozen of different MDT images as the hardware vendors are so many. Little useful documentation, mostly outdated. I found most stuff by using tcpdump and nmap. A quadrillion AD policies. Everything is hardcoded. Disabling an ex-ex-ex-admin's account on AD immediately broke a bunch of stuff. Had to reenable it again.
Most non-Chromebook users have some of their precious files on local drives. When their 15 years old laptop finally no longer boots, they bring it asking to recover the files which sometimes can take a while. None of them thankfully knows what disk encryption is.
After two months, I have yet to find out who/what is handing out DHCP leases. I suspect multiple things do.
I don't know where to go from there. Just maintaining this mess is an option, but the number of everyday issues is too high. The workload is too much to be sustainable in the long run. They burned through several admins who stayed for a few months / a year or two before shaking their heads and walking away.
"Cleaning up" the whole thing doesn't appear possible. Touch the smallest thing - you get a call about something else no longer working. I'm not skilled enough in Windows admin to do it properly. I suppose you'd need quite a knowledgeable guy to do it transparently without it costing money or disrupting activity.
None of the Windows clients are up to date. Windows Update is actually disabled on purpose. I don't know which purpose. Nothing pushes any patches anywhere either. Maybe because the hardware is so diverse they just had too many issues with patches and decided to just no longer patch. Some computers haven't been patched in 4-5 years. I ran into one case that hasn't been patched since 2018. I'm not making this up.
They never had the time sync working, most workstations were out of sync. I managed to get that working and that felt like an achievement. Nobody complained about no longer being able to work/teach.
Rebuilding the whole infrastructure isn't an option. They have no money to invest, and it works as it is, they just need to find a new unsuspecting admin every once in a while.
Moving everything to MS365 or GWorkspace sounds very promising, but they are used to their programs and like to edit old-school files with Word 2016 or whatever the hell it is for this particular user. They don't like MS or GW web versions of email. Etc etc.
What would you do? Wondering if I should just go ahead and start looking for another job.
Sometimes I get wet dreams of removing everything, sticking a big Linux or even BSD box in the server room, unplug all the rest, buy a bunch of old X11 terminals (or even serial consoles) somewhere, and have everyone use bash, vim to write their stuff, mutt to read their email and so on. Lynx for web access. And have them all maintain a finger file. LIKE WE DID BACK IN THE DAY.
Comfortable_Gate_856@reddit
I feel like everyone in here is giving pretty good advice, just thought I'd throw something in about the DHCP iss specifically.
If they set it up correctly it is probably one of or multiple of your domain controllers. An ipconfig /all on a windows device will also tell you the IP it got it's DHCP lease from. That should at least tell you the subnet the device is on. From there you can look at the arp table to get the MAC. That should let you figure out what switch port it is on (here is to hoping all your switches are manged). Worst case scenario from there you can tone it out. Hope this helps.
East-Background-9850@reddit
This is normal for schools. I'd audit the entire environment and then have a meeting with school leadership explaining the issues you've found and the risks they present. You need to be able to take each infrastructure issue and translate/link that to their ability to teach/learn as that's what they understand. They'll either be receptive and find ways to help including finding budget for it or they'll brush it off. If you have their backing then this would be a really interesting and rewarding job but if they have no will to improve things then I'd bail.
dr_z0idberg_md@reddit
Lol one person handling 1k users and 500 devices? Eff that.
leclair63@reddit
That's pretty constant in education. The consortium I'm a part of has a few districts with more than a thousand students and only 1 dedicated tech staff.
I worked a district of 800 students and 120 staff alone. The average day needed only one person. But the busy days (beginning and end of the years, testing season, etc) always felt like there wasn't enough of me to go around.
If you have good staff, especially good supportive admin above you then it's not too bad. Spineless admin and it's suddenly hell.
Dalmus21@reddit
I'm technology director for a contractor that manages the transportation for about 50 different districts of all sizes. Some of them don't even have dedicated IT department at all. They have a break/ fix relationship with an MSP, and often a single sys admin will service several different small districts in an area.
Through necessity, I've had to become proficient in several different SiS environments so that we can do OUR jobs without waiting for "the Skward guy" to reach out to the traveling sys admin that does work for them every second and third Tuesday of the month.
leclair63@reddit
Yeah, in my last job I was the entire tech department, and did the majority of the non-MARSS SIS work, as well as all building security (door access, badges, and cameras)
Dalmus21@reddit
Lol. I was the same. "Technology Specialist" for a 30 location company, by myself. We do have an MSP for big projects and for backups, but obviously more expensive for them to fix printers and provision computers than me.
I just got promoted to Director and was allowed to hire a support tech. Thank goodness! I'm paid well, but 24/7 on call wears thin after a while!
JWK3@reddit
It would be tough if you can't automate and lock down everything, but 1000 school users is nowhere near as taxing as 1000 adult/corporate users.
I used to work in a school of something like 1000 students, 200 staff and around 500 devices, as an IT team of 3. It was tough, but that was because it was a low wage org and therefore had 3 inexperienced technicians.
dr_z0idberg_md@reddit
Even with full automation, 1k users with one person handling what seems to be everything (helpdesk, sysadmin, and networking) is just nuts. My wife teaches a fairly affluent school district in southern California serving over 1,500 staff and 10k students. I thought their support staff of 5 helpdesk, 2 sysadmin, and 2 network engineers was bad. Granted, you don't really assist the students, but still. Pretty wild. It takes almost a week to receive a response from the helpdesk. It took them almost a month to replace a bulb in a projector.
JWK3@reddit
yeah on reflection it would still be nuts. Not on the same level as the equivalent corp users, but you'd still see enough PEBCAK issues and consumables/repair issues for a FTE before the actual sysadmin stuff.
Madmasshole@reddit
On the flip side, if all of those child users get chromebooks it turns into an absolute nightmare with dealing with physical damage. None of the school people want to be responsible for it so it ends up on techs hands. We have a full time person who's main job is just dealing with broken Chromebooks and sending out bills for said broken Chromebooks.
LegalWrights@reddit
Meanwhile over here I'm like, pretty sure my last job had 3 people managing over 3k devices. XD
drozenski@reddit
Managing a bunch of devices is easy if the infrastructure is in place. But yeah 3k devices is in need of a team of 7-8 minimum even if it was one site.
LegalWrights@reddit
Even then I'd be genuinely shocked if a school didn't have SOME kind of infrastructure...
DattiHD@reddit
I am not shocked by the device per admin ratio but by the fact that there is just one IT guy. And maybe the day will come where this brave admin is going on a backpack-vavation without a laptop. And then, there are zero IT guys.
dr_z0idberg_md@reddit
I've always wondered about those one-man IT companies. What happens if that one guy quits, goes on vacation, calls out sick, goes on leave? I've been at a 200-user company with one person as the helpdesk person, but he also had two devops engineers that shared the sysadmin duties with him.
DattiHD@reddit
My first IT job was in a startup where I was the only IT guy who managed Network, Servers, AD, CRM and did some coding. Never being able to switch off after work nearly drove me into a burnout.
Apprehensive_Bat_980@reddit
Eff that indeed
ScotTheDuck@reddit
How on earth did you even get through an interview
j2thebees@reddit
I worked for a large company that was Windows-centric (as db web dev). I knew diddly about AD, but studied up before interviewing at a university years later. I laughed with the DBA, network admin, and others when the DBA asked if I could manage AD. Made a joke like, “Forests, trees, all that jazz.” then a follow up revealed I didn’t know it (which I had masterfully escaped answering before). 😂
I told them I always learned whatever was needed (which sufficed). This was a 4-hour interview with the IT director and her boss, the help desk folks, and programmers and admins (3 individual interviews). It took place in Aug, and I didn’t get a callback until Dec. Started in Jan and worked 4.5 years. Generally had a blast, and not a single AD domain was running until experiments that were done just before I left. One dedicated Windows box in the server room, along with maybe 15-20 Linux boxes (and later VMs on blade servers, again 95% Linux with Oracle dbs).
OP would have likely fit right in. I’m back in a Win-centric world where 5-10% of your time is spent making MS stuff do what is says it will do. I remember at the university, the DBA once asked an older admin how long a Linux server had been running without a reboot. He said just over 5 years, and the last time he rebooted it really wasn’t necessary. Kinda left me longing to embrace such a darling architecture, but alas I pursued other things.
Hope it works out OP. My parents taught me (through different methods) to either make work fun (even if digging ditches) or channel anger into productive work. That said, if the money was the same, I would occasionally vote ditch. You either do physically demanding work and sleep good at night (in a smaller residence, having eaten cheaper food), or use your brain constantly (in a larger house, with a lot more food, and stress).
I can remember glory days working at a sawmill. What I don’t remember is how broke I was. Guess I’ll go back to the desk on Monday.
KeeperOfTheShade@reddit
I'm not surprised. His experience mirrors what we have over here in the states. Jobs that you're 120% qualified for, you don't get looked at twice if you're lucky to get once. Meanwhile, the jobs where they just need someone, they assume you know what you're doing when you applied for it and hire you.
The entire system is just not great.
oldspiceland@reddit
For every person like OP there’s some guy who knows Active Directory by heart and is using ChatGpT to program some major software package feeling the same way OP is.
Hefty-Amoeba5707@reddit
That's me. Have to maintain python scripts that talks to Shopify via API/graphl to update our inventory/orders/prices between multiple warehouses databases. Faint idea how the script works. If Shopify updates it's API or if someone updates the warehouse DB schema in some way. I'm toast.
mrmattipants@reddit
You're telling my ChatGPT actually produces scripts that work?
Think-Load-8654@reddit
Yes! I use it daily for this.
Billtard@reddit
Not op but in my experience it works or is close to working. The skill with working with it is knowing enough to figure out what to change to get it working. I’m a jack of all trades, master of some type of sysadmin. I can read code and understand what it is doing. For me the AI systems are really helpful in translating my (English) words into code that I can manipulate.
oldspiceland@reddit
You know what else works? Copying and pasting scripts off of stackoverflow, which is all ChatGPT is doing, just usually worse than the original scripts.
hejtmane@reddit
I usually start there and use AI to help with me between the two i can cobble together a script that I can do what I need it to for what ever
mrmattipants@reddit
I was mostly joking, but yes, that has been my experience, as well. I've used it a few times to assist with writing PowerShell Scripts and the scripts that ChatGTP spits out rarely work off the bat. That is unless, of course, you ask it for something simple (such as a single Command/Function).
