RE: in-depth AD

[Brian Desmond]

That's on a 2xDual Core Xeon 5160 box w/ 28GB RAM and 4x1T SATA RAID10. Box is 
about 5 years old. I have a newer dual QC i7 box with 48GB that I haven't 
really started using yet due to lack of time.

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132

-Original Message-
From: Joseph L. Casale [mailto:jcas...@activenetwerx.com] 
Sent: Saturday, June 16, 2012 12:21 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

>I have most stuff at home - this is what the one ESX box looks like right now:

What specs do you run that long list on at home?

Thanks!
jlc
~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: in-depth AD

[Joseph L. Casale]

>I have most stuff at home – this is what the one ESX box looks like right now:

What specs do you run that long list on at home?

Thanks!
jlc
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: in-depth AD

[Brian Desmond]

I use this as well, or a NetApp ONTAP simulator. Windows Server 2012 has an 
in-box iSCSI target.

Thanks,
Brian Desmond
br...@briandesmond.com

w - 312.625.1438 | c   - 312.731.3132

From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Saturday, June 16, 2012 7:02 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

I have one VM, running the Starwind iSCSI target, as a small scale iSCSI NAS, 
and a QNAP SS-429 as another iSCSI target (with bulkier storage)

Cheers
Ken

From: Steven Peck [mailto:sep...@gmail.com]
Sent: Saturday, 16 June 2012 3:29 AM
To: NT System Admin Issues
Subject: Re: in-depth AD

I am setting up one of those for my storage.  I was thinking of getting one or 
two of the Shuttle SZ68r5 and i5 (maybe i7 but probably i5) and a 4 port NIC 
card to play with and connect to the backend via iSCSI. Easy enough to get a 
second when I can afford it and have more options.
On Fri, Jun 15, 2012 at 3:17 AM, Ken Schaefer 
mailto:k...@adopenstatic.com>> wrote:
To be honest, when HP N40L Microservers are $350 each, everyone should be able 
to afford a lab.

The HP specs say that they only take 8GB of RAM each, but you can run them at 
16GB of RAM. They have 4 built-in 3.5" drive bays, and space for 2 more drives.

They are really quiet and compact. And you can install a remote access card if 
you want (about $80)

I run 2 of these now: both with 16GB of RAM, 2 x 128GB SSD + 2 x 2TB drives, 
remote access cards, plus an additional add-in NIC. You can run a lot of VMs on 
that

Disclaimer: I work for HP.

Cheers
Ken



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: in-depth AD

[Ken Schaefer]

I have one VM, running the Starwind iSCSI target, as a small scale iSCSI
NAS, and a QNAP SS-429 as another iSCSI target (with bulkier storage)

 

Cheers

Ken

 

From: Steven Peck [mailto:sep...@gmail.com] 
Sent: Saturday, 16 June 2012 3:29 AM
To: NT System Admin Issues
Subject: Re: in-depth AD

 

I am setting up one of those for my storage.  I was thinking of getting one
or two of the Shuttle SZ68r5 and i5 (maybe i7 but probably i5) and a 4 port
NIC card to play with and connect to the backend via iSCSI. Easy enough to
get a second when I can afford it and have more options.

On Fri, Jun 15, 2012 at 3:17 AM, Ken Schaefer  wrote:

To be honest, when HP N40L Microservers are $350 each, everyone should be
able to afford a lab.

The HP specs say that they only take 8GB of RAM each, but you can run them
at 16GB of RAM. They have 4 built-in 3.5" drive bays, and space for 2 more
drives.

They are really quiet and compact. And you can install a remote access card
if you want (about $80)

I run 2 of these now: both with 16GB of RAM, 2 x 128GB SSD + 2 x 2TB drives,
remote access cards, plus an additional add-in NIC. You can run a lot of VMs
on that

Disclaimer: I work for HP.

Cheers
Ken

 


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Consulting (was Re: in-depth AD)

[Ken Schaefer]

I’d classify the below as standard migrations.

However there are some engagements that are very large scale – 10K+ users (at a 
minimum), that involve changing many pieces concurrently (e.g. a lot of 
companies went from NT -> Active Directory, and at the same time moved to XP, 
decommissioned Notes or Novell, implemented DFS etc). Or perhaps they have 
changing between outsourcers, and so replacing one set of tools with another 
set of tools.

A project of mine is outsourcing for most of the Singapore government (SOEasy 
if you want to Google it). Consolidating the IT of many ministries, boards, 
agencies onto a single platform across desktop, network, data centre, email, 
messaging, file/print, provisioning, ordering, billing etc – that’s a platform 
transformation.

You can’t even begin to architect that type of project with thinking about 
everything from how the base technology (e.g. Exchange or AD) is going to work, 
without also considering how it’s going to be operated/maintained, how the 
customer is going to order it/how they’re going to be billed for it. At the 
same time you’re designing the LAN and WAN, the desktop, the backup 
infrastructure, the storage infrastructure, the security policies etc: How do 
all those pieces fit together? How do you ensure you’re not building a bunch of 
isolated technology towers that don’t fit together once you’re ready to turn on 
the switch?

Cheers
Ken

From: David Lum [mailto:david@nwea.org]
Sent: Saturday, 16 June 2012 1:08 AM
To: NT System Admin Issues
Subject: RE: Consulting (was Re: in-depth AD)

I read it as a migration from one platform to another (E2K7 -> E2K10,  Server 
2003 -> Server 2008, etc), or changing infrastructure like going from in-house 
to cloud-based, etc.

From: Don Kuhlman 
[mailto:drkuhl...@yahoo.com]<mailto:[mailto:drkuhl...@yahoo.com]>
Sent: Friday, June 15, 2012 7:37 AM
To: NT System Admin Issues
Subject: Re: Consulting (was Re: in-depth AD)

Ok, so what's our definition of "platform transformation" in this context ?

Already did the google thing ;)



From: David Lum mailto:david@nwea.org>>
To: NT System Admin Issues 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Sent: Friday, June 15, 2012 9:29 AM
Subject: RE: Consulting (was Re: in-depth AD)

“If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.”

It helps to have shot yourself in the foot a time or two, hopefully in a test 
environment. On resumes it reads “Experience”. ☺

From: Ken Schaefer 
[mailto:k...@adopenstatic.com]<mailto:[mailto:k...@adopenstatic.com]>
Sent: Friday, June 15, 2012 3:31 AM
To: NT System Admin Issues
Subject: RE: Consulting (was Re: in-depth AD)

I think you need to consider what you want to do.

If you want to be an engineer/delivery, then you can’t be a “jack of all 
trades” unless you want to do SOHO/SMB consulting. In that space, there is 
limited complexity, and google is your friend. You want to do medium/enterprise 
size stuff, then you need to have some kind of speciality. Knowing a bit about 
everything else is also helpful.

If you want to be an architect or strategist, then breadth is very important: 
technology is just one domain – and even within that domain, knowing a bit 
about information/data, networks, infrastructure, software etc. can be 
immensely helpful.

If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.

Cheers
Ken

From: Don Kuhlman 
[mailto:drkuhl...@yahoo.com]<mailto:[mailto:drkuhl...@yahoo.com]>
Sent: Friday, 15 June 2012 4:00 AM
To: NT System Admin Issues
Subject: OT: Consulting (was Re: in-depth AD)

Hi folks.  First off, thanks to all of you - I truly appreciate your thoughts!

This all really helps and I think I see a pattern emerging.

I need to stop trying to become some kind of an "expert" at everything and pick 
something I know and am very confident in doing.  After that, spend quality 
time learning and honing those skills, then get involved in those communities, 
blog, network and get known, and then see how that works.

I tend to spend too much time reading and looking over bits of everything 
related to IT - virtualization, storage, backup, ad, windows, security, 
networks, monitoring, vpn, citrix, this year it's been Linux and MAC.  It makes 
for a good vocabulary, but not the best use of our finite amounts of time.  I 
want re-focus and use that limited time getting really good at one or two 
things.

Hopefully, once I do that, those referrals and work will start coming in and I 
can be like you all :)

Don K

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_fo

RE: in-depth AD

[David Lum]

We are at opposite ends on speaking - I'd love to do it, I just don't have 
enough expertise to share :).

From: Webster [mailto:webs...@carlwebster.com]
Sent: Friday, June 15, 2012 3:47 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Now that I am back home, here are the four most important things I picked up 
from the business conference:


1.   Protect your brand

2.   Focus on what you do best

3.   Learn personality styles and values

4.   Always grow and constantly challenge yourself

Protecting your brand goes beyond legal stuff and copyrights, trademarks, 
service marks and social media.  Protecting your brand also means protecting 
your name and your reputation.  One of the best ways to protect your name and 
reputation is to focus on what you do best.

Too many people in I.T. try to wear many hats at the same time.  It may be time 
in your career to narrow your focus and concentrate on the skills that are your 
strengths.  That also can mean finding people to handle stuff that keeps you 
away from billable work or family time/relaxation.  For example, bookkeeping, 
payroll, taxes, contracts, etc.  If I could only convince my wife that includes 
all the yard work! :)

If you try to handle every person according to your personality style, you will 
be a failure.  There is plenty of info out there on personality styles and 
traits.  Whether you do four, eight or 16 personality styles, learn them as 
they will help you work better with your colleagues, customers and family 
members.

If you aren't growing (learning) in your personal and professional lives, you 
are dying.  If you aren't constantly challenging yourself, you are a wimp.  My 
challenge for me this year was to get over my fear of public speaking.  While I 
may not be as polished as Brian Desmond, MBS, or Mark Minasi, I am working at 
it.  I have gone from speaking at zero conferences to speaking at five, so far, 
this year.  It is nerve wracking and the prep work is brutal but it is fun once 
I get past the first slide with content.

Now that I am catching up on my Twitter feed, I see that ASB has an excellent 
article out:

http://home.asbzone.com/ASB/archive/2012/06/14/so-you-want-to-be-a-technology-consultant.aspx

Thanks


Carl Webster
Consultant and Citrix Technology Professional
http://www.CarlWebster.com<http://www.carlwebster.com/>

From: Webster 
[mailto:webs...@carlwebster.com]<mailto:[mailto:webs...@carlwebster.com]>
Subject: Re: in-depth AD


I went to a business conference last November and the #1 thing i learned was to 
focus on what you do best.  I have handed off my accounting and taxes to a CPA. 
 If a customer requires a formal contract, SOW, project plan, etc. I hand that 
stuff off to a fellow CTP and i just do the work.  I also dropped doing 
anything with Exchange and SQL.  Stuff i dont want to do or dont have time to 
do i pass on to brian, mbs and asb.

I now have a very narrow focus doind xenapp, pvs, AD stuff related to the 
various types of virtualization and writing.  Even with my very narrow focus i 
am busier than i ever imagined.

When i need help on something i dont know i ask the experts in those areas.

Does that help?

Webster

Sent from my Verizon Wireless Phone

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: in-depth AD

[Steven Peck]

Well remember, if you can't laugh at yourself, you have us to do that for
you.

/joke.

