Solved

Active Directory nightmare

Posted on 2008-06-26
4
201 Views
Last Modified: 2010-03-17
I am about to take a position as an AD architect and I am thinking the employer's AD is quite a mess. Could you share with me a time or two you had the same situation: you come upon a massive bevy of AD issues and what you did to resolve them? Humorous anecdots are encouraged! :)
TIA,
JohnD
0
Comment
Question by:johndarby
  • 2
4 Comments
 
LVL 8

Assisted Solution

by:DenverRick
DenverRick earned 150 total points
ID: 21877901
Twice in the last three years.  I'm a consultant.  Their AD's were in such shambles we simple started over.  Not as bad as it sounds if you have a little extra hardware layin' around.

You can automate a lot of things if you have a huge number of users.

But this will probably cause a whole lot less brain damage, frustration, screaming, yelling, swearing, drinking heavily, etc...
0
 
LVL 1

Author Comment

by:johndarby
ID: 21878040
Nice! I am hoping todiscover an AD which is salvageable...but who knows?
0
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 350 total points
ID: 21880050
oh man, you should see some of the DS structures i have come across

i have found multiple domains in the one site, for the same company, with workgroups thrown into the mix, individual workgroups/domains/idontknowwtftheywerethinking setups....across a hundred or so sites :)

I have seen entirely static environments as the previous "Admin" didnt know what DHCP was, DNS with the wrong zone names and nothing integrated, tcpip settings looking at nothing except ISP DNS and people living with logon times taking up to 30 mins

Data shared across hundreds of shares with no security

I could keep going for hours on this but you get my drift.

What i did from an architect and admin point of view, is to get a single server dedicated to rebuilding AD. Mapped out what i wanted to have as my environment, met with management to discuss from each different department, then divisional leaders etc etc. i then based an AD structure on that and had it approved. Beaty of this approach is, with a single server you an build your structure they way you want it, and start migrating the other domains into it, the whole time not affecting bussiness or causing down time, and cleaning up the entire time

Admittedly, there were moments when i wondered why i had even considered taking the job, the amount of crap that you will find will blow your mind, and changing people mind set often requires not only you understanding, but passing on some of that understanding to those that dont want to understand - that is one of the biggest challenges you will meet

We went from an absolute nightmare, to a network that is virtually 100% integrated, works like charm, is secured, is dynamic, is clean, and gives me absolutely no problems at all, efficiency, productivity, moral, all sky rocketed, IT went from being the worst performing to one of the best, internal and external satisfaction goes through the roof - and thats what you as an architect, have to acheive :)

I wrote this to help out in your situation
http://www.block.net.au/help/ad-architecture/
0
 
LVL 1

Author Comment

by:johndarby
ID: 21887979
Sweet! Thanks for your anecdotes, guys!
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question