Of course, that it just the nature of the beast, especially when you have various Windows Client & Server Operating Systems in production, each with different Windows Update Packages applied, etc.
Bmittchh0201@reddit
Your company relies on Shopify API to get their data? And you do not have any say in the companies DB schema but you are in charge of making sure the data is inserted via the scripts?
Hefty-Amoeba5707@reddit
Pretty much. Inventory and prices are mostly ready from the db then pushed via Shopify API. Orders they gave me write access but not be able to change the schema. Had to massage the data to fit the schema.
Backieotamy@reddit
I concur.
How did he get through the interview, in an MS shop without any questions on AD, GPO/GPPs, DNS, DHCP etc...
They set both OP and themselves up for failure.
mercurygreen@reddit
Because the person that he interviewed with runs a school, NOT a network - or any type of I.T. services.
This is actually FAR more common in specialty industries (law/medical/accounting/education offices) than you'd think.
of
dark_frog@reddit
It ends up going the other direction. That's why you see MSPs that focus on dentist offices .
mercurygreen@reddit
AND law/medical/accounting/education offices...
yumdumpster@reddit
Hes the only admin. I would imagine they had no one technical who knew what they even had.
Accomplished_Disk475@reddit
Exactly, no one left to ask those questions.
Library_IT_guy@reddit
This was how I got my first solo sysadmin job lol. Had no fucking idea what I was doing, but honestly? Managing Windows servers and a local domain + Google Workspace was very easy to pick up. AD, DHCP, GP, etc... all pretty easy to grasp if you're willing to do a little reading and already have good technical knowledge. It all just kind of... made sense to me. I had taken some CBT, trying to study for MCSE, and I found that being explained how those technologies worked in a classroom setting was extremely difficult to grasp, but learning them on the job was very easy.
I was lucky though, in that the first environment was fairly small and had been well set up by the previous admin.
Now, trying to "fix" the ancient Linux web server that kept falling over once per week when I had NEVER touched a linux server in my life? THAT was hell to learn.
BeltOk7189@reddit
That stuffs all pretty easy to grasp. The hard part in edu is the political side of things. All the changes that really need to be made that aren't because the non IT people are so resistant to change.
Backieotamy@reddit
I mean I did read that he was the only IT staff... and apparently decided at least HR wouldve had someone ask relevant questions but good point.
midcap17@reddit
Because the place is not an MS shop in any meaningful sense in the word. It's a we-taped-together-random-shit Shop.
Most likely, the people who hired him had also never heard about AD.
BurdenedMind79@reddit
If he's the only IT guy there, then chances are nobody on the interview panel even knew Active Directory existed.
Honestly, I can't count the number of times I've had to deal with an IT manager that knew nothing about IT purely because they were hire by a director who knew nothing about IT.
Witte-666@reddit
I'm not surprised, I almost missed my first job in education because the person in charge of finding the new "IT guy" had no idea what a sys- or networkadmin was. Luckily, the interim sysadmin working there part time saw my cv. on the table, and I landed the job. Fast forward 6 months, and I was replaced by an English teacher who had never seen a server or touched a network appliance in his life.
RandomLolHuman@reddit
They were just as desperate as him.
To OP: But the possibility to learn here is enormous, though.
Active Directory is very simplified: LDAP, Kerberos and DNS. It's actually amazing at what it does.
Set up a virtual Windows lab with a couple domain controllers and a couple of clients and start labing. Use Linux as host, passthrough a PCIE nic and get physical.
Just learn as much as possible and build a resume.
jbourne71@reddit
Why does OP need a virtual Windows lab when their employer already provided them one!
TKInstinct@reddit
I might not rock the boat too much, seems to be held together with duct tape as it is.
jbourne71@reddit
That’s the point—duct tape can dry out and provide an “excuse” to upgrade.
TKInstinct@reddit
I agree but you might wind up doing something and going into disaster recovery mode so there's a fine line here.
jbourne71@reddit
That’s why you do all your “learning” on Mayhem Monday, Tinkering Tuesday, or Why Not Wednesday.
You don’t push your luck on The Fuck Was I Thinking Thursday or FUUUUUUUUUUUCK MEEEEEEEEEEEE Friday.
SoonerMedic72@reddit
This is so much better than our "No Change Fridays"
Ok-Hunt3000@reddit
I cackled man. I love a why not Wednesday. Fuck it, push the whole open Intune baseline to HR
itadvantage@reddit
LMAO I'm stealing this shit.
jbourne71@reddit
Please do, and feel free to take total credit when you use it with your friends and coworkers.
SenTedStevens@reddit
Call it The Bourne Chronology.
itadvantage@reddit
Oh I will! At least you can take some solace in knowing you're my ghost writer.
jbourne71@reddit
I just want people to laugh 😀
TKInstinct@reddit
I love this.
jbourne71@reddit
It used to be just “Fuck Me Friday” but then I moved into management.
UNAHTMU@reddit
Evil. 🤣
Thyg0d@reddit
"we don't test on animals, we test in production."
sajithru@reddit
Need this on a t shirt
jbourne71@reddit
Save the turtles! Don’t use plastic straws and always just do it live.
plonkster@reddit (OP)
LOLd IRL on this one
Technobilby@reddit
Same as the rest of us, so that they can see how the processes are meant to work before they crash out in production.
jbourne71@reddit
Orrrrr we could just run this powershell script on the DC that ChatGPT wrote for me and see what happens.
Moist-Chip3793@reddit
Everybody has a test environment.
Some are just so lucky, they have it separate from production ...
Jofzar_@reddit
Yeah there's a perfectly valid dev environment that has the name Prod right there. Idk why prod means but it's where all the best development testing happens.
jbourne71@reddit
I looked it up in the dictionary. Apparently "Production", sometimes stylized as "production" and frequently shortened to "Prod" or "prod", is a "not-so-subtle hint that you should engage in 'lifelong learning'", whatever that is. Urban dictionary says it's a "developer's wet dream"...
lostdysonsphere@reddit
Depends on whether op wants to though. I don’t know AD/Windows and sure as hell don’t give a flying F about it. If they’d shove that in my basket without telling me I would step away from it. Don’t ask a butcher to suddenly work in a bakery.
plonkster@reddit (OP)
That's the thing. The last thing on earth I want is to become good at is Windows. I don't even have a Windows comp at home.
RandomLolHuman@reddit
Sure, but would you apply at a job like the one OP landed?
TKInstinct@reddit
They're a previous Linux administrator so why not stand up some Samba servers and whatever the Linux equivalence of AD is.
RandomLolHuman@reddit
I thought about including something about that, but with cloud and that myriad of devices, I think Windows server would be the way to go.
Maybe a Samba fileserver could be useful, though. Could even make an HA setup.
Finn_Storm@reddit
It may not have been in the job description but anyone working in it should probably know that schools can be a hot mess with a mixture of OS & implementations. Besides, that's what probationary periods are for, and it sounds like OP needs the money
CharcoalGreyWolf@reddit
This.
jordicusmaximus@reddit
This is good advice. There is also the opportunity to ask if they might be willing to hire a student helper that you could offload some of the more basic time consuming tasks while you untangle things. Add management to the CV! The main thing to protect here is your sanity. You didn't start the fire, so ensure you preserve your peace, and do things methodically. If you don't already have a ticket system to triage incoming requests, do that first. Clearly communicate what an urgent matter is, and give yourself a really large time window to deal with things that aren't.
How I would do it for untangling things, is to start with a small group of users/devices. Get them into a state of "this is how I want things to be." That group becomes the standard, with standard software setup/hardware/updates/monitoring. People who need a replacement machine would get the new standard.
Before doing this though, I would do some discovery. Create a new OU (active directory folder), right click on it and "block inheritance" from policies above it, then put a single test computer in it. Create a blank policy in that new OU. When certain things aren't working on the computer in that group the way other machines in the network are, you find those settings and change them in the blank policy you created. Get familiar with how GP is applied, it is super powerful and can effect everything a machine does or acts.
You're in a bit of a unique position in that you can basically dictate how the policy/standardization is implemented, and any complaints you can just smile at. The key here is being methodical. You can't change everything all at once, a situation like yours can take years to get into some semblance of good.
Endpoint Inventory is also good place to start once you've figured out what you want your base configuration to be. Once you know the oldest crap that needs replacing, you start building your new standard machine from there. Those users get thrust into office 365. Some licensing comes with local install options for office, so if they really want it, you'd just get them to make their case to whoever gives the money(my guess is that they will come back to you nodding their heads sadly in compliance with the new norm).
That's a lot, sorry for the brain dump.
Mirkon@reddit
No need to apologise for the brain dump, it's a good one.
rhs408@reddit
This is all good advice as well
ExtensionOverall7459@reddit
Because folks at schools have no idea about it. He was probably interviews by the principal of the school, who has no idea what active directory is either. I work for schools, trust me I know. The people doing the hiring often times don't know anything about the job they are trying to fill.
DeadStockWalking@reddit
The interviewer probably didn't know shit about IT and OP "seemed smart".
darklordpotty@reddit
Even interviewers who know about IT will hire someone who seems smart if there aren't any other good candidates. Just the luck of the draw sometimes.
dark_frog@reddit
I'm not convinced that interviewing is better than chance
loupgarou21@reddit
It's a school. They're almost certainly underfunded and likely had no one on staff that actually knew how to evaluate their needs. They almost certainly have gotten to where they are by periodically lucking out at hiring people that are reasonably capable, but inexperienced, but as soon as they have enough experience to get paid more, they move on. That is probably interspersed by hiring people that aren't as capable, and they try for a bit, and eventually leave because they're overwhelmed and not able to figure things out.
mcfedr@reddit
OP sounds like a solid guy
Keeper-Name_2271@reddit
U telling learning n knowing stuffs has anything to do with getting a job
Wanderer-2609@reddit
Sounds like you are a developer and went for a sysadmin job. I would def be looking for a job that suits me before I get punted.
ezoe@reddit
A fully-qualified person will never accept a job like this mess. You need a moral low enough to not quit in the first day.
mademeunlurk@reddit
The interviewer had also never heard of AD. Typical
ChromeShavings@reddit
Like this:
“Do you know what Active Directory is?”
