Start over or fix...
Posted on 2004-04-09
I'm new to a network that's four years old and has been "tinkered" with by 6 different admins. The current problems identified are:
* New/Modified GPO's having no effect on current OU's
* gpupdate /force on XP systems does not force anything
* Changes to securtiy groups taking up to 45 minutes to the only other DC (same site)
* Accounts that are disabled actually work for a couple hours before locking out (even after replicating)
* Exchange server set up and connected to only 1 DC - not the Schema master
* Lost of funky SMTP issues - messages stuck in queue and legite addresses rejected
* Users "dissapear" from security groups
NTDSUTIL shows AD DB integrity as good. My boss and I are trying to figure out if setting up a new domain and trust to the current domain is a good idea, slowly migrating systems and users into the new domain. I'm willing provided none of this corrupt stuff makes it's way in. I'm thinking more bulk export of AD and build a new DC - start over. I don't trust that any of the master roles are doing thier jobs. Ideas?