To be honest, I went around last weekend and did some home inspection of
ceiling fans and other stuff myself in hopes to avoid the oportunity of
sending an email similiar to yours :)
Steven Peck
http://www.blkmtn.org


On Fri, Jun 15, 2012 at 4:02 PM, Webster  wrote:

>  LOL, good one.
>
> ** **
>
> Carl Webster
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com <http://www.carlwebster.com/>
>
> ** **
>
> *From:* Steven Peck [mailto:sep...@gmail.com]
> *Sent:* Friday, June 15, 2012 5:55 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: in-depth AD
>
>  ** **
>
> You forgot 
>
> 5. Electrician to fix ceiling fans
>
> On Fri, Jun 15, 2012 at 3:47 PM, Webster  wrote:*
> ***
>
> Now that I am back home, here are the four most important things I picked
> up from the business conference:
>
>  
>
> 1.   Protect your brand
>
> 2.   Focus on what you do best
>
> 3.   Learn personality styles and values
>
> 4.   Always grow and constantly challenge yourself
>
>  
>
> Protecting your brand goes beyond legal stuff and copyrights, trademarks,
> service marks and social media.  Protecting your brand also means
> protecting your name and your reputation.  One of the best ways to protect
> your name and reputation is to focus on what you do best.
>
>  
>
> Too many people in I.T. try to wear many hats at the same time.  It may be
> time in your career to narrow your focus and concentrate on the skills that
> are your strengths.  That also can mean finding people to handle stuff that
> keeps you away from billable work or family time/relaxation.  For example,
> bookkeeping, payroll, taxes, contracts, etc.  If I could only convince my
> wife that includes all the yard work! J
>
>  
>
> If you try to handle every person according to your personality style, you
> will be a failure.  There is plenty of info out there on personality styles
> and traits.  Whether you do four, eight or 16 personality styles, learn
> them as they will help you work better with your colleagues, customers and
> family members.
>
>  
>
> If you aren’t growing (learning) in your personal and professional lives,
> you are dying.  If you aren’t constantly challenging yourself, you are a
> wimp.  My challenge for me this year was to get over my fear of public
> speaking.  While I may not be as polished as Brian Desmond, MBS, or Mark
> Minasi, I am working at it.  I have gone from speaking at zero conferences
> to speaking at five, so far, this year.  It is nerve wracking and the prep
> work is brutal but it is fun once I get past the first slide with content.
> 
>
>  
>
> Now that I am catching up on my Twitter feed, I see that ASB has an
> excellent article out: 
>
>  
>
>
> http://home.asbzone.com/ASB/archive/2012/06/14/so-you-want-to-be-a-technology-consultant.aspx
> 
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: in-depth AD

[Webster]

LOL, good one.

Carl Webster
Consultant and Citrix Technology Professional
http://www.CarlWebster.com<http://www.carlwebster.com/>

From: Steven Peck [mailto:sep...@gmail.com]
Sent: Friday, June 15, 2012 5:55 PM
To: NT System Admin Issues
Subject: Re: in-depth AD

You forgot
5. Electrician to fix ceiling fans
On Fri, Jun 15, 2012 at 3:47 PM, Webster 
mailto:webs...@carlwebster.com>> wrote:
Now that I am back home, here are the four most important things I picked up 
from the business conference:


1.   Protect your brand

2.   Focus on what you do best

3.   Learn personality styles and values

4.   Always grow and constantly challenge yourself

Protecting your brand goes beyond legal stuff and copyrights, trademarks, 
service marks and social media.  Protecting your brand also means protecting 
your name and your reputation.  One of the best ways to protect your name and 
reputation is to focus on what you do best.

Too many people in I.T. try to wear many hats at the same time.  It may be time 
in your career to narrow your focus and concentrate on the skills that are your 
strengths.  That also can mean finding people to handle stuff that keeps you 
away from billable work or family time/relaxation.  For example, bookkeeping, 
payroll, taxes, contracts, etc.  If I could only convince my wife that includes 
all the yard work! :)

If you try to handle every person according to your personality style, you will 
be a failure.  There is plenty of info out there on personality styles and 
traits.  Whether you do four, eight or 16 personality styles, learn them as 
they will help you work better with your colleagues, customers and family 
members.

If you aren't growing (learning) in your personal and professional lives, you 
are dying.  If you aren't constantly challenging yourself, you are a wimp.  My 
challenge for me this year was to get over my fear of public speaking.  While I 
may not be as polished as Brian Desmond, MBS, or Mark Minasi, I am working at 
it.  I have gone from speaking at zero conferences to speaking at five, so far, 
this year.  It is nerve wracking and the prep work is brutal but it is fun once 
I get past the first slide with content.

Now that I am catching up on my Twitter feed, I see that ASB has an excellent 
article out:

http://home.asbzone.com/ASB/archive/2012/06/14/so-you-want-to-be-a-technology-consultant.aspx

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: in-depth AD

[Steven Peck]

You forgot
5. Electrician to fix ceiling fans

On Fri, Jun 15, 2012 at 3:47 PM, Webster  wrote:

>  Now that I am back home, here are the four most important things I
> picked up from the business conference:
>
> ** **
>
> **1.   **Protect your brand
>
> **2.   **Focus on what you do best
>
> **3.   **Learn personality styles and values
>
> **4.   **Always grow and constantly challenge yourself
>
> ** **
>
> Protecting your brand goes beyond legal stuff and copyrights, trademarks,
> service marks and social media.  Protecting your brand also means
> protecting your name and your reputation.  One of the best ways to protect
> your name and reputation is to focus on what you do best.
>
> ** **
>
> Too many people in I.T. try to wear many hats at the same time.  It may be
> time in your career to narrow your focus and concentrate on the skills that
> are your strengths.  That also can mean finding people to handle stuff that
> keeps you away from billable work or family time/relaxation.  For example,
> bookkeeping, payroll, taxes, contracts, etc.  If I could only convince my
> wife that includes all the yard work! J
>
> ** **
>
> If you try to handle every person according to your personality style, you
> will be a failure.  There is plenty of info out there on personality styles
> and traits.  Whether you do four, eight or 16 personality styles, learn
> them as they will help you work better with your colleagues, customers and
> family members.
>
> ** **
>
> If you aren’t growing (learning) in your personal and professional lives,
> you are dying.  If you aren’t constantly challenging yourself, you are a
> wimp.  My challenge for me this year was to get over my fear of public
> speaking.  While I may not be as polished as Brian Desmond, MBS, or Mark
> Minasi, I am working at it.  I have gone from speaking at zero conferences
> to speaking at five, so far, this year.  It is nerve wracking and the prep
> work is brutal but it is fun once I get past the first slide with content.
> 
>
> ** **
>
> Now that I am catching up on my Twitter feed, I see that ASB has an
> excellent article out: 
>
> ** **
>
>
> http://home.asbzone.com/ASB/archive/2012/06/14/so-you-want-to-be-a-technology-consultant.aspx
> 
>
> ** **
>
> Thanks
>
> ** **
>
> ** **
>
> Carl Webster****
>
> Consultant and Citrix Technology Professional
>
> http://www.CarlWebster.com <http://www.carlwebster.com/>
>
> ** **
>
> *From:* Webster [mailto:webs...@carlwebster.com]
> *Subject:* Re: in-depth AD
>
> ** **
>
> I went to a business conference last November and the #1 thing i learned was 
> to focus on what you do best.  I have handed off my accounting and taxes to a 
> CPA.  If a customer requires a formal contract, SOW, project plan, etc. I 
> hand that stuff off to a fellow CTP and i just do the work.  I also dropped 
> doing anything with Exchange and SQL.  Stuff i dont want to do or dont have 
> time to do i pass on to brian, mbs and asb.
>
> I now have a very narrow focus doind xenapp, pvs, AD stuff related to the 
> various types of virtualization and writing.  Even with my very narrow focus 
> i am busier than i ever imagined.
>
> When i need help on something i dont know i ask the experts in those areas.
>
> Does that help?
>
> Webster
>
> Sent from my Verizon Wireless Phone
>
>  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: in-depth AD

[Steven Peck]

I am setting up one of those for my storage.  I was thinking of getting one
or two of the Shuttle SZ68r5 and i5 (maybe i7 but probably i5) and a 4 port
NIC card to play with and connect to the backend via iSCSI. Easy enough to
get a second when I can afford it and have more options.

On Fri, Jun 15, 2012 at 3:17 AM, Ken Schaefer  wrote:

> To be honest, when HP N40L Microservers are $350 each, everyone should be
> able to afford a lab.
>
> The HP specs say that they only take 8GB of RAM each, but you can run them
> at 16GB of RAM. They have 4 built-in 3.5" drive bays, and space for 2 more
> drives.
>
> They are really quiet and compact. And you can install a remote access
> card if you want (about $80)
>
> I run 2 of these now: both with 16GB of RAM, 2 x 128GB SSD + 2 x 2TB
> drives, remote access cards, plus an additional add-in NIC. You can run a
> lot of VMs on that
>
> Disclaimer: I work for HP.
>
> Cheers
> Ken
>
> -Original Message-
> From: Ben Scott [mailto:mailvor...@gmail.com]
> Sent: Thursday, 14 June 2012 1:43 AM
> To: NT System Admin Issues
> Subject: Re: in-depth AD
>
> On Wed, Jun 13, 2012 at 9:24 AM, Daniel Chenault <
> dchena...@lgnetworksinc.com> wrote:
> > A lab.. nice. You have one? Wish I did. I lack the hardware to set one
> up.
>
>   Someone on one of these lists once remarked to that kind of
> situation: "Actually, you do have a test environment.  What you do not
> have is a production environment."
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <
> http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Consulting (was Re: in-depth AD)

[Webster]

I can’t count the number of times I installed Exchange 2003 or MetaFrame XP 
before doing it live.  I know I filled a yellow notepad full of notes on the 
precise order of steps to be taken and what updates broke stuff.  I also spent 
1 month in my lab and 3 months at the customer site labbing my first 5 AD 
Forest and 4 Exchange Org migration.  I am sure MBS pulled out a lot of his 
hair answering my thousands of questions.  Eight things in my “10 Things in 
AD…” presentation I hit in that migration (on the 1st migration which is why 
the next 4 went much smoother).


Carl Webster
Consultant and Citrix Technology Professional
http://www.CarlWebster.com<http://www.carlwebster.com/>

From: Michael B. Smith [mailto:mich...@smithcons.com]
Subject: RE: Consulting (was Re: in-depth AD)

“a time or two”?

I figured I installed Exchange 2010 in a lab at least 25 times before I ever 
did it in the “real world”.

From: Webster 
[mailto:webs...@carlwebster.com]<mailto:[mailto:webs...@carlwebster.com]>
Subject: RE: Consulting (was Re: in-depth AD)

“It helps to have shot yourself in the foot a time or two, hopefully in a test 
environment. On resumes it reads “Experience”.”

It also helps get material for presentations! ☺


Carl Webster
Consultant and Citrix Technology Professional
http://www.CarlWebster.com<http://www.carlwebster.com/>

From: David Lum [mailto:david@nwea.org]<mailto:[mailto:david@nwea.org]>
Subject: RE: Consulting (was Re: in-depth AD)

“If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.”

