I have been struggling with this issue for a while now. I have 4 AD servers. One Windows 2003 server, which is the primary, and three Windows 2012 servers. The AD syncing seems to be fine between three of them. One of the Win2012's is not syncing at all, So I just usually leave the AD and its associated services as not running on this one box. This has been going on for quite a while so it's well past the tombstone period. This server is also a WSUS server and it can't communicate with any of its clients. This one problematic AD server is also a primary file server and has extensive permissions setup throughout all the shared file folders and subfolders. There are close to a million files on it. I eventually want to have this 2012 server has the primary since it has an SSD Raid 5 array and is a very fast machine.
My inclination is to try uninstalling AD and also perhaps unjoining and then rejoining this box to the domain. However I'm not sure if that will kill all the permissions I have setup on all those files and folders. Having to re-setup all those folder permissions would be a nightmare.
If I remove the AD server role from this machine and unjoin it and rejoin it to the domain, are the file permission going to be reset? Any other ideas?