“Yes..?”
You’re hired! 🤝
Lord-Of-The-Gays@reddit
Bro used ChatGPT during his interview 😂
chefnee@reddit
The school system didn’t know what AD is as well. “Oh well, he’ll figure it out”, says the hiring manager.
stonecoldcoldstone@reddit
are you joking? do you know how shit schools pay? they are literally happy if someone makes it longer than a year.
dotme@reddit
And some of us won't get Level 1 Support with all those skills.
curi0us_carniv0re@reddit
Because the people doing the hiring don't know what active directory is either.
Go ask any principal if they know what active directory is lol
phobug@reddit
It wasn’t in the job posting so 100% it wasn’t asked in the interview. Most likely conducted by HR person and School administrator so fat chance of them knowing about the existence of the AD ;)
awetsasquatch@reddit
That's right about where I stopped reading and came to the comments lol
drozenski@reddit
it wasn't an interview. It was a "Oh you know tech stuff, you're hired"
Old MSP i worked for did the same thing. They just wanted a butt in a seat. Made for some of the worst working conditions ever. 4-5 Rock star people held up the other 9-12 seat fillers.
Fake_Cakeday@reddit
The interviewets also had no idea what they needed.
They probably barely know what they have other than the user facing apps and whatnot....
TerrifiedRedneck@reddit
Came to the comments looking for this. It was my first thought when reading it.
darksoft125@reddit
Education sector. Enough said. 99% of the time they care more about having a degree over experience doing the actual job.
The_NorthernLight@reddit
This is both hard, but also an incredibly good opportunity.
You can look at it like its something you have to live with, or you can break it down, into bite-size chunks, and work on it from there.
If this was me, I'd start a high level documentation of the basic network configurations. Resist the urge to fix stupid shit right away. Just Document. Makes notes of those stupid things, and plan for their fix.
Compile a list of all obvious issues (besides the hodgepodge of devices). Identify the software that cannot be upgraded/patched to latest, and start looking for alternatives, or a way to have the original vendor build an updated version (this goes hand-in-hand with the next steps).
Then, go to the school and start working on funding updates to fix all of the issues.
Sort out security and access first, then move to securing data against user loss (use Onedrive for staff, etc). Remove devices that cannot be secured, or are causing the majority of your support calls.
As funding starts getting sorted out, plan a move to Intune (since you are already M365), centrally manage all of your devices, and get your network secure and stable.
Once you've gotten this far, you'll have learnt a shitload (since you know Linux, windows is actually easier), and this is the kind of job that will secure your employment for easily 3-5 years. Once you hit 5 years, you'll be considered the senior person for all these changes, and will secure your job even more.
These jobs are challenging, but can be incredibly rewarding. I'm just getting to the 4 out of 5 year mark on a project that is similar to yours. This is also the 3rd time I've done this in my career, so lessons learned, and all that.
Or jump ship, and always wonder if you could have figured it out.
nico282@reddit
I’ve seen briefly a similar situation as a consultant. It is never an opportunity, if you have to spend all your time struggling to keep the boat afloat. The whole day is spent in everyday tasks and putting band aids on urgent issues, all the wonderful chances to experiment, learn or improve will end in a “next thing to do” that only grows and gets postponed.
I started building an “improvement tasks” lists on Azure Devops adding maybe 30 items. When I left the company, the list was 120 items long, maybe 5 or 6 were done.
The_NorthernLight@reddit
As a consultant, I agree, its not an opportunity. As an employee (who had trouble finding another job), it is.
I've done it from both side of that coin (I did consultant work for awhile as well), and yes, I agree, its a can of worms not worth going after, unless you can secure a huge budget.
If, however, you are doing it as the sole IT employee, and you understand how to get funding, then it can be a guarantee'd (and weirdly rewarding) job. Yes, there will be frustrations and hair pulling at the start. But if you have a plan, and can get school admin buy-in, its worth it. If they say, "no budget"... well then I'd start looking for another job, and jump ship.
Own_Indication4783@reddit
This is the answer. To add here, I would communicate the issues and let them know of the situation so they are aware and your future projects/fixes are recognized and appreciated.
Dalmus21@reddit
To add, in the States, there are a myriad of different regulations and law ms regarding data security for schools. I assume it's the same in the EU.
Part of procuring a budget to fix things is learning how to leverage fear of financial disaster due to inaction on certain key issues... like network/ data security.
Also, on a related theme, even if it hopeless to get funding to fix issues, keep documentation that you identified the issues and that you properly submitted your suggestions on how to remedy them. Keep copies. When a disaster happens and the finger pointing starts, you don't want to be three fall guy.
Accomplished_Disk475@reddit
This sounds like a system that has suffered from a lack of a sufficient budget for years. A reasonable person would not assume that would change just because the school hired a guy that doesn't know what AD is (are we to assume he's the first sysadmin that has identified a deficient budget? I doubt it). 90% of his battle is going to be learning what to do/how to do it (with no one to ask for guidance). It's a lost cause.
The_NorthernLight@reddit
While I dont disagree its an uphill battle, we dont know what was there before him. I've seen this kind of situation left-over from a supposed "IT" Company. Turns out, they were just milking on-site calls for years, and never actually fixed anything (on purpose). Its all in perspective is my real point. He can choose to attack it as a good, learning challenge, or walk away.
Accomplished_Disk475@reddit
Uphill battle... he's storming Normandy by himself (without a rifle).
The_NorthernLight@reddit
Not inaccurate! :D
nico282@reddit
OP said “they have no money to invest”, so this kills most improvement option. Also the mess of different brands of everything sounds like “we get what’s cheaper at the moment” vibes, another red flag.
The_NorthernLight@reddit
Don't disagree there!
mercurygreen@reddit
From the description, it's not something that can be figured out; it's more moving a river. It can be done but only with great care... and you're going to discover that there will be streams where you didn't mean them when you do it.
rhs408@reddit
If he is still there after even a year and they are more or less happy with how he’s been doing, at the very least he should be able to negotiate a sizable raise.
SecretSypha@reddit
They need an IT TEAM starting way before yesterday. Unless you can and want to convince them of that, including paying enough to get worthwhile people, then you should get off the sinking ship as soon as you reasonably can.
TKInstinct@reddit
I don't think so, I agree a small team is a must but OP is in a unique position to do whatever they want. Unless they're completely reckless than they can do whatever they want and have nowhere to go but up.
SecretSypha@reddit
Sure, in theory there is a great opportunity here, it's why I think they should pursue getting a team and be candid with the decision makers. But, being realistic, this is a nightmare scenario in the making. Reading between the lines it sounds like they are in some education or education adjacent institution, which is resistant to change at the best of times (in my US experience). Beyond that they have an incredible amount of tech debt bundled in a horrendous rat's nest of security concerns, and they say that the institution doesn't have money floating around.
With enough effort, they could become the miracle this org needs, but they need the full support of the decision makers, preferably the ability to pick their team, and the budget. Otherwise, this could end up as a void in their career, where they spend a few years swamped in T1 tickets (spanning every device type from every brand across 1-2 decades), unable to breath or get support, putting out fires as more tinderboxes accumulate, until they break and bail.
It's up to OP's willpower, their willingness to wrestle control of this ship, and the organization's response/status. Infinite freedom only goes so far if there are no resources to solve resources problem.
Khulod@reddit
Forget the team, they also need to redo their entire IT landscape from the ground up to get all that legacy mess out.
Thankfully they at least adopted cloud platforms so transitioning can be made a lot easier, but OP clearly isn't an expert on migrating to a new landcape (not saying I blame him, that stuff requires a hefty skillset).
Naturally, nothing like this will happen. This is a school. Those generally don't have the budget to fix a catastrophy of this scale.
Virtual_Search3467@reddit
Yeah, that’s normal.
The question to ask is… what is their position on updates upgrades rebuilding the whole shit show and so on.
I’d imagine everyone is just as frustrated as you are, especially if/when no potential admin lasts for more than a month. Which will only make things worse and worse and worse.
IF you have their backing, IF you have a say in what’s going to be bought for client and server hardware, IF you’re free to do what you think is required… then I say go for it and try and see if you can get another couple hands to help (expect some reluctance there … but maybe a club could be set up to learn stuff and help out at the same time?)
On the other hand, if it’s more of a “don’t you dare do something to mess with this, we’ve always done it this way, dhcp is the devils work, and besides who needs authentication anyway” type of situation, then for your own sake, try finding something else.
Doing something like this can be very rewarding, but if you’ve got everyone and their dog dead set against anything just because, you might as well leave.
Though… you’ll very likely need some people skills. Because even if everyone wants for things to FINALLY work, according to THEIR experience, things kept getting worse instead. So you’ll have your work cut out for you.
Numerous-Peace7408@reddit
Don't know if anyone else mentioned this, didn't read all the comments. But ipconfig /all in a command prompt on a Windows machine getting a DHCP lease will tell you what IP they are getting the ip address from so you can start tracking the DHCP servers down. Also wireshark will help with that as well. I realize its not much help but it sounds like until you find another job you can use all you can get.
thatwolf89@reddit
Most people would kill to get guvern job like you. How much does it pay? Can you ask them to hire help for you
Ok-Guava-3947@reddit
I was the one and only IT person for around 300ish devices at a school. Fun times?
Happy_Kale888@reddit
After two months, I have yet to find out who/what is handing out DHCP leases. I suspect multiple things do.
That does not seem like a hard problem to solve....
ipconfig -a
Noisyss@reddit
The problem is to find physically where the dhcp server is i think
Happy_Kale888@reddit
Go to start somewhere... find the address then the MAC then find the switch it is on etc etc
I thought I had it rough as a sole admin but that place sounds like a hellscape!
Noisyss@reddit
Yes, if he has switch credentials to find using the mac and ip it will be easy as hell, but who knows.
Happy_Kale888@reddit
If it is managed and you have physical access you should be able to reset the password..
SFHalfling@reddit
The old switches one of our clients uses don't have an accessible mac table despite being managed switches.
You used to be able to get it from SSH, but they released a firmware that disabled SSH to force people to upgrade to the next model up.
Happy_Kale888@reddit
He will find it when he has to, like it when it locks up and needs to be rebooted or loses power...
SilkBC_12345@reddit
You asume they are using managed switches.
