Ye gods and little fishes.... What a c***** f***.
That's certainly one of the strangest stories I've heard in this industry in a while. My deepest sympathies for you, though I suspect your wallet won't be hurt out of all of this. It won't be, if there's any justice in this world. Kurt On Thu, Nov 17, 2016 at 1:55 PM, Webster <webs...@carlwebster.com> wrote: > Yep, they are in a "highly secure" industry with federal oversight. When I > proposed adding a 2008 R2 or 2012 R2 DC, it was quickly shot down by a list > of acronyms I had never heard of before. They said they have to get > security baselines for any server that is involved with authentication and > it took so long to get for Server 2008 SP2 that have no interest in going > thru it again. They were overjoyed when I told them 2008 SP2 was on > extended support for almost another 3 years. > > > > I doubt I could get permission to write this up as an article because > without screenshots, event log entries and dcdiag reports, it would be very > difficult to explain and show what all happened. I guess I could just > publish a series of black boxes connect by "a", "and", "the", "but", and > "or" and call it a day. <redacted> story about <redacted> when <redacted> > happened and <redacted> solved it. > > > > Thanks > > > > > > Webster > > > > *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *Andrew S. Baker > *Sent:* Thursday, November 17, 2016 3:32 PM > *To:* ntsysadm@lists.myitforum.com > *Subject:* Re: [NTSysADM] Update on the broken DFSR issue > > > > Too bad you can't write a book about this one. > > > > Regards, > > > > *ASB* > *http://XeeMe.com/AndrewBaker <http://xeeme.com/AndrewBaker>* > > *Providing Expert Technology Consulting Services for the SMB market…* > > > > * GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842 > > > > > > On Thu, Nov 17, 2016 2:16 PM, Webster webs...@carlwebster.com wrote: > > Boss man got on out GTM and explained the history of the issue. About a > year ago they moved from FSR to DFSR for SYSVOL. Sometime after that, an > admin who no longer works there, restored the main DC from a snapshot pre > DFSR migration and pre adprep for 2008 R2. So you had the main DC now > thought it was on schema 44 and the other thought it was on schema 47. One > thought it was using DFSR and one thought it was using FRS. That admin > attempted to trick the DCs thru a series or regedits and ADSIEdits. He then > went and restored a copy of the SYSVOL tree to a file share and then copied > and pasted that to both DCs. > > > > They have been operating in this screwed up, unreliable, non-steady state > for over a year now. Three months ago (I was originally told two) the new > admin comes in to all this fiasco and also tries to reverse the travesty > thru a bunch of regedits and adsiedits. Why no one thought or bothered to > get Microsoft support involved over a year ago is beyond me. I talked the > boss into us getting Microsoft support involved. My co-worker who got me > involved in this call is now getting an AD backup and will open a call with > MS. When he finishes up with MS support, I will let you know "the rest of > the story". > > > > Thanks > > > > > > Webster > > > >