It helps to have shot yourself in the foot a time or two, hopefully in a test 
environment. On resumes it reads “Experience”. ☺

From: Ken Schaefer 
[mailto:k...@adopenstatic.com]<mailto:[mailto:k...@adopenstatic.com]>
Subject: RE: Consulting (was Re: in-depth AD)

I think you need to consider what you want to do.

If you want to be an engineer/delivery, then you can’t be a “jack of all 
trades” unless you want to do SOHO/SMB consulting. In that space, there is 
limited complexity, and google is your friend. You want to do medium/enterprise 
size stuff, then you need to have some kind of speciality. Knowing a bit about 
everything else is also helpful.

If you want to be an architect or strategist, then breadth is very important: 
technology is just one domain – and even within that domain, knowing a bit 
about information/data, networks, infrastructure, software etc. can be 
immensely helpful.

If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.

Cheers
Ken

From: Don Kuhlman 
[mailto:drkuhl...@yahoo.com]<mailto:[mailto:drkuhl...@yahoo.com]>
Subject: OT: Consulting (was Re: in-depth AD)

Hi folks.  First off, thanks to all of you - I truly appreciate your thoughts!

This all really helps and I think I see a pattern emerging.

I need to stop trying to become some kind of an "expert" at everything and pick 
something I know and am very confident in doing.  After that, spend quality 
time learning and honing those skills, then get involved in those communities, 
blog, network and get known, and then see how that works.

I tend to spend too much time reading and looking over bits of everything 
related to IT - virtualization, storage, backup, ad, windows, security, 
networks, monitoring, vpn, citrix, this year it's been Linux and MAC.  It makes 
for a good vocabulary, but not the best use of our finite amounts of time.  I 
want re-focus and use that limited time getting really good at one or two 
things.

Hopefully, once I do that, those referrals and work will start coming in and I 
can be like you all :)

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Consulting (was Re: in-depth AD)

[David Lum]

I did the SBS swing probably 10 times before client A got it and that many more 
again before client B got it. That doesn’t count the snapshotting like crazy 
along the way as well.

All those little nuances…

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Friday, June 15, 2012 8:19 AM
To: NT System Admin Issues
Subject: RE: Consulting (was Re: in-depth AD)

“a time or two”?

I figured I installed Exchange 2010 in a lab at least 25 times before I ever 
did it in the “real world”.

From: Webster 
[mailto:webs...@carlwebster.com]<mailto:[mailto:webs...@carlwebster.com]>
Sent: Friday, June 15, 2012 11:08 AM
To: NT System Admin Issues
Subject: RE: Consulting (was Re: in-depth AD)

“It helps to have shot yourself in the foot a time or two, hopefully in a test 
environment. On resumes it reads “Experience”.”

It also helps get material for presentations! ☺


Carl Webster
Consultant and Citrix Technology Professional
http://www.CarlWebster.com<http://www.carlwebster.com/>

From: David Lum [mailto:david@nwea.org]<mailto:[mailto:david@nwea.org]>
Subject: RE: Consulting (was Re: in-depth AD)

“If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.”

It helps to have shot yourself in the foot a time or two, hopefully in a test 
environment. On resumes it reads “Experience”. ☺

From: Ken Schaefer 
[mailto:k...@adopenstatic.com]<mailto:[mailto:k...@adopenstatic.com]>
Subject: RE: Consulting (was Re: in-depth AD)

I think you need to consider what you want to do.

If you want to be an engineer/delivery, then you can’t be a “jack of all 
trades” unless you want to do SOHO/SMB consulting. In that space, there is 
limited complexity, and google is your friend. You want to do medium/enterprise 
size stuff, then you need to have some kind of speciality. Knowing a bit about 
everything else is also helpful.

If you want to be an architect or strategist, then breadth is very important: 
technology is just one domain – and even within that domain, knowing a bit 
about information/data, networks, infrastructure, software etc. can be 
immensely helpful.

If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.

Cheers
Ken

From: Don Kuhlman 
[mailto:drkuhl...@yahoo.com]<mailto:[mailto:drkuhl...@yahoo.com]>
Subject: OT: Consulting (was Re: in-depth AD)

Hi folks.  First off, thanks to all of you - I truly appreciate your thoughts!

This all really helps and I think I see a pattern emerging.

I need to stop trying to become some kind of an "expert" at everything and pick 
something I know and am very confident in doing.  After that, spend quality 
time learning and honing those skills, then get involved in those communities, 
blog, network and get known, and then see how that works.

I tend to spend too much time reading and looking over bits of everything 
related to IT - virtualization, storage, backup, ad, windows, security, 
networks, monitoring, vpn, citrix, this year it's been Linux and MAC.  It makes 
for a good vocabulary, but not the best use of our finite amounts of time.  I 
want re-focus and use that limited time getting really good at one or two 
things.

Hopefully, once I do that, those referrals and work will start coming in and I 
can be like you all :)


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Consulting (was Re: in-depth AD)

[David Lum]

+ 1,000,000!   The one thing I had completely overlooked in my lab was 
E2K3->E2K10 and Outlook 2003 clients leveraging shared calendars (2 users out 
of 17, ugh). On the other hand I was then able to explain to said client “this 
is why it’s important to have everyone running the same version of various 
applications”.


From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Friday, June 15, 2012 8:21 AM
To: NT System Admin Issues
Subject: RE: Consulting (was Re: in-depth AD)

For one of my largest clients, it refers to any move from a major version to 
another major version…

WinXP -> Win7
Ex2003 -> Ex2010

As well as the examples you mentioned. As making these “skips a version” 
migrations typically requires upgrades to MOST if not ALL ancillary software 
(e.g., Microsoft Office, Internet Explorer, LOB apps, etc.).

From: David Lum [mailto:david@nwea.org]<mailto:[mailto:david@nwea.org]>
Sent: Friday, June 15, 2012 11:08 AM
To: NT System Admin Issues
Subject: RE: Consulting (was Re: in-depth AD)

I read it as a migration from one platform to another (E2K7 -> E2K10,  Server 
2003 -> Server 2008, etc), or changing infrastructure like going from in-house 
to cloud-based, etc.

From: Don Kuhlman 
[mailto:drkuhl...@yahoo.com]<mailto:[mailto:drkuhl...@yahoo.com]>
Sent: Friday, June 15, 2012 7:37 AM
To: NT System Admin Issues
Subject: Re: Consulting (was Re: in-depth AD)

Ok, so what's our definition of "platform transformation" in this context ?

Already did the google thing ;)



From: David Lum mailto:david@nwea.org>>
To: NT System Admin Issues 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Sent: Friday, June 15, 2012 9:29 AM
Subject: RE: Consulting (was Re: in-depth AD)

“If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.”

It helps to have shot yourself in the foot a time or two, hopefully in a test 
environment. On resumes it reads “Experience”. ☺

From: Ken Schaefer 
[mailto:k...@adopenstatic.com]<mailto:[mailto:k...@adopenstatic.com]>
Sent: Friday, June 15, 2012 3:31 AM
To: NT System Admin Issues
Subject: RE: Consulting (was Re: in-depth AD)

I think you need to consider what you want to do.

If you want to be an engineer/delivery, then you can’t be a “jack of all 
trades” unless you want to do SOHO/SMB consulting. In that space, there is 
limited complexity, and google is your friend. You want to do medium/enterprise 
size stuff, then you need to have some kind of speciality. Knowing a bit about 
everything else is also helpful.

If you want to be an architect or strategist, then breadth is very important: 
technology is just one domain – and even within that domain, knowing a bit 
about information/data, networks, infrastructure, software etc. can be 
immensely helpful.

If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.

Cheers
Ken

From: Don Kuhlman 
[mailto:drkuhl...@yahoo.com]<mailto:[mailto:drkuhl...@yahoo.com]>
Sent: Friday, 15 June 2012 4:00 AM
To: NT System Admin Issues
Subject: OT: Consulting (was Re: in-depth AD)

Hi folks.  First off, thanks to all of you - I truly appreciate your thoughts!

This all really helps and I think I see a pattern emerging.

I need to stop trying to become some kind of an "expert" at everything and pick 
something I know and am very confident in doing.  After that, spend quality 
time learning and honing those skills, then get involved in those communities, 
blog, network and get known, and then see how that works.

I tend to spend too much time reading and looking over bits of everything 
related to IT - virtualization, storage, backup, ad, windows, security, 
networks, monitoring, vpn, citrix, this year it's been Linux and MAC.  It makes 
for a good vocabulary, but not the best use of our finite amounts of time.  I 
want re-focus and use that limited time getting really good at one or two 
things.

Hopefully, once I do that, those referrals and work will start coming in and I 
can be like you all :)

Don K

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscrib

RE: Consulting (was Re: in-depth AD)

[Michael B. Smith]

For one of my largest clients, it refers to any move from a major version to 
another major version…

WinXP -> Win7
Ex2003 -> Ex2010

As well as the examples you mentioned. As making these “skips a version” 
migrations typically requires upgrades to MOST if not ALL ancillary software 
(e.g., Microsoft Office, Internet Explorer, LOB apps, etc.).

From: David Lum [mailto:david@nwea.org]
Sent: Friday, June 15, 2012 11:08 AM
To: NT System Admin Issues
Subject: RE: Consulting (was Re: in-depth AD)

I read it as a migration from one platform to another (E2K7 -> E2K10,  Server 
2003 -> Server 2008, etc), or changing infrastructure like going from in-house 
to cloud-based, etc.

From: Don Kuhlman 
[mailto:drkuhl...@yahoo.com]<mailto:[mailto:drkuhl...@yahoo.com]>
Sent: Friday, June 15, 2012 7:37 AM
To: NT System Admin Issues
Subject: Re: Consulting (was Re: in-depth AD)

Ok, so what's our definition of "platform transformation" in this context ?

Already did the google thing ;)



From: David Lum mailto:david@nwea.org>>
To: NT System Admin Issues 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Sent: Friday, June 15, 2012 9:29 AM
Subject: RE: Consulting (was Re: in-depth AD)

“If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.”

It helps to have shot yourself in the foot a time or two, hopefully in a test 
environment. On resumes it reads “Experience”. ☺

From: Ken Schaefer 
[mailto:k...@adopenstatic.com]<mailto:[mailto:k...@adopenstatic.com]>
Sent: Friday, June 15, 2012 3:31 AM
To: NT System Admin Issues
Subject: RE: Consulting (was Re: in-depth AD)

I think you need to consider what you want to do.

If you want to be an engineer/delivery, then you can’t be a “jack of all 
trades” unless you want to do SOHO/SMB consulting. In that space, there is 
limited complexity, and google is your friend. You want to do medium/enterprise 
size stuff, then you need to have some kind of speciality. Knowing a bit about 
everything else is also helpful.

If you want to be an architect or strategist, then breadth is very important: 
technology is just one domain – and even within that domain, knowing a bit 
about information/data, networks, infrastructure, software etc. can be 
immensely helpful.

If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.

Cheers
Ken

From: Don Kuhlman 
[mailto:drkuhl...@yahoo.com]<mailto:[mailto:drkuhl...@yahoo.com]>
Sent: Friday, 15 June 2012 4:00 AM
To: NT System Admin Issues
Subject: OT: Consulting (was Re: in-depth AD)

Hi folks.  First off, thanks to all of you - I truly appreciate your thoughts!