GlitteringAd9289@reddit
After reading OPs post, I'm guessing they aren't using managed switches...
mercurygreen@reddit
I'm betting there are crappy home routers used as switches, and they're handing out addresses to their tiny little sub-net.
Noisyss@reddit
Tha would be a pain in the ass
Greedy_Ad5722@reddit
Most none tech people assume programmers are tech gurus at anything IT related. I would say documentation of each and every software is in order. Gotta start from somewhere…. XD
megasxl264@reddit
Honestly, I’m going to go against the grain and say that’s about right for education and it’s probably pretty easy to get it sorted out properly if you have the budget.
Coming from a very structured environment I can see how it’s daunting, but I’ve onboarded so many clients with the same story that I’d argue it’s the norm.
You just need to take a step back and stop worrying about the users outside of a basic operational basis. Basically, can they still work? It doesn’t matter how messy it is or what they’re doing. Can they do the baseline for their job. That’s as far as you go in terms of user facing tasks.
The next step is really easy and that’s evaluate what you have. Figure out what your budget is and physically write out the current equipment, the issues facing them, and what would a replacement product entail in terms of effect on environment and users.
Next step is look for wiring diagrams of any form and grab your drill. Open up and test every port you can at every site. If you can’t physically do it contract that out. The biggest issue you’ll face going forward in terms of stability is how well documented the sites are.
Finding the dhcp server(s) really shouldn’t take you more than a day of checking logs. And if you checked the wiring you’ll know where it’s coming from pretty quickly.
Next step is honestly replacing the switches. I know a lot of people would say worry about the firewalls but truthfully they’ll last just fine for years without patches or anyone touching them, just don’t touch them lol. But the reason I said switches is it’s easier to rip out and start from scratch that way. You only need one template.
Any APs can be wiped from the controller. The biggest issue is just figuring out who uses what ssid.
The best part about schools too is they basically shutdown post exam time so you can rip out and change whatever you want with very little complaint. Just send out a memo before the beginning of the fall semester of what will happen going forward.
The reality of this situation is they’ve been operating just fine without you there for presumably years in that mess. A couple more months doesnt matter and it’s not a reflection of your ability if you keep entries of what you’ve done daily to improve it.
entyfresh@reddit
I'm going to disagree with this being "probably pretty easy to get it sorted out properly" as a solo tech in OP's situation. He's outlined a level of tech debt that would take a small team over a year of work to remedy, let alone fixing it by himself and with no budget. To me this sounds like an environment that's essentially guaranteed to be a long-term nightmare.
No matter how much work he does, the environment itself is still full of so many undocumented landmines that major outages aren't an if, they're a when. And since OP is solo with no backup, when an outage happens he has to fix that in addition to all of his normal duties.
This job might have some limited utility for a new sysadmin as an opportunity to learn about general Windows sysadmin principles or use as a stepping stone to their next position, but to me this wouldn't be even close to being worth the stress of the next big outage/failure hanging over my head. It's like IT with the sword of Damocles and no real resources to get to a better place.
52buickman@reddit
Assuming, scope can be defined. I doubt from the description of OP's environment they haven't a clue what they need and why.
redeuxx@reddit
Finding the DHCP server takes five minutes using Wireshark. But this goes to the root of the issue, there is a skill issue. He doesn't have the skills to fix this situation. Suggesting he learn all of this to fix what's already there sounds like a disaster. He needs to hire help or buy help.
MrYiff@reddit
even simpler than this, you can just pop an ipconfig /all in windows and it will tell you your current dhcp server.
If you are tracking down multiple devices issuing dhcp then wireshark may be the more useful tool but to new users it can certainly look pretty scary and complex.
rhs408@reddit
Yeah, this. He needs someone from this sub to become his new best bud… A few have already (and generously) given him some solid first steps to take.
mercurygreen@reddit
"...if you have the budget."
Any APs can be wiped from the controller.Assuming the wireless uses a controller and it's not individual units... and from the description I wouldn't be surprised.
Honestly, OP needs to learn to say "No." and make it stick. Sometimes with file recovery, "I did tell you to back it up to your OneDrive..." sometimes with "This software can no longer be installed on replacement hardware. You can't have it."
CaptainMambo@reddit
You're suggestion are pretty spot-on and the right way to do the job, but you need a team (at least one person to manage to day to day small stuff), a will for the management to improve the situation and a budget.
phobug@reddit
Feels like a pep talk, I think I can go a re-do that school now!
mehgl@reddit
Solid recipe…
rof-dog@reddit
I’ve always found that most Windows environments, ESPECIALLY those in schools, tend to accrue a lot of technical debt. Given my experience, this is the norm. Maybe check out r/k12sysadmin?
Available-Can4784@reddit
I did it for almost 20 years in the U.S. - it was so stressful but SO rewarding. A team of 6 to manage and support 6500 users and 9000+ devices/servers across 12 buildings. NO ONE in IT works harder than school IT.
There is the real opportunity to make changes and to make a difference in the school and the way kids and teachers use technology. Just don’t expect it to be the “real world” … and Linux may not have a place there.
Reaction-Consistent@reddit
This literally sounds like a SysAdmin‘s nightmare. They need a team of 6 to 12 people, half of that team would be running around fixing problems. The other half would be managing the infrastructure. Are you seriously the only person there running that whole mess? When I worked for Saginaw public schools, we had four people that were text, doing the brake fix day-to-day stuff for a dozen or more schools in the district and two people that managed the infrastructure, networking dhcp active directory and so on. And that was a fairly homogenous IT environment, meaning they had one vendor of computer, one or two vendors for printers, only a couple management tools that they used for imaging and group policy and such. The only one thing that would make me stay at a job like yours, and it wouldn’t be the money, it would be if they at least temporarily hired a company to come in and revamp their entire infrastructure from the ground up, new management system for all of the end points, standardize all of the network and server infrastructure, and then maybe higher two or three other permanent admin to help you. If you really want to stick it out, you should look into getting a contractor in there to help out temporarily, set up a new management system, such as configuration manager, and then gradually replace the old systems with the new one. Get everything standardized and updated but man that is such a daunting prospect. I can’t even imagine what you’re going through. Good luck man.
Less_Traffic2091@reddit
Sounds like you should keep the job. You have purpose. You might learn something by creating a steering committee, getting some feedback on what they DO need if anything, and listing out some security priorities. Do they pay for training? Get it. You don't sound like an I.T. Manager, so why don't you use this opportunity where there seems to be little expectation or accountability, and become one. The things you do 'when nobody is watching' [and in this case, when nobody had a clue] are what define your character and can build the greatest skillset.
Meklon@reddit
I'm a "Network Manager" (read, sysadmjn, network admin, software developer, systems integrator, trainer, data manager, cover manager to name a few of the extra hats!) for a UK edu institution and, basically, that sounds like UK education IT at the moment - and it's going to get worse with further budget cuts coming...
leclair63@reddit
Same here in the US for primary education
Weird_Definition_785@reddit
yeah a linux admin ain't cut out for this. You'd have to learn a lot. Doable though.
I'm a school tech and I'd never apply for anything involving linux.
djgizmo@reddit
life is about choices and frame set.
you could look at this and say “this a shit show, and this will never get better”
or
“this is a great opportunity for me to leave this place in a better condition than when i found it”
write down all the issues and what it’ll take to fix those issues.
then give each one of them a priority value (1-3) and a effort value (1 for easy and 3 for hard) then add both those values together for each issue and now offer those from lowest to highest total value.
then present your list to your leaders and state you need resources to take care of top 3 issues.
and ask them how they would like to solve this?
let them fill in the blanks and be apart of the solution
immortalsteve@reddit
How much budget do you have available to fix this shitshow? Also, might want to look at enable the windows subsystem for linux since you're more familiar bash stuff you may get somewhere with that.
However, I feel obligated to say git gud, but I would start with understanding active directory, the windows domain structure/functional level in place, the services your servers are running, and seeing about a standardized image for the machines. In my former environment we were able to move most services over to linux with the exception of the domain controllers, a file server, and a print server. I implemented a base image methodology for getting images on machines (before we moved to intune) and then leveraging a mix of GPOs and install scripts to push the software to the workstations. Enable patching ASAP, the main reason for disabling it is an embedded system you cannot change or laziness on the previous admin's part.
old_school_tech@reddit
That's what I look after 1500 kids 120 staff. 11 years in the job and have done major upgrades, network and server infrastructure. Love it. In what place do you not get siloed into one little specialty box, variety every day. My network now works like magic with over 2500 devices connected. Server infrastructure all upgraded. And the range of devices is crazy but keeps you on your toes and learning. Not for everyone, but I love it. No 2 days the same. Good luck on figuring it out. When I started everything was broken or just going.
Effective-Hippo2760@reddit
Sometimes in life you do what works-best for your employer-others. AND THEN YOURSELF. Some free advice-Grab YOUR BELT Son- Take a good hard look down, and ask -Do i still have what i was born with?
Theitdr@reddit
and this is why the Job market is screwed you either have interviewers that just want a butt in a seat or they will see someone with the best experience and they will skip over him for someone like the op because they either don't want to pay or ect
NETSPLlT@reddit
Happy cake day!
Backieotamy@reddit
Based on everyone's comments and personal descriptions of how common this is; theres a market for consulting/contractor services. For a little more than paying an admins yearly wage you can get a helpdesk, on-call but under 2 hr response time technician (during bus hours) and then a handful of admins who could remotely take care of 95% of any infrastructure builds/issues/upgrades.
I may be a little off, but with a dozen or so of these types of accounts you could employee 4 helpdesk, 4 techs and 4 admins locally and slowly add technicians at 2-3 times the rate you need more HD and Admins. There's a good business here if you can get it off the ground.
thedancingpenquin@reddit
I would look for another job and quit.
yotties@reddit
It could be worse, I remember reading about a school-conglomerate with 500 employees and no dhcp but maintaining all IP-addresses of devices in a spreadsheet.
You can seriously look for other jobs.
In the school, you can describe the risks and put them in meetings and reports. in the end: risk-management is where the issues should be addressed preferably before incident management.
Devices not being updated at scale in these times is too high risk and, frankly, unprofessional and negligent.
