R
Randy
Hello all,
I have inherited an AD and Group Policy nightmare.
A little background on the network;
I have a client that has migrated from NT4.0 to W2K and AD
a number of months/years ago. The issue is that they have
had numerous unqualified Administrators/Consultants
working for them and it is a very unstable/poor design.
They have 150 users spread across 3 states, one domain, 4
DC’s, numerous Group Policy changes, Exchange 2000, and
shares/NTFS permissions galore.
Some of the issues;
The DC in city B is authenticating users in city A;
replication is almost circular, replication issues happen
quite often, and one of the SA’s found the ADSI Editing
tool and started hacking AD trying to resolve issues, only
creating more issues, changing FSMO roles, etc.
I have been tasked to repair what they have or rebuild
AD. What I need is a push in the right direction.
1) Do I repair what I have?
Other than NTDSUtil.exe what tools are out there to verify
the integrity of AD and repair it?
What tools if any can reset group policies back to default?
Is there anyway to reset the replication topology to
defaults?
2) Do I create a parallel AD domain and import the
data using ADMT?
Has anyone attempted this?
What are the ramifications to other AD integrated
systems. Exchange, SQL, etc.
Any suggestions would be welcome, but I would ask that
they are field tested.
Thanks,
Randy
I have inherited an AD and Group Policy nightmare.
A little background on the network;
I have a client that has migrated from NT4.0 to W2K and AD
a number of months/years ago. The issue is that they have
had numerous unqualified Administrators/Consultants
working for them and it is a very unstable/poor design.
They have 150 users spread across 3 states, one domain, 4
DC’s, numerous Group Policy changes, Exchange 2000, and
shares/NTFS permissions galore.
Some of the issues;
The DC in city B is authenticating users in city A;
replication is almost circular, replication issues happen
quite often, and one of the SA’s found the ADSI Editing
tool and started hacking AD trying to resolve issues, only
creating more issues, changing FSMO roles, etc.
I have been tasked to repair what they have or rebuild
AD. What I need is a push in the right direction.
1) Do I repair what I have?
Other than NTDSUtil.exe what tools are out there to verify
the integrity of AD and repair it?
What tools if any can reset group policies back to default?
Is there anyway to reset the replication topology to
defaults?
2) Do I create a parallel AD domain and import the
data using ADMT?
Has anyone attempted this?
What are the ramifications to other AD integrated
systems. Exchange, SQL, etc.
Any suggestions would be welcome, but I would ask that
they are field tested.
Thanks,
Randy