Solved

Windows 2003 -- Active Directory "Group" report ?

Posted on 2014-12-10
2
109 Views
Last Modified: 2014-12-23
I plan to trash my entire Windows 2003 AD
and create a brand new Windows 2012 AD since
lots has changed and I want to only bring
over the needed items for the 100 users.

 1. Has anyone else trashed an entire DC and rebuilt it ?
 2. How can see something like the below on ONE report ?

--------------------------------------------------------------

GROUP_AC1_RW
  John Doe
  Jane Doe
  Barb Smith

GROUP_AC1_RO
  John Smith
  Jane Smith
  Barb Doe

etc .......
0
Comment
Question by:finance_teacher
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 58

Accepted Solution

by:
Cliff Galiher earned 250 total points
ID: 40492001
As a consultant, I have been involved with several "scrap and rebuild" projects. Unfortunately I am most often requested to get involved after the decision was made and action taken with unsatisfactory results. It bets escalated and people such as myself are asked to pick up the pieces.

While there are always exceptions and edge cases, I will say for a vast majority of situations, a flat rebuild is only managable for microbusiness sized networks. Think 5 users, one server, very few files, and no custom group policies or ACLs.

Anything larger and there are always undocumented gotchas that cause pain for users and ballooning costs; either for the business paying for the rebuild, or for the IT contractor who quoted a price and needs to honor to it, even as time spent skyrockets.

So for your questions:

1) yes. And never (and I do mean *never*) have I seen anybody happy with the process with a network the size you are talking about.

2) you'd want a good auditing tool for this. In this situation, given your network size, maybe spiceworks or rapidfiretools would be appropriate.
0
 
LVL 33

Assisted Solution

by:it_saige
it_saige earned 250 total points
ID: 40492182
To add to what Cliff has already stated.  In *most* cases where I have seen unsatisfactory results, it was because the user experience was not taken into account.  Granted, there are plenty of gotcha's like:
1.  Service-based relationships to AD accounts.
2.  File and share ACL's.

But the one that is most often overlooked are the user profile(s) on the local machine.

-saige-
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question