I would not go for linux as a way out, I'd rather push for chromebooks. Move most administrative processes into the cloud and have some fat-client stuff beside it, where necessary.
yotties@reddit
Some golden oldies about poorly managed environments with tech-staff having little say.
https://www.reddit.com/r/k12sysadmin/comments/b70bfv/comment/ek2xmi5/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
https://www.reddit.com/r/k12sysadmin/comments/b70bfv/comment/ek0t5r8/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
https://www.reddit.com/r/k12sysadmin/comments/aw4uey/moving_away_from_macos/ehzguk1/?context=3
Revolutionary_You834@reddit
I was the IT Director (and the only IT employee) for a whole school for a year before I finally gave up. It’s a ton of work and I was having to do it all without any support staff, so I have great empathy for you. Here is my suggestion…if they have money in the budget to hire a third party, I would contract with a MSP that can handle all the backbone of the network and anything else you are having trouble with, and that way you can focus on learning AD and GPO. Think about switching to Entra and Intune, and if they have M365, focus on migrating all the file shares to OneDrive (since it comes with M365 and if you have the educational package, they give you like 10 pedabytes complimentary in the cloud). That’s my two cents, I hope it helps :)
KarmicCorduroy@reddit
This is all completely typical for K-12.
The environments are perpetually underfunded and understaffed. There will be no sexy devops cloud here. That shit's expensive. This is traditional IT Ops, and its frequently funded by grants which produce one-off implementations instead of a holistic technology plan.
They'll always be Windows because their crappy K-12 software requires it, along with local Adminiistrator access to work. If you try to fix too much, you're stifling education.
If you don't understand active directory and how to administrate windows workstations, all your programming/scripting is useless. Your best chance, should you decide to stick it out, is to find off-the-shelf products to help diagnose and manage the environment in lieu of "devops".
You're in over your head, and you'll need to make very large adaptations to improve the environment.
Should you successfully bend your square peg into this round hole of a job, you'll have the opportunity for satisfaction in helping the K-12 education process. You'll also have the opportunity for satisfaction in performing a public job (assuming this isn't a private school) which is important to some folks who want more than increasing some company's profits. You'll never be rich. You might get a decent benefit package and better work-life balance than private employment. You might get support for training opportunities to help you and them adapt, since educators have a predisposition toward continuing education.
Some people thrive in this environment. Others subscribe to the latest buzzwords, manage 1000 servers single-handedly (all of them identical), and post frequently on reddit, making fun of people like you doing traditional Ops in an unhealthily diverse environment. You'll have to decide what's important to you and act accordingly.
joshbudde@reddit
This doesn't really sound all that bad. It just sounds like every long running institution thats cash strapped.
If you hate it, continue pursuing other opportunities, and just try keeping things running at the school.
KnowledgeTransfer23@reddit
I've been a school admin.
You have two options: leave (on the best terms possible, documenting everything for the next guy but more importantly telling administration and the school board (if they have those in Europe, I don't even know) the state of IT and that you feel you are not qualified to fix it.
Or, just going by the length of the following paragraphs, the more difficult option...
Leave everything as is and start building everything new. Standardize them on hardware first. Everybody loves a new computer. Build in a life cycle policy. Then start building a new network. Set one service up, like a file server (or just uplift everything into Google Drive and remove any file servers) or DCHP or DNS, then migrate to it. Start with a building, or a department, as a patch pilot group. Maybe Administration so you're not disrupting teachers from the classes. Once proven, add more to it. Then do the next service. Then the next. Plan for it with your budget over the next 5 years.
The good news is, if you build it how you know it (not Windows), you'll have less competition for the job. An MSP who tries to weasel their way in will give the district a huge sticker shock because they'll want to rip out the stuff they don't support and build up a Windows network environment again.
Number one thing is to be transparent with the administration and the Board. The Public, too, if it's a public school.
OkPattern4579@reddit
You describe my exact job for the last 17 years almost identical number of devices and users. If it pays well stick it out you will learn a ton. I may have missed it but I also have a huge VOIP company wide system I manage on top of that. It's a challenge at times and they have offered someone to help on large projects but otherwise it's just me. Pay=worth learning something new
ItzMcShagNasty@reddit
Literally sounds like my first job in 2017 lol. Fresh outta computer repair and networking with my A+, knew very little about admin work, and a rural school nearby had an opening. Sole IT guy for 5 separate campuses.
I relied on old scripts i didn't understand and a deployment server with no documentation! Got by for a year super stressed having to figure out their fax systems, CCTV system, aruba network, etc. Got paid $25k and had to quit after a year. Never had that much responsibility sense but i make far more now lol
Tough it out for a while if you can and send your resume out and you'll find a better job eventually
Visible_Witness_884@reddit
It doesn't sound like you have any fear of losing your job due to end of projects :p so there's that!
jocomal@reddit
That's a school environment for you. The mixture of devices, models, and them using old outdated software is normal. you get into a rhythm of being the only one supporting that many staff and devices. Here's something to help you get through the days. Save the link or save it as a MP3 and listen to it on your way to work. On rough days, go into your office or server room and listen to it there. Also, server rooms, if loud enough, block out the sound of staff with issues calling you. https://youtu.be/92i5m3tV5XY?si=J_YrMduQidyzBDVy
nhitze@reddit
Had to laugh so hard about the Fuck that meditation, thx
nocommentacct@reddit
Maybe start by seeing what you can stand up side by side, using chromebooks and gsuite for everyone. Schools (at least in the US) are moving away from heavy reliance on AD from what I’ve seen. If you can get a group of chromebooks set up properly that aren’t tied into your current mess, but can share files and get into meetings with your current mess, you might be able to move everything over a little bit at a time to a more simple network that you understand. Once summer hits you move the rest and pick up the pieces when the school year starts. Sounds tough but not impossible.
AlexisFR@reddit
You sure you didn't step into the Purgatory or something?
Because DAMN
sattermc@reddit
I didn’t read the whole post but you absolutely should resign. I spent 20 years in school districts IT it’s soul crushing…
We will spend half your life getting children onto the Internet and the other half keeping them off of most of it
Admirable-Low-2497@reddit
If you stay, you need to hire an MSP to do some of the heavy-lifting for you and to roadmap some improvements. Number 1 should be replacing that firewall with something current and constantly updated!
Sir-Spork@reddit
… this honestly sounds like my dream job 😂
As long as I don’t have after hours calls and the pay met a minimum standard, I would take that job in an instant.
love puzzles and challenges
stareksss@reddit
It sounds to me, that you just need 1 or 2 admins under your wings, that you will be delegating tasks too, while restructuring their whole Organization. Am I wrong here ?
s_schadenfreude@reddit
I walked into a similar situation with a private school 25 years ago. It was my first IT job too. I made the best of it and spent every waking moment learning. NT4 domain --> 2000 AD was my first project. Then Exchange, GPOs, hardware standardization, software deployment. We were running IBM Pentium 90s throughout, and the school admin system was DOS-based. Moved that to a modern (for the time) platform. This was pre-cloud era, but it was an unparalleled opportunity to learn so much technology. No students (or teachers) during the summers either, so I'd literally have weeks on end where I could work in peace. Use it if you can.
ahhwidoadbli21@reddit
I was in a really similar situation once. What worked for me is:
Bear the burden for a few months, so they see you are invested in the job and won't abandon them when shit hits the fan. Then you'll have a decent chance to convince them to hire a networking professional. You can just tell the directors that while yes, the system is manageable for now, it will only get harder and harder to keep it running. Schools luckly shut down for the entire summer, so you can tear it down and rebuild, at least party, without much interruption.
You will need to lokk trough the entire network and document all you can. Then find a contractor who is willing to work on it, and get an estimation on the price. The school will most likely be more open to spending if you go to them saying "Hey, the network is in a terrible state, but I know how to fix it. I alone won't be enough, but I know this guy/comapny and we can fix it in x time for x cost"
That is if you want to keep this job. If you can't/don't want to go trough this hassle, bounce. The school needs someone who is experienced in this exact area (you can help them write a proper job description), and you will find yourself in sysadmin hell if you decide not to start fixing it.
TL;DR:
Tell them to get you professional help or leave
Shot_Fan_9258@reddit
My main concern is your mental health when the network will be breached by a ransomware , cuz it will. If you're not able to define a plan and a budget to regain control of the infrastructure, run.
Effective_Twist@reddit
You can use the netsh command or Roadkil's DHCP find
Playful_Tie_5323@reddit
tbh if you have a full windows environment theres no way you'll get anyone wanting to use linux - you'll get lynched before that happens.
If you have little windows experience then you may be best looking for something else as you will at some point make a fatal mistake that could destroy your whole environment - from what you have described you need an experienced windows admin to sort that out - It actually sounds appealing to me tbh!
Can you not push for another member of staff and get a windows admin in?
Good luck!
Shmoobydoobydoozle@reddit
Just do bare minimum while looking for new job
BWMerlin@reddit
Head over to r/k12sysadmin and they should be able to help you piece things together.
FieryHDD@reddit
Honestly , get OneDrive licenses or Academic 365 licenses. Let them use OneDrive and they have to transfer their data. That would be step 1.
We use Entra Connect, it syncs your ad to o365.
qejfjfiemd@reddit
That doesnt sound fun at all.
hoolio9393@reddit
Leave the windows defender off and do what they tell you to do. I. Europe you leave work on time and don't think about it
hoolio9393@reddit
Let it rot until the next day. I'm a quiet q uitter
plbrdmn@reddit
Wow. Lot going on there, a ton to unpack.
Shame they don’t have the money to spend. Have they told you that outright?
I presume you and previous admins have given them a list of the issues and the risks if they don’t spend?
It might be worth speaking to management either way and laying it out for them again. Put it in terms of the hours of downtime, loss of data and the obvious security risks. The. How much it could cost financially to recover, with some examples, one being hackers taking over and locking the school out of everything, demanding ransoms.
Don’t make it too detailed, a summary of the network, the servers, workstations, hardware and software, everything you’ve listed above.
If they aren’t interested I’d be walking. I’d not want to be around when that grenade goes off.
If they are interested then when approaching a new infrastructure the first thing I’d be asking for is a contractor to help. It’ll be impossible for you to do day to day AND implement new services.
The only thing I’d say is it’s easier to find a job when you have a job. The job market is pretty sucky so grind through it until you can find and secure another role.
