Tips for taking over inherited network
Posted on 2004-09-08
I recently inherited a Win2k AD domain. From recent troubleshooting, I've come to realize that there are some definitely questionable settings and configurations on our network. With this network, I inherited no (as in zero, zilch, nada) in the way of documentation, so I started out creating basic documentation of all critical systems and settings (DHCP, DNS, Group Policy).
Recently I have come across the following realizations about the network:
-1 Domain Controller also acting as DHCP server for remote site.
-Everyone group had far too many NTFS permissions (this has been resolved)
-Something flakey going on with DNS (enabling scavaging apparently removed critical CNAME records, rendering our inter-site replication useless until this was repaired)
-No redundency for DHCP servers
-No DNS redundency for remote sites
This is just the beginning of the list of things that I feel that I will need to sort out in order to get this network running in a way that I feel comfortable with. I am however a newbie admin, only officially halfway through with my MCSA, and was hoping to get advice on what else I should be documenting and what else I should be investigating to see if setup was done improperly.
I also need to be able to effectively present to my manager a plan and a reasoning behind wanting to change the previous admin's setup. Example: I know that the DHCP server living on a DC is a bad bad thing. Everything I read tells me that you don't want to do this, but I need a sound reason to give to my manager as to why (he's a little bit of a micromanager and if he doesn't understand why you want something changed, saying well because I read it's a bad thing to do doesn't cut it).
I don't want to sound paranoid about the previous admin, but it just seems the further I delve into this setup, the less and less competent they appeared to be and I'm hoping to head off any potential trouble that may be on the horizon.
Any tips on what else to document, any tools to help diagnose the health of the directory, etc is greatly appreciated.