Solved

Windows 2003 -- Active Directory "Group" report ?

Posted on 2014-12-10
2
112 Views
Last Modified: 2014-12-23
I plan to trash my entire Windows 2003 AD
and create a brand new Windows 2012 AD since
lots has changed and I want to only bring
over the needed items for the 100 users.

 1. Has anyone else trashed an entire DC and rebuilt it ?
 2. How can see something like the below on ONE report ?

--------------------------------------------------------------

GROUP_AC1_RW
  John Doe
  Jane Doe
  Barb Smith

GROUP_AC1_RO
  John Smith
  Jane Smith
  Barb Doe

etc .......
0
Comment
Question by:finance_teacher
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 250 total points
ID: 40492001
As a consultant, I have been involved with several "scrap and rebuild" projects. Unfortunately I am most often requested to get involved after the decision was made and action taken with unsatisfactory results. It bets escalated and people such as myself are asked to pick up the pieces.

While there are always exceptions and edge cases, I will say for a vast majority of situations, a flat rebuild is only managable for microbusiness sized networks. Think 5 users, one server, very few files, and no custom group policies or ACLs.

Anything larger and there are always undocumented gotchas that cause pain for users and ballooning costs; either for the business paying for the rebuild, or for the IT contractor who quoted a price and needs to honor to it, even as time spent skyrockets.

So for your questions:

1) yes. And never (and I do mean *never*) have I seen anybody happy with the process with a network the size you are talking about.

2) you'd want a good auditing tool for this. In this situation, given your network size, maybe spiceworks or rapidfiretools would be appropriate.
0
 
LVL 34

Assisted Solution

by:it_saige
it_saige earned 250 total points
ID: 40492182
To add to what Cliff has already stated.  In *most* cases where I have seen unsatisfactory results, it was because the user experience was not taken into account.  Granted, there are plenty of gotcha's like:
1.  Service-based relationships to AD accounts.
2.  File and share ACL's.

But the one that is most often overlooked are the user profile(s) on the local machine.

-saige-
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question