No announcement yet.

AD 'corrupt'?

  • Filter
  • Time
  • Show
Clear All
new posts

  • AD 'corrupt'?

    If your installation of AD 2008 is giving problems (stuff like users not being able to change their passwords, even though you haven't changed any policies), what posibilities are there to start with a clean slate when you have 650 workstations on that forest/tree with a single domain and 2 DCs/GCs?

    We started this forest on a Windows 2000 server and have gone through every upgrade step. Our feeling is that the migrations have never been 100% successful and little problems have been picked up on each. The trouble is our current AD is really playing up on us, policies dont do what they should and apparently policy related problems keep happening even when no changes have been made.

    Reinstalling Windows on a DC doesnt help because it inherits all the problems in the current AD database.

    The problems themselves seem impossible to troubleshoot, but starting a new domain/tree/forest on a new Windows 2008 server, to obtain a 'clean slate' also means a complex and time consuming migration of other services not to mention reconfiguring each workstation on the new domain.

    What options do we have?

  • #2
    Re: AD 'corrupt'?

    You have 2 DC's. Cant you rebuild your current BDC, promote it, and knock down your current primary DC and then rebuild that one. Then you could keep the same forest/domain etc You could also then gradually take each DC offline, rebuild it from scratch and then add it back again.

    The idea of having to join 650 workstations back to a new domain is something I'd most definately avoid!

    Also, are you sure that your GPO's arent interfeering with each other. I had major problems when I started out with unpredictable group policies, I found I had created several that overlapped with opposing functions within the same OU. Its worth checking (if you havent already done so)

    Why is it the first time I submit without previewing, I lose the ability to spell!


    • #3
      Re: AD 'corrupt'?

      If these are GPO issues, have you installed Client Side Extensions on all the clients so they will correctly apply GPOs from a Server 2008 DC?

      Other GPO info re 2008.

      The CSE Update should have been installed via WSUS (if approved) but there is a script that will also do the trick.

      ' Install_GPP_CSE.vbs
      ' Author:  Chad A. Gross
      '          Layton Flower Technologies, LLC.
      '          Created:  2008-12-16
      '          Copyright (c) Chad A. Gross - All Rights Reserved
      ' Purpose:  This script is intended to be ran as a domain
      '           startup script in a Windows 2008 domain.  It checks
      '           to see if the 2008 Group Policy Preferences Client
      '           Side extensions have been installed on the PC.  If
      '           not, it installs the correct Client Side Extensions
      '           based on the OS & platform detected.
      ' Customization:  The script must be customized in each 
      '           separate domain environment.  Specifically, the 
      '           strPath_ variables must be defined to point to 
      '           the correct fiile for each CSE installer
      ' Use:  This script is free for non-commercial use.
      Option Explicit
      Dim strComputer  'identifies computer to query
      Dim strPath_XPx86 'path to CSE installer for XP x86 
      Dim strPath_XPx64 'path to CSE installer for XP x64
      Dim strPath_Vistax86 'path to CSE installer for Vista x86
      Dim strPath_Vistax64 'path to CSE installer for Vista x64
      Dim strPath_2003x86 'path to CSE installer for 2003 x86
      Dim strPath_2003x64 'path to CSE installer for 2003 x64
      Dim colOperatingSystems
      Dim colComputerSystems
      Dim objComputerSystem
      Dim strOSVer
      Dim strSysType
      Dim objShell
      Dim objWMIService
      Dim colItems
      Dim intCount
      Dim objItem
      Dim objOperatingSystem
      strComputer = "."   ' use "." for local computer 
      strPath_XPx86 = "\\zeus\public\software\utilities\GPP_CSE\XP_x86\Windows-en-Us-KB943729.exe"
      strPath_XPx64 = "\\zeus\public\software\utilities\GPP_CSE\XP_x64\Windows-en-Us-KB943729.exe"
      strPath_Vistax86 = "\\zeus\public\software\utilities\GPP_CSE\Vista_x86\Windows6.0-KB943729-x86.msu"
      strPath_Vistax64 = "\\zeus\public\software\utilities\GPP_CSE\Vista_x64\Windows6.0-KB943729-x64.msu"
      strPath_2003x86 = "\\zeus\public\software\utilities\GPP_CSE\2k3_x86\Windows-en-Us-KB943729.exe"
      strPath_2003x64 = "\\zeus\public\software\utilities\GPP_CSE\2k3_x64\Windows-en-Us-KB943729.exe"
      'On Error Resume Next 
      Set objWMIService = GetObject("winmgmts:" _ 
              & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") 
      Set colItems = objWMIService.ExecQuery _ 
              ("Select * from Win32_QuickFixEngineering Where HotFixID = 943729",,48) 
      intCount = 0
      For each objItem in colItems
        If objItem.HotFixID = "943729" Then
          intCount = intCount + 1
        End If
      If intCount = 0 Then
        'CSE not installed.  Get OS version & install correct CSE
        'Get OS Version
        Set colOperatingSystems = objWMIService.ExecQuery _
          ("Select * from Win32_OperatingSystem")
        For Each objOperatingSystem in colOperatingSystems
          strOSVer = objOperatingSystem.Version
        'Get System Type
        Set colComputerSystems = objWMIService.ExecQuery _
          ("Select * from Win32_ComputerSystem")
        For Each objComputerSystem in colComputerSystems
          strSysType = objComputerSystem.SystemType
        'Run correct patch install
        Set objShell = CreateObject("Wscript.Shell")
        Select Case Left(strOSVer, 3)
          Case "6.0"
       'Vista / 2008
       If Left(strSysType,3) = "X86" Then
          'x86 PC
           objShell.Run "wusa " & strPath_Vistax86 & " /quiet",0,True
          'x64 PC
           objShell.Run "wusa " & strPath_Vistax64 & " /quiet",0,True
       End If
          Case "5.2"
       'Windows 2003
       If Left(strSysType,3) = "X86" Then
          'x86 PC
           objShell.Run strPath_2003x86 & " /quiet /log:C:\KB943729.log",0,True
           x64 PC
           objShell.Run strPath_2003x64 & " /quiet /log:C:\KB943729.log",0,True
       End If
          Case "5.1"
       'Windows XP
       If Left(strSysType,3) = "X86" Then
          'x86 PC
                 objShell.Run strPath_XPx86 & " /quiet /log:C:\KB943729.log",0,True
       ElseIf Left(strSysType,3) = "X64" Then
          'x64 PC
           objShell.Run strPath_XPx64 & " /quiet /log:C:\KB943729.log",0,True 
       End If
        End Select
      End If
      Obviously change the path in the BLUE coloured text to point to your own location.

      Special thanks to Chad Gross for sharing this script. It worked for a script nuffie like me so it should work for you, if required.
      Joined: 23rd December 2003
      Departed: 23rd December 2015