zenportafino
asked on
Start over or fix...
I'm new to a network that's four years old and has been "tinkered" with by 6 different admins. The current problems identified are:
* New/Modified GPO's having no effect on current OU's
* gpupdate /force on XP systems does not force anything
* Changes to securtiy groups taking up to 45 minutes to the only other DC (same site)
* Accounts that are disabled actually work for a couple hours before locking out (even after replicating)
* Exchange server set up and connected to only 1 DC - not the Schema master
* Lost of funky SMTP issues - messages stuck in queue and legite addresses rejected
* Users "dissapear" from security groups
NTDSUTIL shows AD DB integrity as good. My boss and I are trying to figure out if setting up a new domain and trust to the current domain is a good idea, slowly migrating systems and users into the new domain. I'm willing provided none of this corrupt stuff makes it's way in. I'm thinking more bulk export of AD and build a new DC - start over. I don't trust that any of the master roles are doing thier jobs. Ideas?
* New/Modified GPO's having no effect on current OU's
* gpupdate /force on XP systems does not force anything
* Changes to securtiy groups taking up to 45 minutes to the only other DC (same site)
* Accounts that are disabled actually work for a couple hours before locking out (even after replicating)
* Exchange server set up and connected to only 1 DC - not the Schema master
* Lost of funky SMTP issues - messages stuck in queue and legite addresses rejected
* Users "dissapear" from security groups
NTDSUTIL shows AD DB integrity as good. My boss and I are trying to figure out if setting up a new domain and trust to the current domain is a good idea, slowly migrating systems and users into the new domain. I'm willing provided none of this corrupt stuff makes it's way in. I'm thinking more bulk export of AD and build a new DC - start over. I don't trust that any of the master roles are doing thier jobs. Ideas?
ASKER
More info... The site is small with only 50 users, 8 servers (1 ISA 1 WEB 1 Exchange 2 SQL 1 FILE 2 DC's), 70 mailboxes 2 DC's. My main concern is keeping security group membership in tact. We're also current on all MS software assurance and want to take all of the servers to 2003. Any tips would be greatly appreciated. The solution has to be within a two day time frame and include an efficient method to verify that all problems are fixed and the new (if) system is healthy.
Thank you.
Thank you.
Hi,
As the IT manager for a large company I agree with the above.
Buy New Hardware and New Servers - Win 2003 and exchange 2003
Cost is minimal compared to wasting months of time trying to fix problems that weren't even conceived when win 2000 and win nt4 built.
Server 2003 is far more secure and less likely to be damaged by viruses etc
Exchange 2003 is brilliant and does all the pda and smart phone stuff - this is a huge saving in itself.
Also take opportunity to plan the network and Active Directory etc.
By buying new hardware you have the luxury of taking your time and doing it right.
As rhandels says if you need any more help I'm sure an EE can assist.
Ian
As the IT manager for a large company I agree with the above.
Buy New Hardware and New Servers - Win 2003 and exchange 2003
Cost is minimal compared to wasting months of time trying to fix problems that weren't even conceived when win 2000 and win nt4 built.
Server 2003 is far more secure and less likely to be damaged by viruses etc
Exchange 2003 is brilliant and does all the pda and smart phone stuff - this is a huge saving in itself.
Also take opportunity to plan the network and Active Directory etc.
By buying new hardware you have the luxury of taking your time and doing it right.
As rhandels says if you need any more help I'm sure an EE can assist.
Ian
ASKER
Thank you rhandels and parkerig. Could anyone provide a simple overview or general outline from where to start and what to watch out for? I don't want to upgrade the OS - fresh installs on all - is this nuts? What do I need to watch out for when moving the mailboxes ect... Also, does anyone see a benefit in the domain/trust idea?
Hi,
My 5 cents worth
Agree, don't upgrade but use new hardware and new installs.
From memory we created all users from scratch and then imported mail. There is a few utils that do this if another EE can give a URL for them. If not with only 70 mailboxes just do it manually.
Make sure you plan security before copying across data.
Get an extra pair of hands on go live day as there is always something.
Don't forget the printers.
Cheers
Ian.
My 5 cents worth
Agree, don't upgrade but use new hardware and new installs.
From memory we created all users from scratch and then imported mail. There is a few utils that do this if another EE can give a URL for them. If not with only 70 mailboxes just do it manually.
Make sure you plan security before copying across data.
Get an extra pair of hands on go live day as there is always something.
Don't forget the printers.
Cheers
Ian.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Oh, ... these are security templates not, administrative templates as I first post it.
If you'd like to have some tips and tricks for migrating, just say so.. We just did one from NT to 2003 Server. Stated all over again and it works like a charme...