jtgraphic
asked on
Scripts not executing after a DC crash
I had three domain controllers, two Windows 2000 and one Windows 2003. One of the Windows 2000 servers crashed and had to be removed from the domain without demoting it. I manually removed all entries from the active directory and transfered all FSMO roles to the other two servers. There are two scripts on our network, one is a vb script tied to the default domain policy under user logon which maps printers and the other is a .bat file which is defined for each user in the profile section which maps shared drives. Since the domain controller failed, neither of these scripts execute, even after I cleaned up all of the domain issues. Both scripts live in the SYSVOL and changes to either script replicate on both servers. Anyone have any ideas?
If you did complete a metadata cleanup, did you also remove the server from AD Sites and Services?
And in DNS?
And in DNS?
ASKER
Yes I used ntdsutil to clean up the metadata. I ran both dcdiag and netdiag and they both passed all tests. One thing I noticed was that WINS was not enabled; is this is problem? There are problems throughout our network with extremely slow performance, connection issues to shared resources and I have a Windows 98 box (not by choice) that can no longer log into the domain.
ASKER
OK I think I figured out the problem: There are errors in the application log saying that the server cannot access the group policy objects in the SYSVOL. What permissions are needed in order for Windows to be able to access this information?
Have a look at SMB signing then.
It may be that clients are having problems with that if it's enforced.
It may be that clients are having problems with that if it's enforced.
Are there particular GPOs which can't be accessed? Check the NTFS permissions on those folders under SYSVOL.
If the permissions are correct then the GPOs might be corrupted. You might have to delete and re-create them through the Group Policy Management Console.
If the permissions are correct then the GPOs might be corrupted. You might have to delete and re-create them through the Group Policy Management Console.
ASKER
What should the correct permissions be for SYSVOL?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I set the permissions for the scripts and for the group policy section and it stopped the errors in the event manager. The scripts are still not running, though. I believe that this information is controlled by the default domain policy; will it screw everything up if I delete it and remake it?
ASKER
Check that, doing the permissions did work. There was also some stuff that got changed with the locations and the referencing of the scripts. Thanks for the help!
Running dcdiag and netdiag may give clues to the cause of the problem. They can be found under Support\Tools on the Server 2003 CD.