This all really helps and I think I see a pattern emerging.

I need to stop trying to become some kind of an "expert" at everything and pick 
something I know and am very confident in doing.  After that, spend quality 
time learning and honing those skills, then get involved in those communities, 
blog, network and get known, and then see how that works.

I tend to spend too much time reading and looking over bits of everything 
related to IT - virtualization, storage, backup, ad, windows, security, 
networks, monitoring, vpn, citrix, this year it's been Linux and MAC.  It makes 
for a good vocabulary, but not the best use of our finite amounts of time.  I 
want re-focus and use that limited time getting really good at one or two 
things.

Hopefully, once I do that, those referrals and work will start coming in and I 
can be like you all :)

Don K

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterp

RE: Consulting (was Re: in-depth AD)

[Michael B. Smith]

“a time or two”?

I figured I installed Exchange 2010 in a lab at least 25 times before I ever 
did it in the “real world”.

From: Webster [mailto:webs...@carlwebster.com]
Sent: Friday, June 15, 2012 11:08 AM
To: NT System Admin Issues
Subject: RE: Consulting (was Re: in-depth AD)

“It helps to have shot yourself in the foot a time or two, hopefully in a test 
environment. On resumes it reads “Experience”.”

It also helps get material for presentations! ☺


Carl Webster
Consultant and Citrix Technology Professional
http://www.CarlWebster.com<http://www.carlwebster.com/>

From: David Lum [mailto:david@nwea.org]<mailto:[mailto:david@nwea.org]>
Subject: RE: Consulting (was Re: in-depth AD)

“If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.”

It helps to have shot yourself in the foot a time or two, hopefully in a test 
environment. On resumes it reads “Experience”. ☺

From: Ken Schaefer 
[mailto:k...@adopenstatic.com]<mailto:[mailto:k...@adopenstatic.com]>
Subject: RE: Consulting (was Re: in-depth AD)

I think you need to consider what you want to do.

If you want to be an engineer/delivery, then you can’t be a “jack of all 
trades” unless you want to do SOHO/SMB consulting. In that space, there is 
limited complexity, and google is your friend. You want to do medium/enterprise 
size stuff, then you need to have some kind of speciality. Knowing a bit about 
everything else is also helpful.

If you want to be an architect or strategist, then breadth is very important: 
technology is just one domain – and even within that domain, knowing a bit 
about information/data, networks, infrastructure, software etc. can be 
immensely helpful.

If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.

Cheers
Ken

From: Don Kuhlman 
[mailto:drkuhl...@yahoo.com]<mailto:[mailto:drkuhl...@yahoo.com]>
Subject: OT: Consulting (was Re: in-depth AD)

Hi folks.  First off, thanks to all of you - I truly appreciate your thoughts!

This all really helps and I think I see a pattern emerging.

I need to stop trying to become some kind of an "expert" at everything and pick 
something I know and am very confident in doing.  After that, spend quality 
time learning and honing those skills, then get involved in those communities, 
blog, network and get known, and then see how that works.

I tend to spend too much time reading and looking over bits of everything 
related to IT - virtualization, storage, backup, ad, windows, security, 
networks, monitoring, vpn, citrix, this year it's been Linux and MAC.  It makes 
for a good vocabulary, but not the best use of our finite amounts of time.  I 
want re-focus and use that limited time getting really good at one or two 
things.

Hopefully, once I do that, those referrals and work will start coming in and I 
can be like you all :)


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Consulting (was Re: in-depth AD)

[Don Kuhlman]

Gotcha. Thanks Dave.





 From: David Lum 
To: NT System Admin Issues  
Sent: Friday, June 15, 2012 10:07 AM
Subject: RE: Consulting (was Re: in-depth AD)
 

I read it as a migration from one platform to another (E2K7 -> E2K10,  Server 
2003 -> Server 2008, etc), or changing infrastructure like going from in-house 
to cloud-based, etc.
 
From:Don Kuhlman [mailto:drkuhl...@yahoo.com] 
Sent: Friday, June 15, 2012 7:37 AM
To: NT System Admin Issues
Subject: Re: Consulting (was Re: in-depth AD)
 
Ok, so what's our definition of "platform transformation" in this context ?
 
Already did the google thing ;)
 
 



From:David Lum 
To: NT System Admin Issues  
Sent: Friday, June 15, 2012 9:29 AM
Subject: RE: Consulting (was Re: in-depth AD)
 
“If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.”
 
It helps to have shot yourself in the foot a time or two, hopefully in a test 
environment. On resumes it reads “Experience”. J
 
From:Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Friday, June 15, 2012 3:31 AM
To: NT System Admin Issues
Subject: RE: Consulting (was Re: in-depth AD)
 
I think you need to consider what you want to do.
 
If you want to be an engineer/delivery, then you can’t be a “jack of all 
trades” unless you want to do SOHO/SMB consulting. In that space, there is 
limited complexity, and google is your friend. You want to do medium/enterprise 
size stuff, then you need to have some kind of speciality. Knowing a bit about 
everything else is also helpful.
 
If you want to be an architect or strategist, then breadth is very important: 
technology is just one domain – and even within that domain, knowing a bit 
about information/data, networks, infrastructure, software etc. can be 
immensely helpful.
 
If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.
 
Cheers
Ken
 
From:Don Kuhlman [mailto:drkuhl...@yahoo.com] 
Sent: Friday, 15 June 2012 4:00 AM
To: NT System Admin Issues
Subject: OT: Consulting (was Re: in-depth AD)
 
Hi folks.  First off, thanks to all of you - I truly appreciate your thoughts!
 
This all really helps and I think I see a pattern emerging.
 
I need to stop trying to become some kind of an "expert" at everything and pick 
something I know and am very confident in doing.  After that, spend quality 
time learning and honing those skills, then get involved in those communities, 
blog, network and get known, and then see how that works.
 
I tend to spend too much time reading and looking over bits of everything 
related to IT - virtualization, storage, backup, ad, windows, security, 
networks, monitoring, vpn, citrix, this year it's been Linux and MAC.  It makes 
for a good vocabulary, but not the best use of our finite amounts of time.  I 
want re-focus and use that limited time getting really good at one or two 
things.
 
Hopefully, once I do that, those referrals and work will start coming in and I 
can be like you all :)
 
Don K
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Consulting (was Re: in-depth AD)

[Webster]

“It helps to have shot yourself in the foot a time or two, hopefully in a test 
environment. On resumes it reads “Experience”.”

It also helps get material for presentations! ☺


Carl Webster
Consultant and Citrix Technology Professional
http://www.CarlWebster.com<http://www.carlwebster.com/>

From: David Lum [mailto:david@nwea.org]
Subject: RE: Consulting (was Re: in-depth AD)

“If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.”

It helps to have shot yourself in the foot a time or two, hopefully in a test 
environment. On resumes it reads “Experience”. ☺

From: Ken Schaefer 
[mailto:k...@adopenstatic.com]<mailto:[mailto:k...@adopenstatic.com]>
Subject: RE: Consulting (was Re: in-depth AD)

I think you need to consider what you want to do.

If you want to be an engineer/delivery, then you can’t be a “jack of all 
trades” unless you want to do SOHO/SMB consulting. In that space, there is 
limited complexity, and google is your friend. You want to do medium/enterprise 
size stuff, then you need to have some kind of speciality. Knowing a bit about 
everything else is also helpful.

If you want to be an architect or strategist, then breadth is very important: 
technology is just one domain – and even within that domain, knowing a bit 
about information/data, networks, infrastructure, software etc. can be 
immensely helpful.

If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.

Cheers
Ken

From: Don Kuhlman 
[mailto:drkuhl...@yahoo.com]<mailto:[mailto:drkuhl...@yahoo.com]>
Subject: OT: Consulting (was Re: in-depth AD)

Hi folks.  First off, thanks to all of you - I truly appreciate your thoughts!

This all really helps and I think I see a pattern emerging.

I need to stop trying to become some kind of an "expert" at everything and pick 
something I know and am very confident in doing.  After that, spend quality 
time learning and honing those skills, then get involved in those communities, 
blog, network and get known, and then see how that works.

I tend to spend too much time reading and looking over bits of everything 
related to IT - virtualization, storage, backup, ad, windows, security, 
networks, monitoring, vpn, citrix, this year it's been Linux and MAC.  It makes 
for a good vocabulary, but not the best use of our finite amounts of time.  I 
want re-focus and use that limited time getting really good at one or two 
things.

Hopefully, once I do that, those referrals and work will start coming in and I 
can be like you all :)


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Consulting (was Re: in-depth AD)

[David Lum]

I read it as a migration from one platform to another (E2K7 -> E2K10,  Server 
2003 -> Server 2008, etc), or changing infrastructure like going from in-house 
to cloud-based, etc.

From: Don Kuhlman [mailto:drkuhl...@yahoo.com]
Sent: Friday, June 15, 2012 7:37 AM
To: NT System Admin Issues
Subject: Re: Consulting (was Re: in-depth AD)

Ok, so what's our definition of "platform transformation" in this context ?

Already did the google thing ;)



From: David Lum mailto:david@nwea.org>>
To: NT System Admin Issues 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Sent: Friday, June 15, 2012 9:29 AM
Subject: RE: Consulting (was Re: in-depth AD)

“If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.”

It helps to have shot yourself in the foot a time or two, hopefully in a test 
environment. On resumes it reads “Experience”. ☺

From: Ken Schaefer 
[mailto:k...@adopenstatic.com]<mailto:[mailto:k...@adopenstatic.com]>
Sent: Friday, June 15, 2012 3:31 AM
To: NT System Admin Issues
Subject: RE: Consulting (was Re: in-depth AD)

I think you need to consider what you want to do.

If you want to be an engineer/delivery, then you can’t be a “jack of all 
trades” unless you want to do SOHO/SMB consulting. In that space, there is 
limited complexity, and google is your friend. You want to do medium/enterprise 
size stuff, then you need to have some kind of speciality. Knowing a bit about 
everything else is also helpful.

If you want to be an architect or strategist, then breadth is very important: 
technology is just one domain – and even within that domain, knowing a bit 
about information/data, networks, infrastructure, software etc. can be 
immensely helpful.

If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.

Cheers
Ken

From: Don Kuhlman 
[mailto:drkuhl...@yahoo.com]<mailto:[mailto:drkuhl...@yahoo.com]>
Sent: Friday, 15 June 2012 4:00 AM
To: NT System Admin Issues
Subject: OT: Consulting (was Re: in-depth AD)

Hi folks.  First off, thanks to all of you - I truly appreciate your thoughts!

This all really helps and I think I see a pattern emerging.

I need to stop trying to become some kind of an "expert" at everything and pick 
something I know and am very confident in doing.  After that, spend quality 
time learning and honing those skills, then get involved in those communities, 
blog, network and get known, and then see how that works.