ChopSueyYumm@reddit
Well as you mentioned „they don’t have money to invest“. I would make them aware that if they don’t find any money the it system/network will collapse one day. Of they still refuse look for a new job.
FeanorEldarin@reddit
Having done some light IT for a few schools during my time with an MSP, this seems par for the course. If you can convince them that everything needs some TLC, maybe you could get some help and a budget to start working on replacements. I don't know how it works over there, but there are grants for things like this in the states.
Dufsao189@reddit
Geez..
I work for a School doing IT work as well.
It sounds like they once had an IT team that completely crumbled.
I, personally, would leave asap, but not until I had something else lined up already.
Keep looking for work in the specific industry you're qualified for! You'll land one eventually!
brianozm@reddit
My suggestion is, while you’re there, try to solve a few things, one at a time. Maybe start with Windows Update and re-enabling that.
One day the place will get ransomwared and it will cost 5x as much to fix it.
friedcat777@reddit
This is a great opportunity to learn and be forged by fire. I would learn everything about computers and networks you can there for about 2-3 years then go find an IT department with money. (aka not a school)
Also this cat will tell you everything you need to know about Active Directory and so much more.
https://www.youtube.com/watch?v=zyud11pz40s
RamblingReflections@reddit
Come over to r/k12sysadmin - we know your pain, because we too, live it every day.
UnexpectedAnomaly@reddit
There's a community college in my flyover state I did some contract work for and they wanted to hire me but I ran away screaming because they went through five sysadmins and two years, The place was full of primadonna professors who don't want to change at all. Also I'm not sure how it is in Europeland but in the US academic institutions don't seem to have many resources for IT
UnexpectedAnomaly@reddit
I would start small, at least try to get The windows images somewhat standardized and maybe try to only buy one brand of hardware I doubt you'll be able to buy one model. But as far as the major spaghetti web of technical debt you probably just need to spin up an independent domain environment and slowly move things over to it until everything is converted over. But really as far as only being one person in charge of a thousand devices you need to press them for an actual staff especially if they're an academic institution they shouldn't be cool with just having one guy run their critical infrastructure.
If they don't want to buy hardware or modernize anything just ask them well what are you going to do when of all this stuff breaks and no one can fix it because it's too old and no one wants to bother with learning old stuff?
At the very least get an MSP to provide help desk so you can focus on re-architecting the entire infrastructure.
FlyinDanskMen@reddit
In a job you hate? Keep looking and keep working the one you have. In my life I learned that desperation leads to the worst results.
ohiocodernumerouno@reddit
yes schools are bullshit
AgentOrcish@reddit
This is my dream job. I have helped schools over the past 30 years. If you want some pointers, DM me, I can send you some slide decks. You probably just need some help and some direction. My largest deployment was 11k devices in school.
ChromeShavings@reddit
NinjaOne is a fantastic option for getting devices updated. Seriously a game changer for my company.
MEXRFW@reddit
Learn as much as you can while you look for a job, have a talk with your manager about what you want to prioritize and why. Then tackle those things. When other issues come up ask them for guidance.
Sweet_Mother_Russia@reddit
It’s very funny to me that someone who has a ton of Linux experience and programming and all the shit I regard as complicated is flummoxed by Active Directory lol
pdp10@reddit
The X11 terminal era was unfortunately cut short by the plummeting of PC-compatible prices during the 1990-1991 recession. Users relished the control they had by eschewing centrally-managed servers. Ironically, today it's the Wintel machine that's centrally controlled and expensive.
Nobody actually notices this turnabout.
oki_toranga@reddit
I am a former Unix, Linux, Windows, azure admin.
This sounds a lot like the place I worked the longest. I am really stubborn and like a challenge.
I made a list of problems and nice to haves Then I listed the problems after importance, what had to be done right now and what can wait.
You need to get control of the AD and learn how to use it. Then you need to fix it. The reason you can't delete ex admin accounts is because it's still being used for something with the admin privileges.
When the major things are done you focus on the users. Get a ticketing system of some sort, don't speak IT with the users in RL. Script solutions to random weird user problems and give it to them and tell them to run it. I made a GUI for mine which said something like problem fixer and had buttons to fix dumb problems. I automated a solution for every problem I could.
My job eventually morphed into just drinking coffee and tell jokes at the cafeteria, then I got bored and quit.
KongStrongFanboy@reddit
This is just the standard MSP client. This is honestly normal.
trainwrecktragedy@reddit
speaking from experience, set some consistency.
you mention there's too many types of devices; round it down to either just windows, or jsut windows and mac, or just chromebooks, etc.
also encourage userrs to buy their own external drives to back up their files; make sure to provide a guide on this so its straight forward.
You need to know AD but its easy to manage and use, and also GPOs.
figure out what the school wants and what the staff's needs are; that is a good place to start.
it will take time to fix everything; it can take weeks and can also take months depending on how much damage previous techs have done but you will figure this out and get through it.
Give yourself time to go through everything, learn how everything works and then get to fixing things one bit at a time.
I personally would also stick to Windows and use Hyper-V for your VMs but its up to you.
Hopefully I helped
Sasataf12@reddit
You're obviously not happy where you are, so I'd start looking.
Unless you're in a small town where everyone knows your business, it doesn't hurt to look for other jobs.
Illustrious_zi@reddit
Ask for two interns
ProfessorOfDumbFacts@reddit
@u/plonkster I support multiple schools that started out just like this one. DM me if you need help or advice. Certainly sounds like a good environment for chrome OS and chromeFlex on windows and mac student devices
Foreign_Plate_4372@reddit
It's a good opportunity for you to broaden your knowledge which will widen your appeal when looking for the next job
MrVantage@reddit
This sounds like an environment where you may need to rip absolutely everything out and start fresh.
Go full in on Google Workspace. Issue Chromebooks to all staff, with USB-C docking stations at desks (there are some business monitors, well priced, with built in docking stations). Use Chromeboxes for shared computers in libraries, reception PC, etc…
For Students, go BYOD. Let them log into their Google Workspace accounts from their own devices. Just make sure you have MFA on. Obviously they can use the library PCs and other computers too. You can set some context aware access policies up to restrict this to chrome only (so you can apply policies to the managed browser session - do this for teachers too).
Ensure you manage all these ChromeOS devices via the Chrome Enterprise upgrade so they are fully enrolled and managed.
If staff need phones - buy Androids and enroll them into Google Advanced MDM as fully managed.
For the network, rip it out and replace it all with a full UniFi stack. They can also do CCTV, Door Access and Digital Signage.
legrenabeach@reddit
Are you a new sysadmin at my school (and where do I find you)? /s
BadSausageFactory@reddit
Sounds like they've been going through so many admins that they don't even care if you're qualified for the gig. No offense, I don't know anything about Linux. I would stay there while you look for something else, but it doesn't sound like they want to fix it. They want someone to wipe their ass and enable poor behavior. You'd think a schoolteacher would understand why that doesn't help anyone.
Upper-Affect5971@reddit
Qualified? from the sound of it he’s the most qualified person this organization has hired.
BadSausageFactory@reddit
fair but I didn't mean it quite like that. multi-site AD and OP is a Linux heavy, it sounds like they don't even understand what they're hiring for
Upper-Affect5971@reddit
There comes a point when an environment is insuch disrepair, that fixing the basic things makes you out to be the hero.
OP is a smart dude, most nix admins are.
Start fixing what you can, and try and figure out the rest.
The users have no idea what’s going on anyway.
Note: I was in a similar situation around 20 years ago.
TargetFree3831@reddit
You are clearly in over your head, but it could be an opportunity to become a God and name your price.
Lack of Active Directory knowledge will stop you in your tracks - you have to know how to add users, passwords, group policies, DHCP, DNS...it all resides there. Plenty of youtube videos to teach you the basics in 30min or less..
But yeah, disabling an ex admin account breaking things means you might want to look into something like Upwork for some guidance from a pro. They will find these things very quickly and advise how to correct so at least the ship is stable and sailing straight.
You are pissing in the wind if you dont know DHCP, DNS or Active Directory...its just a matter of time before you have to upgrade your AD, and it sounds like that time was 10 years ago. AD runs all of it. It goes down, nothing works, nobody can login, servers go dead...its possibly the worst event in IT aside from alien invasion.
Priority #1 is Active Directory. Everything else can wait. I shudder to think its all running on a single server with a single hard drive for the past 12 years...you must have at least two Active Directory domain controllers.
Seriously, consult help or move on, you need to get through the muck and you dont have the skills you need right now. Its an overwhelming task.
I hope youre being paid at least $150k USD. Otherwise, fuck that.
Noisyss@reddit
If you don't wanna can i have it? Kidding
What I would do in your place, do the suport as it is, recovering files, fixing broken stuff I know I know not your best skill to be an admin, but mean while if you like doing this stuff make a mini intranet with 1 equipment of each brand that represents the "equipment salad" find true opensource projects like truenas+samba to dump the windows fileserver and work to make all those equipment authenticate and use thebold hardware, once you havee a 100% working replication wof the current software used insed the intranet, show for your boss and plan accordingly to migrate the actual structure, one room at time is a good start tho.
CompilerError404@reddit
It truly sounds like someone who lied on their resume to get the job. This person is WAY out of their depth.
mercurygreen@reddit
Nah, this was me working at a Florida resort.
Answered an ad for a part-time hourly position.
Interviewed for a full-time hourly position.
Showed up on my first day and was handed a cell and told it was full-time salary.
Four months in and my boss quit working. Two months later, he ACTUALLY left.
20+ servers, four locations, a guest business center, 24/7 (because hotel), and they had me assisting guests with their computers as well.
And it was my first I.T. job. This was 15+ years ago.
Noisyss@reddit
I think he did no lie, i ended up on a similar position, hired as a suport but had to do an all department on one man, fron network to suport and was brandes as a sysadmin like him, probably who hired him just know like "he knwos a little about IT, that it will do." They probably dont even knows what is an sysadmin.
Lonecoon@reddit
That's on them for hiring you, but it sort of seems like they were desperate. I'm sure you're perfectly good at what you do, but you're way out of your depth. They need an entire team to fix the mess, then a good MSP or on-site sysadmin to maintain.
