Solved

Active Directory nightmare

Posted on 2008-06-26
4
215 Views
Last Modified: 2010-03-17
I am about to take a position as an AD architect and I am thinking the employer's AD is quite a mess. Could you share with me a time or two you had the same situation: you come upon a massive bevy of AD issues and what you did to resolve them? Humorous anecdots are encouraged! :)
TIA,
JohnD
0
Comment
Question by:johndarby
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 8

Assisted Solution

by:DenverRick
DenverRick earned 150 total points
ID: 21877901
Twice in the last three years.  I'm a consultant.  Their AD's were in such shambles we simple started over.  Not as bad as it sounds if you have a little extra hardware layin' around.

You can automate a lot of things if you have a huge number of users.

But this will probably cause a whole lot less brain damage, frustration, screaming, yelling, swearing, drinking heavily, etc...
0
 
LVL 1

Author Comment

by:johndarby
ID: 21878040
Nice! I am hoping todiscover an AD which is salvageable...but who knows?
0
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 350 total points
ID: 21880050
oh man, you should see some of the DS structures i have come across

i have found multiple domains in the one site, for the same company, with workgroups thrown into the mix, individual workgroups/domains/idontknowwtftheywerethinking setups....across a hundred or so sites :)

I have seen entirely static environments as the previous "Admin" didnt know what DHCP was, DNS with the wrong zone names and nothing integrated, tcpip settings looking at nothing except ISP DNS and people living with logon times taking up to 30 mins

Data shared across hundreds of shares with no security

I could keep going for hours on this but you get my drift.

What i did from an architect and admin point of view, is to get a single server dedicated to rebuilding AD. Mapped out what i wanted to have as my environment, met with management to discuss from each different department, then divisional leaders etc etc. i then based an AD structure on that and had it approved. Beaty of this approach is, with a single server you an build your structure they way you want it, and start migrating the other domains into it, the whole time not affecting bussiness or causing down time, and cleaning up the entire time

Admittedly, there were moments when i wondered why i had even considered taking the job, the amount of crap that you will find will blow your mind, and changing people mind set often requires not only you understanding, but passing on some of that understanding to those that dont want to understand - that is one of the biggest challenges you will meet

We went from an absolute nightmare, to a network that is virtually 100% integrated, works like charm, is secured, is dynamic, is clean, and gives me absolutely no problems at all, efficiency, productivity, moral, all sky rocketed, IT went from being the worst performing to one of the best, internal and external satisfaction goes through the roof - and thats what you as an architect, have to acheive :)

I wrote this to help out in your situation
http://www.block.net.au/help/ad-architecture/
0
 
LVL 1

Author Comment

by:johndarby
ID: 21887979
Sweet! Thanks for your anecdotes, guys!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question