I tend to spend too much time reading and looking over bits of everything 
related to IT - virtualization, storage, backup, ad, windows, security, 
networks, monitoring, vpn, citrix, this year it's been Linux and MAC.  It makes 
for a good vocabulary, but not the best use of our finite amounts of time.  I 
want re-focus and use that limited time getting really good at one or two 
things.

Hopefully, once I do that, those referrals and work will start coming in and I 
can be like you all :)

Don K

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: in-depth AD

[John Cook]

Same with the Dell T100s, dirt cheap way to spin up a VM host. Just make sure 
it has a Xeon proc for all the VM bells and whistles.
John W. Cook
Network Operations Manager
Partnership for Strong Families

- Original Message -
From: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
Sent: Friday, June 15, 2012 10:31 AM
To: NT System Admin Issues 
Subject: Re: in-depth AD

Ken,
How do you find the proc on those things, I assumed it was far to
under sized for exchange and ad etc. Also, what's the KVM usability
like on the rac?

Thanks!
jlc

On Jun 15, 2012, at 4:19 AM, "Ken Schaefer" 
wrote:

> To be honest, when HP N40L Microservers are $350 each, everyone
> should be able to afford a lab.
>
> The HP specs say that they only take 8GB of RAM each, but you can
> run them at 16GB of RAM. They have 4 built-in 3.5" drive bays, and
> space for 2 more drives.
>
> They are really quiet and compact. And you can install a remote
> access card if you want (about $80)
>
> I run 2 of these now: both with 16GB of RAM, 2 x 128GB SSD + 2 x 2TB
> drives, remote access cards, plus an additional add-in NIC. You can
> run a lot of VMs on that
>
> Disclaimer: I work for HP.
>
> Cheers
> Ken
>
> -Original Message-
> From: Ben Scott [mailto:mailvor...@gmail.com]
> Sent: Thursday, 14 June 2012 1:43 AM
> To: NT System Admin Issues
> Subject: Re: in-depth AD
>
> On Wed, Jun 13, 2012 at 9:24 AM, Daniel Chenault  > wrote:
>> A lab.. nice. You have one? Wish I did. I lack the hardware to set
>> one up.
>
>  Someone on one of these lists once remarked to that kind of
> situation: "Actually, you do have a test environment.  What you do
> not have is a production environment."
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
 Consider the environment. Please don't print this e-mail unless you really 
need to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Consulting (was Re: in-depth AD)

[Don Kuhlman]

Ok, so what's our definition of "platform transformation" in this context ?

Already did the google thing ;)




 From: David Lum 
To: NT System Admin Issues  
Sent: Friday, June 15, 2012 9:29 AM
Subject: RE: Consulting (was Re: in-depth AD)
 

“If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.”
 
It helps to have shot yourself in the foot a time or two, hopefully in a test 
environment. On resumes it reads “Experience”. J
 
From:Ken Schaefer [mailto:k...@adopenstatic.com] 
Sent: Friday, June 15, 2012 3:31 AM
To: NT System Admin Issues
Subject: RE: Consulting (was Re: in-depth AD)
 
I think you need to consider what you want to do.
 
If you want to be an engineer/delivery, then you can’t be a “jack of all 
trades” unless you want to do SOHO/SMB consulting. In that space, there is 
limited complexity, and google is your friend. You want to do medium/enterprise 
size stuff, then you need to have some kind of speciality. Knowing a bit about 
everything else is also helpful.
 
If you want to be an architect or strategist, then breadth is very important: 
technology is just one domain – and even within that domain, knowing a bit 
about information/data, networks, infrastructure, software etc. can be 
immensely helpful.
 
If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.
 
Cheers
Ken
 
From:Don Kuhlman [mailto:drkuhl...@yahoo.com] 
Sent: Friday, 15 June 2012 4:00 AM
To: NT System Admin Issues
Subject: OT: Consulting (was Re: in-depth AD)
 
Hi folks.  First off, thanks to all of you - I truly appreciate your thoughts!
 
This all really helps and I think I see a pattern emerging.
 
I need to stop trying to become some kind of an "expert" at everything and pick 
something I know and am very confident in doing.  After that, spend quality 
time learning and honing those skills, then get involved in those communities, 
blog, network and get known, and then see how that works.
 
I tend to spend too much time reading and looking over bits of everything 
related to IT - virtualization, storage, backup, ad, windows, security, 
networks, monitoring, vpn, citrix, this year it's been Linux and MAC.  It makes 
for a good vocabulary, but not the best use of our finite amounts of time.  I 
want re-focus and use that limited time getting really good at one or two 
things.
 
Hopefully, once I do that, those referrals and work will start coming in and I 
can be like you all :)
 
Don K
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: in-depth AD

[Joseph L. Casale]

Ken,
How do you find the proc on those things, I assumed it was far to  
under sized for exchange and ad etc. Also, what's the KVM usability  
like on the rac?

Thanks!
jlc

On Jun 15, 2012, at 4:19 AM, "Ken Schaefer"   
wrote:

> To be honest, when HP N40L Microservers are $350 each, everyone  
> should be able to afford a lab.
>
> The HP specs say that they only take 8GB of RAM each, but you can  
> run them at 16GB of RAM. They have 4 built-in 3.5" drive bays, and  
> space for 2 more drives.
>
> They are really quiet and compact. And you can install a remote  
> access card if you want (about $80)
>
> I run 2 of these now: both with 16GB of RAM, 2 x 128GB SSD + 2 x 2TB  
> drives, remote access cards, plus an additional add-in NIC. You can  
> run a lot of VMs on that
>
> Disclaimer: I work for HP.
>
> Cheers
> Ken
>
> -Original Message-
> From: Ben Scott [mailto:mailvor...@gmail.com]
> Sent: Thursday, 14 June 2012 1:43 AM
> To: NT System Admin Issues
> Subject: Re: in-depth AD
>
> On Wed, Jun 13, 2012 at 9:24 AM, Daniel Chenault  > wrote:
>> A lab.. nice. You have one? Wish I did. I lack the hardware to set  
>> one up.
>
>  Someone on one of these lists once remarked to that kind of
> situation: "Actually, you do have a test environment.  What you do  
> not have is a production environment."
>
> -- Ben
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~  
> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Consulting (was Re: in-depth AD)

[David Lum]

“If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.”

It helps to have shot yourself in the foot a time or two, hopefully in a test 
environment. On resumes it reads “Experience”. ☺

From: Ken Schaefer [mailto:k...@adopenstatic.com]
Sent: Friday, June 15, 2012 3:31 AM
To: NT System Admin Issues
Subject: RE: Consulting (was Re: in-depth AD)

I think you need to consider what you want to do.

If you want to be an engineer/delivery, then you can’t be a “jack of all 
trades” unless you want to do SOHO/SMB consulting. In that space, there is 
limited complexity, and google is your friend. You want to do medium/enterprise 
size stuff, then you need to have some kind of speciality. Knowing a bit about 
everything else is also helpful.

If you want to be an architect or strategist, then breadth is very important: 
technology is just one domain – and even within that domain, knowing a bit 
about information/data, networks, infrastructure, software etc. can be 
immensely helpful.

If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.

Cheers
Ken

From: Don Kuhlman 
[mailto:drkuhl...@yahoo.com]<mailto:[mailto:drkuhl...@yahoo.com]>
Sent: Friday, 15 June 2012 4:00 AM
To: NT System Admin Issues
Subject: OT: Consulting (was Re: in-depth AD)

Hi folks.  First off, thanks to all of you - I truly appreciate your thoughts!

This all really helps and I think I see a pattern emerging.

I need to stop trying to become some kind of an "expert" at everything and pick 
something I know and am very confident in doing.  After that, spend quality 
time learning and honing those skills, then get involved in those communities, 
blog, network and get known, and then see how that works.

I tend to spend too much time reading and looking over bits of everything 
related to IT - virtualization, storage, backup, ad, windows, security, 
networks, monitoring, vpn, citrix, this year it's been Linux and MAC.  It makes 
for a good vocabulary, but not the best use of our finite amounts of time.  I 
want re-focus and use that limited time getting really good at one or two 
things.

Hopefully, once I do that, those referrals and work will start coming in and I 
can be like you all :)

Don K


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Consulting (was Re: in-depth AD)

[Don Kuhlman]

Good perspective Ken.

You covered several points and painted an accurate picture.  I've worked in 
some of those roles in some form or another in the past.  It does boil down to 
making that decision as to what you want to do and then working on learning the 
skill sets for that choice.

Thanks

Don K




 From: Ken Schaefer 
To: NT System Admin Issues  
Sent: Friday, June 15, 2012 5:30 AM
Subject: RE: Consulting (was Re: in-depth AD)
 

 
I think you need to consider what you want to do.
 
If you want to be an engineer/delivery, then you can’t be a “jack of all 
trades” unless you want to do SOHO/SMB consulting. In that space, there is 
limited complexity, and google is your friend. You want to do medium/enterprise 
size stuff, then you need to have some kind of speciality. Knowing a bit about 
everything else is also helpful.
 
If you want to be an architect or strategist, then breadth is very important: 
technology is just one domain – and even within that domain, knowing a bit 
about information/data, networks, infrastructure, software etc. can be 
immensely helpful.
 
If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.
 
Cheers
Ken
 
From:Don Kuhlman [mailto:drkuhl...@yahoo.com] 
Sent: Friday, 15 June 2012 4:00 AM
To: NT System Admin Issues
Subject: OT: Consulting (was Re: in-depth AD)
 
Hi folks.  First off, thanks to all of you - I truly appreciate your thoughts!
 
This all really helps and I think I see a pattern emerging.
 
I need to stop trying to become some kind of an "expert" at everything and pick 
something I know and am very confident in doing.  After that, spend quality 
time learning and honing those skills, then get involved in those communities, 
blog, network and get known, and then see how that works.
 
I tend to spend too much time reading and looking over bits of everything 
related to IT - virtualization, storage, backup, ad, windows, security, 
networks, monitoring, vpn, citrix, this year it's been Linux and MAC.  It makes 
for a good vocabulary, but not the best use of our finite amounts of time.  I 
want re-focus and use that limited time getting really good at one or two 
things.
 
Hopefully, once I do that, those referrals and work will start coming in and I 
can be like you all :)
 
Don K
 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Consulting (was Re: in-depth AD)

[Ken Schaefer]

I think you need to consider what you want to do.

If you want to be an engineer/delivery, then you can’t be a “jack of all 
trades” unless you want to do SOHO/SMB consulting. In that space, there is 
limited complexity, and google is your friend. You want to do medium/enterprise 
size stuff, then you need to have some kind of speciality. Knowing a bit about 
everything else is also helpful.

If you want to be an architect or strategist, then breadth is very important: 
technology is just one domain – and even within that domain, knowing a bit 
about information/data, networks, infrastructure, software etc. can be 
immensely helpful.

If you want to do platform transformation, then you need to know a bit about 
everything – there’s no way to get away from that.

Cheers
Ken

From: Don Kuhlman [mailto:drkuhl...@yahoo.com]
Sent: Friday, 15 June 2012 4:00 AM
To: NT System Admin Issues
Subject: OT: Consulting (was Re: in-depth AD)

Hi folks.  First off, thanks to all of you - I truly appreciate your thoughts!