Keep it till you get another job and prioritize the things that will take down the entire network, but until they give you the budget to fix it, there's no hope here.
mercurygreen@reddit
I'm betting there was a "Well, you should fire my nephew since he knows about computers - he set up my printer at home!" conversation.
az-anime-fan@reddit
in a windows server environment which is hodgepodge like yours chances are DHCP is on the DNS server, which is going to be your domain controller server.
that said, the easiest way to find your dhcp server is to open a command prompt as an administrator, and type in ipconfig /all
the data it spits out should include the dhcp server information.
stesha83@reddit
This sounds like a really fun challenge.
Torschlusspaniker@reddit
Sure on a technical level but when you are a one man band you have to deal with the interpersonal issues and teachers are often difficult to deal with.
Madmasshole@reddit
In a district that size keeping the teachers happy is a far greater concern then the tech 99% of the time.
TKInstinct@reddit
Yeah I wish I could do this, sounds like something I'd really enjoy.
anon-stocks@reddit
Was thinking the same thing., If he's paid enough.
Weak_Wealth5399@reddit
I'm going to be honest here. You're not the guy to fix all of these issues. Most likely if you try and you lack the necessary skills and experience, you're only going to end up being tossed under the bus by your boss.
Try to get some help from someone senior who knows this stuff properly or don't try to fix it. You can be a part of the solution but with your background you're definitely not a good fit.
Besides it's only a matter of time before that whole mess ends up with a crypto virus etc and pretty soon fingers are going to be pointed at you. To be honest, if the refuse to get the help just look for something closer to what you're skilled with.
mercurygreen@reddit
When you are the sole I.T. person, you are in a fairly interesting position; "Or WHAT?" became my answer at one job like this.
Notes:
You need a "second" - someone that can be there when you're not, or else they will call you for the DUMBEST reasons when you're at the dentist getting work done (Okay, that MIGHT have been just me...)
DHCP and several other problems you're having are probably because there are some home routers being used in your network. This happens there was only one network cable but they needed four. Every time they do that, each of them generates a DHCP range (often conflicting) for their little "subnet." With 500 PCs, this is HIGHLY likely.
Windows updates are probably disabled because some of the software doesn't work with later updates. You didn't mention if they're using Win7/Win8(WinXP?) on some "specialty" stations. Wouldn't surprise me.
Advice - some of it bad:
Get a label maker. You should be putting unique labels on EVERYTHING.
Start from the internet, work your way in, mapping everything. Don't change anything, just figure out where the components are. (Servers, printers, switches, WAPs if you have wireless).
Figure out IP addresses and server functions. Don't be surprised when your print server is also a software license server. Find any contact information for stakeholders for services. If no one claims it, think about shutting it down until someone yells at you. THAT'S your stakeholder.
List make/model/serial. Look up warranty (stop laughing!) on everything.
Map the wiring in the patch panel.
Make an IP address schema. There isn't one now, so figure out where things need to be.
Get copies of all switch configurations.
Figure out what you DON'T own. Phone system? Badge/lock system? Fire Alarms? HVAC? If they're not yours, make sure that you have the contact information to hand the the next person that complains so THEY can call the proper people.
You'll never finish documenting, so you'll have to move on to organized cleanup.
CLEANUP:
Choose an office/classroom and a date. The date will be "when no one is there" - a holiday or intercession or something. Remember that you'll be taking days off to compensate.
Yank EVERYTHING of yours out to the walls. Check the drop ceiling. Rewire it correctly. Box anything that's suspect.
Finally, take your PTO when you can. You're going to need it.
saysjuan@reddit
Don’t quit just learn as you go. Summer will be here shortly. Plan for next year. Give yourself a few years to get things under control and justify hiring additional staff.
Forsaken_Instance_18@reddit
I would love to come there and sort out these issue lol I live for that type of shit
But seriously get an apprentice to help you with the heavy lifting
Leucippus1@reddit
Telling me you don't know what hands out DHCP is like a developer that doesn't know the basic form of how to create a function in any given language.
Oh, and the command is 'ipconfig /all', on a Windows computer, one of the entries will tell you what the IP address of the DHCP server is.
scarlet__panda@reddit
r/k12sysadmin
I'm an admin for a school with 350 total users between staff and students. When I came in we had an MSP managing nearly everything from networking devices to end users. I have taken much of it back to onsite. If you're struggling, you can look into MIBS. Managed Internal Broadband Services through the ERate program. Depending on your school and district, your school can receive a hefty discount. I have a local provider managing the configs of our switches and core networking devices, AND they're cleaning up our rack so I can focus on the management of literally everything else.
It's crazy, and it's a lot, but it's not all bad. Active Directory isn't all bad. Not too hard either with some self study.
The sub I mentioned is an awesome resource of a bunch of other k12 sys admins that are vetted and verified.
If you have any questions reach out.
Acceptable_Map_8989@reddit
DHCP should take 5 mins to figure out , you can ask GPT if needed..sound like they need an actual sysadmin
vabello@reddit
What would I do? I’d fix it all. That would keep me entertained for a while.
DenominatorOfReddit@reddit
Take this opportunity to learn what questions you should ask during your next interview.
TerrificVixen5693@reddit
How did you get this job without knowing what AD does?
Either you need to upskill or leave. They deserve better too.
slayermcb@reddit
My red flag: why would they hire someone for this position with no relevant experience where neededAD experience is a pretty basic question in a job interview and should have been covered. Most likely they didn't have a person with any knowledge doing the hiring and made the basic assumption that IT was IT. I like using the medical field to make a my point b when people assume I know how to programnor build a website because I'm in IT. I say It's like highering and ENT doc to be your oncologist. Just because they're doctors doesn't make them right for the job. Just because they can build a program doesn't mean they can manage an enterprise environment.
BJMcGobbleDicks@reddit
I’d say try to make it a year, and learn more about your environment and their tech. In the meantime you may grow to like it, or it’ll buy you time in search of another job.
CaptainMambo@reddit
Go away or make them understand that they need, from your description, at least a team of three people a proper way to do maintenance and a roadmap for necessary evolution. (and money to make said evolution)
I consider mostly schools and hospitals to be the death of a career : underfunded IT with big computer/user base,
So you'll just run right and left to put out fire and maintain a day to day working order and that's all, you will deploy nothing, improve nothing and will not develop any skill because you will be too busy repairing a random turd with a bit of tape and a toothpick.
Without being offensive maybe your probably not even the right guy for the task and you could forget to have any time to learn the needed skill to properly manage that. IT Manager, developper, IT Support and sysadmin are different jobs and multiple things you say are IMHO not the best course of action.
You have a job, you're not in a hurry to find another one, you can cherry pick. Sorry if it sound harsh and good luck in you prospection.
UninvestedCuriosity@reddit
Hm, this feels like it was way off the rails before you even got there. Like maybe there was a competent team at one point and they all walked then you're arriving after a bunch of other unfit people mangled it further.
There's a lot of good advice here already. Some people with actual academia experience that understand their sensibilities and understand how these roles will react. Documenting an environment while it's on fire to then make the case to get the resources needed to fix it is a red flag I look for when interviewing. I've cleaned up enough of these in my life already but if it is your first time. The order of operations is clear. Stop break fixing as much and get your case together already or plan for burnout with everyone still unhappy for when it comes to a head.
badlybane@reddit
The biggest issues with school is government. They get grants for tech but they have spend it on a specific niche vs what they need. Principals who think they are IT. Money gets dumped into bs. If you stay you are going to have to be a dick. Like just and asshole while you teach them what to do. Ad is just identiy management. Smb kerberos etc. If I were you I'd burn it down and go cloud to simplify and get edu licenses.
tectail@reddit
Keep looking for another job. There is a reason no one sticks with this job and you found it. On top of that, this isn't your long term gig, it is just a stop on the way.
With all of that being said, knowing you are leaving someday, write everything down. The next person will appreciate it from you. Once you find another gig, bounce and don't look back
sssRealm@reddit
Why your still there? Reminds me much of my job, except I have other people on my team and we are making slow progress. Sounds the only thing you really can do is look for a new job.
CompilerError404@reddit
Yeah, it's near impossible to land any IT job that is not a windows environment. No system is perfect, however, if you can't or don't want to manage a m365/google environment, you're probably not in the job you want.
What you are describing is almost environment, within the last 10 years. Have you been out of the life for awhile? It sounds like it...
Now are you overworked, being a sole provider of IT for 500 devices, 100%. You should communicate that to your superiors instead of lamenting the good ole Linux days.
themanbow@reddit
Yes, but let's stress that they need to be careful on how they resolve this issue.
Don't just "cowboy" it, turn on Windows Update, and let it cook. They'll definitely need to let the higher ups know what their intentions are, get some history on why it was turned off in the first place, and meet halfway from there.
TKInstinct@reddit
I agree with you on everything except them getting fired. They've gone through several admins and kept none of them. At this point they could be desperate and need him more than he needs them. Take a chance and do it.
TangerineTomato666@reddit
Imagine being admin of a network and not knowing who answers dhcp requests.
TKInstinct@reddit
Start with what you know. If you were a Linux administrator then why not propose standing up a Linux environment and consolidating services. You certainly don't need GSUITE and 365 and I'm plainly sure that the mysterious software could have been usurped 20 years ago with something better.
Quit if you want but this seems like a fun yet monstrous challenge and I'd take that any day. What are they going to do, fire you?
BeigeGandalf@reddit
Pick something, learn it, fix it, document it, then on to the next thing. All while getting pulled 500 directions at once. Welcome, SysAdmin :)
ManyMag@reddit
First, I think you could move to a remote job with your expertise, maybe, downgrading your paycheck at first to be able to set a ground base where you are. Keep looking for remote jobs.
Now, with your current situation, talk (Speak up) to have at least two junior position below you to route those nasty admin low IT issues (yes, it may take a time to shadowing those), if FTE is not an option, request for interns. If they provide you for junior helpers or Interns, start moving to an infra that fit your expertise, begin to migrate servers to Linux base services. Looks no one will care what you do. That might find you in a interesting project. There is no need to do it all at once, make a plan for yourself and improve your own situation there, while you may find a way out but getting help is a key.
Vesalii@reddit
I feel like you are in WAY over your head. They need a sysadmin or better yet a team of them to get their shit together.
slapstik007@reddit
There is an entire subreddit dedicated to this /r/k12sysadmin, some of us have found a home in the education space.
