Scripts not executing after a DC crash

I had three domain controllers, two Windows 2000 and one Windows 2003.  One of the Windows 2000 servers crashed and had to be removed from the domain without demoting it.  I manually removed all entries from the active directory and transfered all FSMO roles to the other two servers. There are two scripts on our network, one is a vb script tied to the default domain policy under user logon which maps printers and the other is a .bat file which is defined for each user in the profile section which maps shared drives.  Since the domain controller failed, neither of these scripts execute, even after I cleaned up all of the domain issues.  Both scripts live in the SYSVOL and changes to either script replicate on both servers.  Anyone have any ideas?
jtgraphicAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shift-3Commented:
When you say you manually removed entries for the old server, did you do this by running ntdsutil and using the metadata cleanup interface?

Running dcdiag and netdiag may give clues to the cause of the problem.  They can be found under Support\Tools on the Server 2003 CD.
0
Netman66Commented:
If you did complete a metadata cleanup, did you also remove the server from AD Sites and Services?

And in DNS?

0
jtgraphicAuthor Commented:
Yes I used ntdsutil to clean up the metadata.  I ran both dcdiag and netdiag and they both passed all tests.  One thing I noticed was that WINS was not enabled; is this is problem?  There are problems throughout our network with extremely slow performance, connection issues to shared resources and I have a Windows 98 box (not by choice) that can no longer log into the domain.
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

jtgraphicAuthor Commented:
OK I think I figured out the problem: There are errors in the application log saying that the server cannot access the group policy objects in the SYSVOL.  What permissions are needed in order for Windows to be able to access this information?
0
Netman66Commented:
Have a look at SMB signing then.

It may be that clients are having problems with that if it's enforced.

0
Shift-3Commented:
Are there particular GPOs which can't be accessed?  Check the NTFS permissions on those folders under SYSVOL.

If the permissions are correct then the GPOs might be corrupted.  You might have to delete and re-create them through the Group Policy Management Console.
0
jtgraphicAuthor Commented:
What should the correct permissions be for SYSVOL?
0
Shift-3Commented:
The directories under SYSVOL\<domain>\Policies should at least have these:

Administrators - Full Control
Authenticated Users - Read & Execute, List Folder Contents, Read
CREATOR OWNER
SYSTEM - Full Control
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jtgraphicAuthor Commented:
I set the permissions for the scripts and for the group policy section and it stopped the errors in the event manager.  The scripts are still not running, though.  I believe that this information is controlled by the default domain policy; will it screw everything up if I delete it and remake it?
0
jtgraphicAuthor Commented:
Check that, doing the permissions did work.  There was also some stuff that got changed with the locations and the referencing of the scripts.  Thanks for the help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.