This all really helps and I think I see a pattern emerging.

I need to stop trying to become some kind of an "expert" at everything and pick 
something I know and am very confident in doing.  After that, spend quality 
time learning and honing those skills, then get involved in those communities, 
blog, network and get known, and then see how that works.

I tend to spend too much time reading and looking over bits of everything 
related to IT - virtualization, storage, backup, ad, windows, security, 
networks, monitoring, vpn, citrix, this year it's been Linux and MAC.  It makes 
for a good vocabulary, but not the best use of our finite amounts of time.  I 
want re-focus and use that limited time getting really good at one or two 
things.

Hopefully, once I do that, those referrals and work will start coming in and I 
can be like you all :)

Don K


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: in-depth AD

[Ken Schaefer]

To be honest, when HP N40L Microservers are $350 each, everyone should be able 
to afford a lab.

The HP specs say that they only take 8GB of RAM each, but you can run them at 
16GB of RAM. They have 4 built-in 3.5" drive bays, and space for 2 more drives.

They are really quiet and compact. And you can install a remote access card if 
you want (about $80)

I run 2 of these now: both with 16GB of RAM, 2 x 128GB SSD + 2 x 2TB drives, 
remote access cards, plus an additional add-in NIC. You can run a lot of VMs on 
that

Disclaimer: I work for HP.

Cheers
Ken

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Thursday, 14 June 2012 1:43 AM
To: NT System Admin Issues
Subject: Re: in-depth AD

On Wed, Jun 13, 2012 at 9:24 AM, Daniel Chenault  
wrote:
> A lab.. nice. You have one? Wish I did. I lack the hardware to set one up.

  Someone on one of these lists once remarked to that kind of
situation: "Actually, you do have a test environment.  What you do not have is 
a production environment."

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: OT: Consulting (was Re: in-depth AD)

[Rankin, James R]

I used to try to learn everything about as much as possible - I was deep into 
System Center, SQL, ISA, WSUS, WebSense, AV, OCS, as much as I could get. But 
you can't learn that much, its a fact. Becoming an expert at one part of the 
puzzle is much better than trying to put it all together yourself. I wish I'd 
heeded this advice years ago.

Plus if you are part of a big deployment, I can guarantee they want to employ 
the best possible guys for each area rather than a generalist who can do bits 
of each.

---Blackberried

-Original Message-
From: Don Kuhlman 
Date: Thu, 14 Jun 2012 10:59:48 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: OT: Consulting (was Re: in-depth AD)

Hi folks.  First off, thanks to all of you - I truly appreciate your thoughts!

This all really helps and I think I see a pattern emerging.

I need to stop trying to become some kind of an "expert" at everything and pick 
something I know and am very confident in doing.  After that, spend quality 
time learning and honing those skills, then get involved in those communities, 
blog, network and get known, and then see how that works.

I tend to spend too much time reading and looking over bits of everything 
related to IT - virtualization, storage, backup, ad, windows, security, 
networks, monitoring, vpn, citrix, this year it's been Linux and MAC.  It makes 
for a good vocabulary, but not the best use of our finite amounts of time.  I 
want re-focus and use that limited time getting really good at one or two 
things.

Hopefully, once I do that, those referrals and work will start coming in and I 
can be like you all :)

Don K




 From: Webster 
To: NT System Admin Issues  
Sent: Thursday, June 14, 2012 12:14 PM
Subject: Re: in-depth AD
 

I went to a business conference last November and the #1 thing i learned was to 
focus on what you do best.  I have handed off my accounting and taxes to a 
CPA.  If a customer requires a formal contract, SOW, project plan, etc. I hand 
that stuff off to a fellow CTP and i just do the work.  I also dropped doing 
anything with Exchange and SQL.  Stuff i dont want to do or dont have time to 
do i pass on to brian, mbs and asb.

I now have a very narrow focus doind xenapp, pvs, AD stuff related to the 
various types of virtualization and writing.  Even with my very narrow focus i 
am busier than i ever imagined.

When i need help on something i dont know i ask the experts in those areas.

Does that help?

Webster

Sent from my Verizon Wireless Phone
Don Kuhlman wrote: 
So, for the folks who do their own thing - I gotta ask -

Do you strive to make your skills their very best at one or two specific 
products or services - like Carl with Citrix and MBS with Exchange/AD stuff?

If so, then would you call in others for their strengths as needed - eg a 
Storage/San specialist if you're building out a new or upgraded infrastructure 
for a client?  Or do you just wing it and use a base setup to get the 
infrastructure or other pieces going?

Does this even make sense?

Don K







 From: David Lum 
To: NT System Admin Issues  
Sent: Thursday, June 14, 2012 9:59 AM
Subject: RE: in-depth AD


 
I do the hybrid thing myself. %dayjob% that has great benefits and covers 
health insurance and provides ~80% of my income (and 90%+ of my working time) 
and of course the corresponding lack of freedom, and then there’s %ownbiz% that 
is the rest but I largely get full freedom on what gets implemented or not.
 
Test environment is covered by MS Action Pack and a $900 Hyper-V server of my 
own purchase J
 
Dave
 
From:Daniel Chenault [mailto:dchena...@lgnetworksinc.com] 
Sent: Wednesday, June 13, 2012 2:22 PM
To: NT System Admin Issues
Subject: RE: in-depth AD
 
Meh… I was doing all that and working on it then made the choice to have a 
life. Not saying you don’t have one but that, for me, I was spending my every 
waking moment working in one way or another. Just wasn’t worth it for me.
 
Daniel Chenault
dchena...@lgnetworksinc.com
 
From:Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Wednesday, June 13, 2012 4:04 PM
To: NT System Admin Issues
Subject: RE: in-depth AD
 
Articles, blogs, and other community involvement is the key, in my opinion. I’m 
very active on eight mailing lists, my blog gets, well, a LOT of hits, and I 
write the occasional magazine article. And speak at a conference or two a year.
 
From:Rankin, James R [mailto:kz2...@googlemail.com] 
Sent: Wednesday, June 13, 2012 4:21 PM
To: NT System Admin Issues
Subject: Re: in-depth AD
 
I love working for myself - marketing yourself is straightforward enough if you 
write articles and keep up to date with technical developments. I pay someone 
to do all the financial crap. Its great to not worry about day to day systems 
admin (except on my own lab, which is currently a mess) :-o
---Blackberried

___

Re: in-depth AD

[Rankin, James R]

I try to concentrate on my best areas but I've got a good grounding in server 
OS, AD and various other bits that helps me out a lot. But you've got to stay 
on top of new developments. As ASB says, if something new comes along that 
makes your core areas obsolete, you need to get up to speed with the new stuff 
pretty quickly.

Community involvement is key, as MBS pointed out. I wish I'd started getting 
involved years ago - it has opened up a lot of doors for me.

---Blackberried

-Original Message-
From: Don Kuhlman 
Date: Thu, 14 Jun 2012 08:37:27 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: Re: in-depth AD

So, for the folks who do their own thing - I gotta ask -

Do you strive to make your skills their very best at one or two specific 
products or services - like Carl with Citrix and MBS with Exchange/AD stuff?

If so, then would you call in others for their strengths as needed - eg a 
Storage/San specialist if you're building out a new or upgraded infrastructure 
for a client?  Or do you just wing it and use a base setup to get the 
infrastructure or other pieces going?

Does this even make sense?

Don K







 From: David Lum 
To: NT System Admin Issues  
Sent: Thursday, June 14, 2012 9:59 AM
Subject: RE: in-depth AD
 

I do the hybrid thing myself. %dayjob% that has great benefits and covers 
health insurance and provides ~80% of my income (and 90%+ of my working time) 
and of course the corresponding lack of freedom, and then there’s %ownbiz% that 
is the rest but I largely get full freedom on what gets implemented or not.
 
Test environment is covered by MS Action Pack and a $900 Hyper-V server of my 
own purchase J
 
Dave
 
From:Daniel Chenault [mailto:dchena...@lgnetworksinc.com] 
Sent: Wednesday, June 13, 2012 2:22 PM
To: NT System Admin Issues
Subject: RE: in-depth AD
 
Meh… I was doing all that and working on it then made the choice to have a 
life. Not saying you don’t have one but that, for me, I was spending my every 
waking moment working in one way or another. Just wasn’t worth it for me.
 
Daniel Chenault
dchena...@lgnetworksinc.com
 
From:Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Wednesday, June 13, 2012 4:04 PM
To: NT System Admin Issues
Subject: RE: in-depth AD
 
Articles, blogs, and other community involvement is the key, in my opinion. I’m 
very active on eight mailing lists, my blog gets, well, a LOT of hits, and I 
write the occasional magazine article. And speak at a conference or two a year.
 
From:Rankin, James R [mailto:kz2...@googlemail.com] 
Sent: Wednesday, June 13, 2012 4:21 PM
To: NT System Admin Issues
Subject: Re: in-depth AD
 
I love working for myself - marketing yourself is straightforward enough if you 
write articles and keep up to date with technical developments. I pay someone 
to do all the financial crap. Its great to not worry about day to day systems 
admin (except on my own lab, which is currently a mess) :-o
---Blackberried



From: Daniel Chenault  
Date: Wed, 13 Jun 2012 18:45:44 +
To: NT System Admin Issues
ReplyTo: "NT System Admin Issues" 
Subject: RE: in-depth AD
 
I did the independent thing for years; chewed me up and spit me out. I 
completely suck at sales and could never get enough business going to be able 
to farm that part of it out. Then there’s accounting, marketing, etc.
 
Daniel Chenault
dchena...@lgnetworksinc.com
 
From:Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Wednesday, June 13, 2012 1:05 PM
To: NT System Admin Issues
Subject: RE: in-depth AD
 
Those kinds of things are why I went independent. And I’ve never been happier. 
I think Webster would say the same thing. J
 
From:Daniel Chenault [mailto:dchena...@lgnetworksinc.com] 
Sent: Wednesday, June 13, 2012 1:58 PM
To: NT System Admin Issues
Subject: RE: in-depth AD
 
Meh… we provide Managed IT services to other companies.
 
I’ve been over-ruled more than once on technical issues for wholly 
non-technical reasons. When I have pointed out the pain caused from those 
decisions I’m told it wasn’t that bad, suck it up.
 
Daniel Chenault
dchena...@lgnetworksinc.com
 
From:Guyer, Don [mailto:dgu...@che.org] 
Sent: Wednesday, June 13, 2012 12:32 PM
To: NT System Admin Issues
Subject: RE: in-depth AD
 
Unfortunately, these kind of situations are when Management finally agrees to 
building a lab environment.
 
“Remember when we were up 3 days straight with a dead AD environment and the 
Board members kept calling because they were on a “retreat” in the Bahamas and 
couldn’t connect to their email from their iPads?”.
 
J
 
Regards,
 
Don Guyer
Catholic Health East - Information Technology
Enterprise Directory & Messaging Services
3805 West Chester Pike, Suite 100, Newtown Square, Pa  19073
email: dgu...@che.org
Office:  610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440
For immediate assistance, please open a Service

Re: in-depth AD

[Andrew S. Baker]

I've had my share of low/no-budget scenarios.

