Solved

Scripts not executing after a DC crash

Posted on 2006-11-30
10
213 Views
Last Modified: 2010-04-18
I had three domain controllers, two Windows 2000 and one Windows 2003.  One of the Windows 2000 servers crashed and had to be removed from the domain without demoting it.  I manually removed all entries from the active directory and transfered all FSMO roles to the other two servers. There are two scripts on our network, one is a vb script tied to the default domain policy under user logon which maps printers and the other is a .bat file which is defined for each user in the profile section which maps shared drives.  Since the domain controller failed, neither of these scripts execute, even after I cleaned up all of the domain issues.  Both scripts live in the SYSVOL and changes to either script replicate on both servers.  Anyone have any ideas?
0
Comment
Question by:jtgraphic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
10 Comments
 
LVL 38

Expert Comment

by:Shift-3
ID: 18047855
When you say you manually removed entries for the old server, did you do this by running ntdsutil and using the metadata cleanup interface?

Running dcdiag and netdiag may give clues to the cause of the problem.  They can be found under Support\Tools on the Server 2003 CD.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18050180
If you did complete a metadata cleanup, did you also remove the server from AD Sites and Services?

And in DNS?

0
 

Author Comment

by:jtgraphic
ID: 18053697
Yes I used ntdsutil to clean up the metadata.  I ran both dcdiag and netdiag and they both passed all tests.  One thing I noticed was that WINS was not enabled; is this is problem?  There are problems throughout our network with extremely slow performance, connection issues to shared resources and I have a Windows 98 box (not by choice) that can no longer log into the domain.
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 

Author Comment

by:jtgraphic
ID: 18054974
OK I think I figured out the problem: There are errors in the application log saying that the server cannot access the group policy objects in the SYSVOL.  What permissions are needed in order for Windows to be able to access this information?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 18054979
Have a look at SMB signing then.

It may be that clients are having problems with that if it's enforced.

0
 
LVL 38

Expert Comment

by:Shift-3
ID: 18057920
Are there particular GPOs which can't be accessed?  Check the NTFS permissions on those folders under SYSVOL.

If the permissions are correct then the GPOs might be corrupted.  You might have to delete and re-create them through the Group Policy Management Console.
0
 

Author Comment

by:jtgraphic
ID: 18058179
What should the correct permissions be for SYSVOL?
0
 
LVL 38

Accepted Solution

by:
Shift-3 earned 500 total points
ID: 18058246
The directories under SYSVOL\<domain>\Policies should at least have these:

Administrators - Full Control
Authenticated Users - Read & Execute, List Folder Contents, Read
CREATOR OWNER
SYSTEM - Full Control
0
 

Author Comment

by:jtgraphic
ID: 18068895
I set the permissions for the scripts and for the group policy section and it stopped the errors in the event manager.  The scripts are still not running, though.  I believe that this information is controlled by the default domain policy; will it screw everything up if I delete it and remake it?
0
 

Author Comment

by:jtgraphic
ID: 18069477
Check that, doing the permissions did work.  There was also some stuff that got changed with the locations and the referencing of the scripts.  Thanks for the help!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Dentrix G4 1 89
Memory Leak in Windows 2012, Non-Paged pool 8.5GB 25 240
PowerShell one liner to pull server names 3 67
Windows server 2003 bootable iso 9 281
Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question