PolishHussarius@reddit
1 IT for 1000 employees is insane, you can't win. An 'acceptable' amount is 1 guy per 100-200 employees, depending on expectations.
Make plans to jump somewhere else asap, you can't win there, run, now.
AromaticCamp8959@reddit
No offense, but you’re clearly in over your head if you’re taking a job in IT Leadership and don’t know what Active Directory does, or it takes you in excess of two months to determine what is handing out DHCP leases. Identify the depreciated equipment and create a proposal to upgrade the infrastructure, whether that’s all at once or one-by-one. It’s unfortunate that many of us have to come I behind bad leadership where you have a myriad of technologies. Ten years ago, I can into a thriving medium-sized business where the IT Manager purchased anything other than enterprise-grade equipment, and then complained when it failed. He’d often complain about how much it costs to continue replacing the hardware, but wouldn’t dare ask or craft a budget to purchase enterprise hardware. I came in, insisted on refreshing the core infrastructure, and replaced other things on a schedule. Now, our network consists on enterprise-grade Cisco hardware, our servers are virtualized on Dell ESXi, our workstations are all Lenovo ThinkPads that are spec’s the same (before anyone comes for me for over buying, it costs a lot less to keep the same SKU for issuance, replacement, and repair, for us). All hardware, with the exception of individual workstations, must be under warranty or service plan at all times, otherwise it is deprecated and included in the following FY budget for decom & replacement. I’ve been at this now for nearly twenty years and have learned largely from my own mistakes. Standardization is key in simplifying the management of IT. Feel free to DM me if you want to chat about anything - happy to help someone trying to make a go at it! Remember, anything worth doing is worth doing right, and coming into a situation like that leaves only one direction to go - up! You have the opportunity to be regarded as the best IT Manager they’ve ever had, the one who turned it all around! Don’t be afraid to make moves!
ButterflyImaginary52@reddit
How did you do a decade of AWS/sysadmin adjacent shit and NOT learn what AD is, let alone how it works?
Being a Linux guy isn't an excuse. Trust me, I'm a Linux evangelist.
disturbedwidgets@reddit
OP get me on board, we can do this together. Trying to get out of the states myself.
Waylander0719@reddit
If you want to try to stay and tackle the challenge:
As an IT Director for an organization that is understaff, and who previously worked as IT at a school. There is something you need to do before addressing ANYTHING technical.
You need to find out who is in charge and work with them to set expectations and essentially SLAs. If they have 1000 users and one person doing helpdesk, and admin level work then the expectation should be that you will get fix issues "as soon as you can" which may not be for days.
Do you have a ticketing system? Step one is to get one, find a open source/free one if needed plenty of options out there.
Make sure your boss is on board (which shouldn't be hard). That all IT requests need to go through the ticket system. Most allow either portal or email entry of tickets. Phone calls go to a voicemail that you answer and manually enter tickets "when you can", maybe at the end of the day.
This will do a few things for you, first it will give you documentation and proof of how much work is needed, and how much you are doing. Second it should free you up from taking calls and entering tickets yourself
Second you need to document your projects and come up with a priority plan, then plan to tackle them during the summer and other vacations. Dont look at the whole list after it is done, only whats at the top.
WaldoOU812@reddit
The one piece of advice I'd give is that you don't quit this job until/unless you have another job lined up. And research the new company/job thoroughly so that you're confident it'll be a good fit for you, skills/environment/culture/pay-wise. And that they're doing sufficiently well that you don't have to worry about them going out of business three months after they hire you.
themanbow@reddit
If you are willing to learn Windows domain management, then I'd suggest finding some old Windows Server 2012 R2 MCSE study books (unfortunately Microsoft stopped offering MCSE certifications after Windows Server 2012 R2, but the fundamentals of Active Directory, Microsoft DNS, DHCP, etc are the same even in Windows Server 2025).
(between some college courses and a LOT of MCSE study material for Windows 2000 Server and Windows Server 2003, that's how I learned...and now I'm a Windows graybeard (well...the only gray hair I have is in my nose, but that's another topic altogether))
Otherwise if you feel as if you are working at the wrong job or you--like many other people that are dedicated to Linux--have a viscerally negative opinion of Windows, then you may want to look for another job that suits you.
All that being said, while there are likely more Windows jobs than Linux jobs out there, you'll likely command a larger salary for being a Linux guru for a company that needs one.
JankyTime1@reddit
Par for the course in small and mid size education is that they won't care about or spend on IT until after they hit the news for being ransomwared.
HugeAlbatrossForm@reddit
Fuuuck that coast and look for a job till they fire you
Upper-Affect5971@reddit
Fuck it, you can only go up from here.
shaolinmaru@reddit
It mention MS365, is obvious that would be a Windows environment
And you didn't ask anything about the place on the interview process?
Is up to you to get the skills, then. But like was said in other comments, you need more people. Try to bring at least one or two more persons to help you to handle with the service desk issues, while you focus on the infrastructure.
ADtotheHD@reddit
Cleanup is always possible, it’s just a matter of will, know how, budget, and time. It’s also a matter of metering your expectations as well as the expectations of those around you.
You make the plan. Pick the systems and standards you intend to move to or adhere to. Pick windows or Mac, one or the other. For students, pick chromebooks or iPads, one or the other. Pick single hardware vendor for each category. Choose long-term support systems as possible.
Choose security first. There is bound to be any number of security standards the organization is required to adhere to that they undoubtedly are not. Find out what those standards are and write a formal security policy as well as audit the current state vs. required future state. Learn AD. Purge accounts for staff that aren’t there anymore. Apply a reasonable password policy then mandate updates via GPO. Systems that aren’t supported anymore like Win7 get pulled from the environment, period. No unsupported OSes. Updates will likely break some systems. If you find they aren’t able to function well with updates, they get pulled as well.
If you’re already thinking about leaving, is security as the bludgeon to make them take action.
SP92216@reddit
Posts like this one make me reconsider what I would call a “Wild West” environment. I used to think I worked at one, this makes that one look like a well-put operation.
Fake_Cakeday@reddit
If possible I would start a completely new environment for an area at a time.
New setup that doesn't work with the old stuff other than communication stuff and everything else is "new", updated and better.
And when the word gets around then the rest will want the new setup that doesn't crash so often and works much better.
The problem is finding an area and people to buy into this idea and would be willing to change up their usual stuff
SpotlessCheetah@reddit
If you're really one guy, leave. They haven't learned their lesson.
You need at least one other person to fix a lot of stuff. Instead, you have zero ability to triage and make changes at the same time.
You also need a budget to replace everything yesterday. If you can't get those two things, you really gotta leave asap.
largos7289@reddit
April fool? cause LOL if it is.
Incid3nt@reddit
Start with what you can control. Get support from leadership around ticketing processes and have them adhere to the ticket system.
If standing up intune or sccm or whatever is out of the long term, get a small lightweight asset management and deploy tool, a common one for schools is PDQ deploy and PDQ inventory, this will help you get a hold on what programs/software/hardware are in your environment and begin patching. While you're doing this, document your concerns with whoever is above you and the amount of change it would take to make this efficient and secure. Print the email or BCC yourself to ensure you have this record incase it hits the fan.
Plan out several smaller projects to test, i would recommend an update server and tie it to a group policy and slowly roll those out to small sections, or at a minimum, when a newer computer is purchased, it must be in this group going forward, you can even register it in intune if your environment is able, MS is usually low cost for schools. That will at least get the ball rolling. Ideally though you could also plan for a G suite/workspaces in the future, maybe start by rolling it out to just specific classes or students to see how successful they are with them and then use the cost/efficiency/security to bargain more rollout.
Whatever projects you plan, plan them around breaks where students are out such as spring break/summer if possible.
Affectionate_Bed2750@reddit
I'd say you need to map your network, setup MDM for mobile devices, generate templates, assign classes/classrooms to those configuration templates and half of your problem goes away. Adopt Identity server and abandon local domain controllers, go full cloud OPS, standardize equipment, deploy drive images, kick your feet up and enjoy the weather.
ILikeTewdles@reddit
Yes dude, keep applying and get out of there. I wouldn't just up and quit until you have something else lined up though. Working for orgs that have everything duct taped together and no budget to maintain let alone improve anything are the absolute worst jobs.
Accomplished_Disk475@reddit
Fuck that. Absolutely find something else. That is a system that has been underfunded WAY too long. The only time that place will make it to the future is when it eventually gets ransomed, and they have to rebuild it from scratch. Till that happens, it'll be very much band-aids/duct tape.
MSXzigerzh0@reddit
What you could probably do but it would take a massive amount of work on your end. Is to take advantage of current geopolitical situation and lobby your school to start migrating to Linux since you are in Europe.
I would drop whatever environment that your schools email is not running through.
Also you promoted it as a cost savings.
TheNegotiator12@reddit
You could see about getting a budget and permission to hire an outside contractor to upgrade all of the IT infrastructure and get everything on par, then work on phasing out any end of life computers and laptops (you can use a contractor for that too) then if a new machine can't run outdated spftware then you should help them source a better alternative
Jguan617@reddit
a job is just a job, keep it until you find something better.
Da_SyEnTisT@reddit
I worked as a "Do it all IT tech" for 7 years in a private high school. It literally drained my soul.
I was so pissed off that I started hating computers altogether. I even stated studying in a completely different domain because I tough I didn't like computers anymore... Until I quit that shitty school and applied in a normal IT company and started loving computers again... and loving my job again.
I never met so many fucking stupid people in my life more than in this school.
Just writing those lines makes me angry.
Get the fuck out before they suck the life out of you.
CMDR_Waffles@reddit
So it does not follow GDPR or NIS2. I'd get out of there, dont need "business got fined 20 million EUR or 4% of their annual turn over" due to the IT department on the resume.
ElMikoUK@reddit
Sadly, this is not uncommon in education from what I’ve experienced. Been in a similar situation and now in an MSP with a focus on education. If you get support from the school, and an actual budget, you can make moves to fix. But this is also uncommon.
I would say watch out for stress. This caused me major issues when in the school environment and being expected to get everything and anything working.
Do what feels right for you. Education IT isn’t seen as great for the CV and can be very difficult to manage.
Good luck.
Chill_Will83@reddit
Yeah I’d look for a remote Linux sysadmin position. I believe with time you could pick up Windows Server but alone that’s a challenge…