A crisis has been my best assistant in those situations...

* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Wed, Jun 13, 2012 at 12:15 PM, Daniel Chenault <
dchena...@lgnetworksinc.com> wrote:

>  I see you’ve never met the LG in LG Networks.
>
> ** **
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Wednesday, June 13, 2012 9:03 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
> ** **
>
> Given the criticality of the current problem, you should be able to
> cost-justify $1500 to create a virtual lab that can support 6-10 VMs.
>
> Small price to pay to possibly mitigate the current woes.
>
> -ASB: http://XeeMe.com/AndrewBaker
>
> Sent from my Motorola Droid RAZR
>
> On Jun 13, 2012 9:28 AM, "Daniel Chenault" 
> wrote:
>
> A lab.. nice. You have one? Wish I did. I lack the hardware to set one up.
> I’ve tried many times to get the boss to let loose of some cash so I can
> set one up, even older used equipment would be useful, but no…
>
>  
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
>  ****
>
> *From:* Carl Houseman [mailto:c.house...@gmail.com]
> *Sent:* Tuesday, June 12, 2012 9:01 PM
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  
>
> 
>
>  
>
> You've misunderstood the suggestion.
>
>  
>
> You've been advised to restore a *recent* backup (one made *since the
> problem began*) to an isolated lab DC, as an experiment.   The theory is,
> since recent backups complete successfully, perhaps the backup does not
> contain the corruption, or the corruption may not be restored.
>
>  
>
> Carl
>
>  
>
> *From:* Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
> *Sent:* Tuesday, June 12, 2012 5:57 PM
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  
>
> **shrug**
>
>  
>
> Alrighty then… 
>
>  
>
> I may actually be able to get my grubby little hands on a backup that
> predates the first 447 event (that is, before 1/6/12). Rather concerned
> though; that is well past the default tombstone age of 60 days (and what is
> currently set). From what I read in Technet the restore of one that old
> will be disallowed.****
>
>  
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
>  
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Tuesday, June 12, 2012 4:50 PM
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  
>
> What Steven said.
>
> You only have one functional DC, and no useful historical backups. You
> might want to know if the one you have can be restored, and, if perchance
> the restore avoids the problem.
>
> -ASB: http://XeeMe.com/AndrewBaker
>
> Sent from my Motorola Droid RAZR
>
> On Jun 12, 2012 5:17 PM, "Daniel Chenault" 
> wrote:
>
> Uh… what’s the point? The problem I’m having predates that backup by
> MONTHS.
>
>  
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
>  
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Tuesday, June 12, 2012 3:53 PM
> *To:* NT System Admin Issues
> *Subject:* Re: in-depth AD
>
>  
>
> Try restoring that somewhere offline and see if the problem remains
>
>
> 
>
> *ASB*
>
> *http://XeeMe.com/AndrewBaker*
>
> *Harnessing the Advantages of Technology for the SMB market…*
>
>  
>
> On Tue, Jun 12, 2012 at 3:56 PM, Daniel Chenault <
> dchena...@lgnetworksinc.com> wrote:
>
> Did a backup last night before booting into DSRM and it completed without
> error for whatever that is worth.
>
>  
>
> 2008 R2 SP1, English, 64-bit
>
>  
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
>  
>
> *From:* Damien Solodow [mailto:damien.solo...@harrison.edu]
> *Sent:* Tuesday, June 12, 2012 2:04 

Re: in-depth AD

[Free, Bob]

>>"Actually, you do have a test environment.  What you do not have is a 
>>production environment."

Very ironic in this context. 

That quote came from one of the original AD lead dev managers, Don Hacherl. 
About as knowledgeable person as there is WRT AD :-)

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Wednesday, June 13, 2012 8:43 AM
To: NT System Admin Issues
Subject: [dkim-failure] Re: in-depth AD

On Wed, Jun 13, 2012 at 9:24 AM, Daniel Chenault  
wrote:
> A lab.. nice. You have one? Wish I did. I lack the hardware to set one up.

  Someone on one of these lists once remarked to that kind of
situation: "Actually, you do have a test environment.  What you do not have is 
a production environment."

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: in-depth AD

[Ben Scott]

On Wed, Jun 13, 2012 at 9:24 AM, Daniel Chenault
 wrote:
> A lab.. nice. You have one? Wish I did. I lack the hardware to set one up.

  Someone on one of these lists once remarked to that kind of
situation: "Actually, you do have a test environment.  What you do not
have is a production environment."

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: in-depth AD

[Andrew S. Baker]

Given the criticality of the current problem, you should be able to
cost-justify $1500 to create a virtual lab that can support 6-10 VMs.

Small price to pay to possibly mitigate the current woes.

-ASB: http://XeeMe.com/AndrewBaker

Sent from my Motorola Droid RAZR
 On Jun 13, 2012 9:28 AM, "Daniel Chenault" 
wrote:

>  A lab.. nice. You have one? Wish I did. I lack the hardware to set one
> up. I’ve tried many times to get the boss to let loose of some cash so I
> can set one up, even older used equipment would be useful, but no…
>
> ** **
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
> ** **
>
> *From:* Carl Houseman [mailto:c.house...@gmail.com]
> *Sent:* Tuesday, June 12, 2012 9:01 PM
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
> ** **
>
> 
>
> ** **
>
> You've misunderstood the suggestion.
>
> ** **
>
> You've been advised to restore a *recent* backup (one made *since the
> problem began*) to an isolated lab DC, as an experiment.   The theory is,
> since recent backups complete successfully, perhaps the backup does not
> contain the corruption, or the corruption may not be restored.
>
> ** **
>
> Carl
>
> ** **
>
> *From:* Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
> *Sent:* Tuesday, June 12, 2012 5:57 PM
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
> ** **
>
> **shrug**
>
> ** **
>
> Alrighty then… 
>
> ** **
>
> I may actually be able to get my grubby little hands on a backup that
> predates the first 447 event (that is, before 1/6/12). Rather concerned
> though; that is well past the default tombstone age of 60 days (and what is
> currently set). From what I read in Technet the restore of one that old
> will be disallowed.
>
> ** **
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Tuesday, June 12, 2012 4:50 PM
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
> ** **
>
> What Steven said.
>
> You only have one functional DC, and no useful historical backups. You
> might want to know if the one you have can be restored, and, if perchance
> the restore avoids the problem.
>
> -ASB: http://XeeMe.com/AndrewBaker
>
> Sent from my Motorola Droid RAZR
>
> On Jun 12, 2012 5:17 PM, "Daniel Chenault" 
> wrote:
>
> Uh… what’s the point? The problem I’m having predates that backup by
> MONTHS.****
>
>  
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
>  
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Tuesday, June 12, 2012 3:53 PM
> *To:* NT System Admin Issues
> *Subject:* Re: in-depth AD
>
>  
>
> Try restoring that somewhere offline and see if the problem remains
>
>
> 
>
> *ASB*
>
> *http://XeeMe.com/AndrewBaker*
>
> *Harnessing the Advantages of Technology for the SMB market…*
>
> ** **
>
> On Tue, Jun 12, 2012 at 3:56 PM, Daniel Chenault <
> dchena...@lgnetworksinc.com> wrote:
>
> Did a backup last night before booting into DSRM and it completed without
> error for whatever that is worth.
>
>  
>
> 2008 R2 SP1, English, 64-bit
>
>  
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
>  
>
> *From:* Damien Solodow [mailto:damien.solo...@harrison.edu]
> *Sent:* Tuesday, June 12, 2012 2:04 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  
>
> Ah… I was thinking something different based on what you were saying
> earlier.
>
>  
>
> Are able to get a successful system state backup from that DC?
>
> Also, what Windows version is the DC in question?
>
>  
>
> DAMIEN SOLODOW
>
> Systems Engineer
>
> 317.447.6033 (office)
>
> 317.447.6014 (fax)
>
> HARRISON COLLEGE
>
>  
>
> *From:* Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
> *Sent:* Tuesday, June 12, 2012 2:38 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD****
>
>  
>
> It’s an object of type… uh… I dunno… you tell me…
>
>

RE: in-depth AD

[Andrew S. Baker]

Restore to one of those otherwise non-functional DCs, or into some virtual
machine somewhere.

Surely you can find one machine with enough RAM to support VirtualBox with
one VM as an alternative.

-ASB: http://XeeMe.com/AndrewBaker

Sent from my Motorola Droid RAZR
 On Jun 13, 2012 9:28 AM, "Daniel Chenault" 
wrote:

>  A lab.. nice. You have one? Wish I did. I lack the hardware to set one
> up. I’ve tried many times to get the boss to let loose of some cash so I
> can set one up, even older used equipment would be useful, but no…
>
> ** **
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
> ** **
>
> *From:* Carl Houseman [mailto:c.house...@gmail.com]
> *Sent:* Tuesday, June 12, 2012 9:01 PM
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
> ** **
>
> 
>
> ** **
>
> You've misunderstood the suggestion.
>
> ** **
>
> You've been advised to restore a *recent* backup (one made *since the
> problem began*) to an isolated lab DC, as an experiment.   The theory is,
> since recent backups complete successfully, perhaps the backup does not
> contain the corruption, or the corruption may not be restored.
>
> ** **
>
> Carl
>
> ** **
>
> *From:* Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
> *Sent:* Tuesday, June 12, 2012 5:57 PM
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
> ** **
>
> **shrug**
>
> ** **
>
> Alrighty then… 
>
> ** **
>
> I may actually be able to get my grubby little hands on a backup that
> predates the first 447 event (that is, before 1/6/12). Rather concerned
> though; that is well past the default tombstone age of 60 days (and what is
> currently set). From what I read in Technet the restore of one that old
> will be disallowed.
>
> ** **
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Tuesday, June 12, 2012 4:50 PM
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
> ** **
>
> What Steven said.
>
> You only have one functional DC, and no useful historical backups. You
> might want to know if the one you have can be restored, and, if perchance
> the restore avoids the problem.
>
> -ASB: http://XeeMe.com/AndrewBaker
>
> Sent from my Motorola Droid RAZR
>
> On Jun 12, 2012 5:17 PM, "Daniel Chenault" 
> wrote:
>
> Uh… what’s the point? The problem I’m having predates that backup by
> MONTHS.****
>
>  
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
>  
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Tuesday, June 12, 2012 3:53 PM
> *To:* NT System Admin Issues
> *Subject:* Re: in-depth AD
>
>  
>
> Try restoring that somewhere offline and see if the problem remains
>
>
> 
>
> *ASB*
>
> *http://XeeMe.com/AndrewBaker*
>
> *Harnessing the Advantages of Technology for the SMB market…*
>
> ** **
>
> On Tue, Jun 12, 2012 at 3:56 PM, Daniel Chenault <
> dchena...@lgnetworksinc.com> wrote:
>
> Did a backup last night before booting into DSRM and it completed without
> error for whatever that is worth.
>
>  
>
> 2008 R2 SP1, English, 64-bit
>
>  
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
>  
>
> *From:* Damien Solodow [mailto:damien.solo...@harrison.edu]
> *Sent:* Tuesday, June 12, 2012 2:04 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  
>
> Ah… I was thinking something different based on what you were saying
> earlier.
>
>  
>
> Are able to get a successful system state backup from that DC?
>
> Also, what Windows version is the DC in question?
>
>  
>
> DAMIEN SOLODOW
>
> Systems Engineer
>
> 317.447.6033 (office)
>
> 317.447.6014 (fax)
>
> HARRISON COLLEGE
>
>  
>
> *From:* Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
> *Sent:* Tuesday, June 12, 2012 2:38 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD****
>
>  
>
> It’s an object of type… uh… I dunno… you tell me…
>
>

RE: in-depth AD

[Michael B. Smith]

AD does circular logging (that is, only the minimum number of log files 
required to get through a transaction commits).  Very likely, there are only a 
couple of log files present.

