I was actually relieved to know that my domain problems were caused by a bad hard drive.  Even though it’s time-consuming, it was a halfway easy fix after hitting up some knowledge base goodness.

Since the DC’s hard drive was dead, I had to use ntdsutil to remove the dead computer and all of its metadata from Active Directory (the article I used is here).  While this was going on, I had a clean install of 2003 Server cranking out on a new disk.  Once it was ready, it joined to our domain with no difficulty.  The DC promo process went smoothly, and roughly 14.5 hours after the incident was reported, things were back to normal.

…and I didn’t have to crack open that bean and rice soup, either… although I might anyway.

Well as it turns out, before I could even get a chance to ghost the offending hard drive in our DC, the drive failed entirely.  I now have a smoking hot hard drive on the table.

So now begins the process of not only rebuilding a DC, but also “forcibly removing” the old DC from our domain.  Fortunately, I’ve got a big bowl of rice and bean soup, and 2 different kinds of hot sauce.

It’s gonna be a fun evening.

Last week before I went on a mini vacation, I set up a new user account for a staffer.  I issued them their username and password, got them connected to Exchange, and everything seemed to be just hunky-dorey.

This past Tuesday I got a call from my boss.  Apparently the user wasn’t able to receive email, although they could send it just fine.  I checked out the normal stuff… permissions, time sync across the servers, the usual.  Not knowing what to do yet, I went ahead and backed up the user’s Exchange data and deleted the mailbox with the intent of starting over.  After re-creating the mailbox, I was quite perplexed to find that I could no longer even connect to Exchange with this user’s account.

I’m not sure what let me do to it, but I remoted to both DCs to take a look at their AD structure side-by-side.  Imagine my surprise when I discovered that there were user accounts missing from our #2 DC.  A further look into the event logs shows that replication between the 2 DCs has been stopped due to a bad computer account.  Because of this, not only is Active Directory broken on this DC, but DNS services (which are relying on AD) are broken as well.  Digging further into the event log, I find that the system is getting hardware errors while attempting to write to the hard disk, which is what corrupted the computer account responsible for shutting down AD replication.

Fast-forward a little to Black Friday.  I don’t shop on Black Friday.  Ever.  However, I am looking over the hard disk that our 2nd DC runs off of.  A disk scan is turning up massive amounts of physical errors on this drive, and although I’d like to try ghosting the system onto a new disk, there’s a good chance that I am going to be building “ripping out” this system from the domain with a little help from the MS Knowledge Base.  It’s a little frustrating to be repairing this domain with a rebuild happening at the same time, but I don’t want to take any chances

We’ll see how this works out.

Series begins here.

I haven’t had much of a chance to work on the rebuild until this week; other things have popped up and taken precedence.  Thus, the new DC has been sitting idle in the corner of my office.

So far, things have been smooth, albeit a bit tedious.  I spent part of this week rebuilding and evaluating our current GPOs.  After a look at what some of them did, a few of them didn’t make the move.  Once the GPOs were rebuilt and adjusted accordingly, I applied them to their proper OUs.

The next task (and so far the worst) was recreating all of the user accounts and groups from our existing AD (for the first time since my hire, I’m glad we don’t have a larger staff).  I documented which users were assigned to what groups, and re-assigned them on the new domain.  Now this may be a bit overboard, but I assigned unique passwords to each user and service account that was recreated (I got my random passwords from SafePasswd.).  In addition, I took the time to enter every user’s contact information and staff info.  Was it necessary?  Probably not, but I’m a sucker for complete data, plus it’ll look good in the Exchange address book.

Now that the user base is rebuilt, it’s time to crank up another VM and install Exchange on it.  Once it’s installed and updated, I’ll be testing mailbox exporting/importing with ExMerge.  It will probably be next week (at the earliest) until this happens.

I didn’t have a whole lot of time to spend on the domain rebuild this week, but I did get it started as of Tuesday night.  Currently it’s in the form of a Server 2003 VM.  AD was installed, and the OU structure has been replicated from our existing domain.

I used the Group Policy Management Tool to make printouts of our active GPOs.  It would be nice if the tool also allowed you to print out a list of OUs that link to each object as well, but a little bit of handwriting never hurt anyone.  I also started a mind map of everything I can think of that will need to happen for this domain migration to go smoothly.

Next week I’ll concentrate on recreating the GPOs in the new domain, as well as moving over any login scripts.  I’m also going to continue mind mapping so I can get my mind around the magnitude of this project… I’m nowhere near done.

I’m just glad I’m not on a hard timeline.

One of the projects I’ve been wanting to take on over the past year has been a rename/rebuild of our domain.  We’re still carrying our old domain name around from our previous name and location.  This hasn’t been a high-priority matter, but I do want to get it done.

After some research on how to go about it properly, I feel like I’m ready to take this on.  There’s a lot to think about and plan for, though.  The fact that I’m now able to to testing and pre-production building in VMware is a HUGE benefit, and since I’m not really on a time limit, I’m going to be able to work without being under the gun.

I’ll be posting on this more as the project take shape more.

If you’re charged with the task of maintaining your organizations Active Directory, check out this article from Microsoft TechNet Magazine, “11 Essential Tools for Managing Active Directory.”  The article covers 11 free tools to make your administration job easier, and free is always good.