Solved

Active Directory nightmare

Posted on 2008-06-26
4
179 Views
Last Modified: 2010-03-17
I am about to take a position as an AD architect and I am thinking the employer's AD is quite a mess. Could you share with me a time or two you had the same situation: you come upon a massive bevy of AD issues and what you did to resolve them? Humorous anecdots are encouraged! :)
TIA,
JohnD
0
Comment
Question by:johndarby
  • 2
4 Comments
 
LVL 8

Assisted Solution

by:DenverRick
DenverRick earned 150 total points
ID: 21877901
Twice in the last three years.  I'm a consultant.  Their AD's were in such shambles we simple started over.  Not as bad as it sounds if you have a little extra hardware layin' around.

You can automate a lot of things if you have a huge number of users.

But this will probably cause a whole lot less brain damage, frustration, screaming, yelling, swearing, drinking heavily, etc...
0
 
LVL 1

Author Comment

by:johndarby
ID: 21878040
Nice! I am hoping todiscover an AD which is salvageable...but who knows?
0
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 350 total points
ID: 21880050
oh man, you should see some of the DS structures i have come across

i have found multiple domains in the one site, for the same company, with workgroups thrown into the mix, individual workgroups/domains/idontknowwtftheywerethinking setups....across a hundred or so sites :)

I have seen entirely static environments as the previous "Admin" didnt know what DHCP was, DNS with the wrong zone names and nothing integrated, tcpip settings looking at nothing except ISP DNS and people living with logon times taking up to 30 mins

Data shared across hundreds of shares with no security

I could keep going for hours on this but you get my drift.

What i did from an architect and admin point of view, is to get a single server dedicated to rebuilding AD. Mapped out what i wanted to have as my environment, met with management to discuss from each different department, then divisional leaders etc etc. i then based an AD structure on that and had it approved. Beaty of this approach is, with a single server you an build your structure they way you want it, and start migrating the other domains into it, the whole time not affecting bussiness or causing down time, and cleaning up the entire time

Admittedly, there were moments when i wondered why i had even considered taking the job, the amount of crap that you will find will blow your mind, and changing people mind set often requires not only you understanding, but passing on some of that understanding to those that dont want to understand - that is one of the biggest challenges you will meet

We went from an absolute nightmare, to a network that is virtually 100% integrated, works like charm, is secured, is dynamic, is clean, and gives me absolutely no problems at all, efficiency, productivity, moral, all sky rocketed, IT went from being the worst performing to one of the best, internal and external satisfaction goes through the roof - and thats what you as an architect, have to acheive :)

I wrote this to help out in your situation
http://www.block.net.au/help/ad-architecture/
0
 
LVL 1

Author Comment

by:johndarby
ID: 21887979
Sweet! Thanks for your anecdotes, guys!
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now