From: Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
Sent: Wednesday, June 13, 2012 9:25 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Wouldn't the restore roll in the logs though?

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Steve Kradel 
[mailto:skra...@zetetic.net]<mailto:[mailto:skra...@zetetic.net]>
Sent: Tuesday, June 12, 2012 11:18 PM
To: NT System Admin Issues
Subject: Re: in-depth AD

Agreed, the very old backups are of almost no use whatsoever.  The environment 
is now very likely full of issued SIDs and changed passwords that the old 
backup will have no knowledge of, and one would be hacking at the roots of this 
problem for years and years.

If some kind of restore / new DC IFM dance doesn't do the trick, and knowing 
you've already tapped out MSFT's suggestions for esentutl, I'd start planning 
to stand up a new domain (with two or more DCs, aye) and *try* to migrate the 
current stuff into it via ADMT immediately.  This sounds just messed up enough 
that I'd enjoy working on it for a while at least. ;)

--Steve
On Tue, Jun 12, 2012 at 10:00 PM, Carl Houseman 
mailto:c.house...@gmail.com>> wrote:


You've misunderstood the suggestion.

You've been advised to restore a recent backup (one made since the problem 
began) to an isolated lab DC, as an experiment.   The theory is, since recent 
backups complete successfully, perhaps the backup does not contain the 
corruption, or the corruption may not be restored.

Carl

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>]
Sent: Tuesday, June 12, 2012 5:57 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

*shrug*

Alrighty then...

I may actually be able to get my grubby little hands on a backup that predates 
the first 447 event (that is, before 1/6/12). Rather concerned though; that is 
well past the default tombstone age of 60 days (and what is currently set). 
From what I read in Technet the restore of one that old will be disallowed.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Andrew S. Baker 
[mailto:asbz...@gmail.com]<mailto:[mailto:asbz...@gmail.com]>
Sent: Tuesday, June 12, 2012 4:50 PM
To: NT System Admin Issues
Subject: RE: in-depth AD


What Steven said.

You only have one functional DC, and no useful historical backups. You might 
want to know if the one you have can be restored, and, if perchance the restore 
avoids the problem.

-ASB: http://XeeMe.com/AndrewBaker

Sent from my Motorola Droid RAZR
On Jun 12, 2012 5:17 PM, "Daniel Chenault" 
mailto:dchena...@lgnetworksinc.com>> wrote:
Uh... what's the point? The problem I'm having predates that backup by MONTHS.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Andrew S. Baker [mailto:asbz...@gmail.com<mailto:asbz...@gmail.com>]
Sent: Tuesday, June 12, 2012 3:53 PM
To: NT System Admin Issues
Subject: Re: in-depth AD

Try restoring that somewhere offline and see if the problem remains

ASB

http://XeeMe.com/AndrewBaker

Harnessing the Advantages of Technology for the SMB market...


On Tue, Jun 12, 2012 at 3:56 PM, Daniel Chenault 
mailto:dchena...@lgnetworksinc.com>> wrote:
Did a backup last night before booting into DSRM and it completed without error 
for whatever that is worth.

2008 R2 SP1, English, 64-bit

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu<mailto:damien.solo...@harrison.edu>]
Sent: Tuesday, June 12, 2012 2:04 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

Ah... I was thinking something different based on what you were saying earlier.

Are able to get a successful system state backup from that DC?
Also, what Windows version is the DC in question?

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 2:38 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

It's an object of type... uh... I dunno... you tell me...

NTDS (1836) A bad page link (error -327) has been detected in a B+ Tree 
(ObjectID: 163, PgnoRoot: 952) of database c:\windows\ntds\ntds.dit (2596 => 
3372, 3369)


Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...

RE: in-depth AD

[Daniel Chenault]

Wouldn't the restore roll in the logs though?

Daniel Chenault
dchena...@lgnetworksinc.com
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Steve Kradel [mailto:skra...@zetetic.net]
Sent: Tuesday, June 12, 2012 11:18 PM
To: NT System Admin Issues
Subject: Re: in-depth AD

Agreed, the very old backups are of almost no use whatsoever.  The environment 
is now very likely full of issued SIDs and changed passwords that the old 
backup will have no knowledge of, and one would be hacking at the roots of this 
problem for years and years.

If some kind of restore / new DC IFM dance doesn't do the trick, and knowing 
you've already tapped out MSFT's suggestions for esentutl, I'd start planning 
to stand up a new domain (with two or more DCs, aye) and *try* to migrate the 
current stuff into it via ADMT immediately.  This sounds just messed up enough 
that I'd enjoy working on it for a while at least. ;)

--Steve
On Tue, Jun 12, 2012 at 10:00 PM, Carl Houseman 
mailto:c.house...@gmail.com>> wrote:


You've misunderstood the suggestion.

You've been advised to restore a recent backup (one made since the problem 
began) to an isolated lab DC, as an experiment.   The theory is, since recent 
backups complete successfully, perhaps the backup does not contain the 
corruption, or the corruption may not be restored.

Carl

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>]
Sent: Tuesday, June 12, 2012 5:57 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

*shrug*

Alrighty then...

I may actually be able to get my grubby little hands on a backup that predates 
the first 447 event (that is, before 1/6/12). Rather concerned though; that is 
well past the default tombstone age of 60 days (and what is currently set). 
From what I read in Technet the restore of one that old will be disallowed.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Andrew S. Baker 
[mailto:asbz...@gmail.com]<mailto:[mailto:asbz...@gmail.com]>
Sent: Tuesday, June 12, 2012 4:50 PM
To: NT System Admin Issues
Subject: RE: in-depth AD


What Steven said.

You only have one functional DC, and no useful historical backups. You might 
want to know if the one you have can be restored, and, if perchance the restore 
avoids the problem.

-ASB: http://XeeMe.com/AndrewBaker

Sent from my Motorola Droid RAZR
On Jun 12, 2012 5:17 PM, "Daniel Chenault" 
mailto:dchena...@lgnetworksinc.com>> wrote:
Uh... what's the point? The problem I'm having predates that backup by MONTHS.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Andrew S. Baker [mailto:asbz...@gmail.com<mailto:asbz...@gmail.com>]
Sent: Tuesday, June 12, 2012 3:53 PM
To: NT System Admin Issues
Subject: Re: in-depth AD

Try restoring that somewhere offline and see if the problem remains

ASB

http://XeeMe.com/AndrewBaker

Harnessing the Advantages of Technology for the SMB market...


On Tue, Jun 12, 2012 at 3:56 PM, Daniel Chenault 
mailto:dchena...@lgnetworksinc.com>> wrote:
Did a backup last night before booting into DSRM and it completed without error 
for whatever that is worth.

2008 R2 SP1, English, 64-bit

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu<mailto:damien.solo...@harrison.edu>]
Sent: Tuesday, June 12, 2012 2:04 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

Ah... I was thinking something different based on what you were saying earlier.

Are able to get a successful system state backup from that DC?
Also, what Windows version is the DC in question?

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 2:38 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

It's an object of type... uh... I dunno... you tell me...

NTDS (1836) A bad page link (error -327) has been detected in a B+ Tree 
(ObjectID: 163, PgnoRoot: 952) of database c:\windows\ntds\ntds.dit (2596 => 
3372, 3369)


Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu]<mailto:[mailto:damien.solo...@harrison.edu]>
Sent: Tuesday, June 12, 2012 1:27 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

Couple questions:

1)  I assume there are multiple domain controllers? Do they all report this 
same error or is it just on

RE: in-depth AD

[Daniel Chenault]

A lab.. nice. You have one? Wish I did. I lack the hardware to set one up. I've 
tried many times to get the boss to let loose of some cash so I can set one up, 
even older used equipment would be useful, but no...

Daniel Chenault
dchena...@lgnetworksinc.com
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Carl Houseman [mailto:c.house...@gmail.com]
Sent: Tuesday, June 12, 2012 9:01 PM
To: NT System Admin Issues
Subject: RE: in-depth AD



You've misunderstood the suggestion.

You've been advised to restore a recent backup (one made since the problem 
began) to an isolated lab DC, as an experiment.   The theory is, since recent 
backups complete successfully, perhaps the backup does not contain the 
corruption, or the corruption may not be restored.

Carl

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 5:57 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

*shrug*

Alrighty then...

I may actually be able to get my grubby little hands on a backup that predates 
the first 447 event (that is, before 1/6/12). Rather concerned though; that is 
well past the default tombstone age of 60 days (and what is currently set). 
From what I read in Technet the restore of one that old will be disallowed.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Andrew S. Baker 
[mailto:asbz...@gmail.com]<mailto:[mailto:asbz...@gmail.com]>
Sent: Tuesday, June 12, 2012 4:50 PM
To: NT System Admin Issues
Subject: RE: in-depth AD


What Steven said.

You only have one functional DC, and no useful historical backups. You might 
want to know if the one you have can be restored, and, if perchance the restore 
avoids the problem.

-ASB: http://XeeMe.com/AndrewBaker

Sent from my Motorola Droid RAZR
On Jun 12, 2012 5:17 PM, "Daniel Chenault" 
mailto:dchena...@lgnetworksinc.com>> wrote:
Uh... what's the point? The problem I'm having predates that backup by MONTHS.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Andrew S. Baker [mailto:asbz...@gmail.com<mailto:asbz...@gmail.com>]
Sent: Tuesday, June 12, 2012 3:53 PM
To: NT System Admin Issues
Subject: Re: in-depth AD

Try restoring that somewhere offline and see if the problem remains

ASB

http://XeeMe.com/AndrewBaker

Harnessing the Advantages of Technology for the SMB market...


On Tue, Jun 12, 2012 at 3:56 PM, Daniel Chenault 
mailto:dchena...@lgnetworksinc.com>> wrote:
Did a backup last night before booting into DSRM and it completed without error 
for whatever that is worth.

2008 R2 SP1, English, 64-bit

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu<mailto:damien.solo...@harrison.edu>]
Sent: Tuesday, June 12, 2012 2:04 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

Ah... I was thinking something different based on what you were saying earlier.

Are able to get a successful system state backup from that DC?
Also, what Windows version is the DC in question?

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 2:38 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

It's an object of type... uh... I dunno... you tell me...

NTDS (1836) A bad page link (error -327) has been detected in a B+ Tree 
(ObjectID: 163, PgnoRoot: 952) of database c:\windows\ntds\ntds.dit (2596 => 
3372, 3369)


Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu]<mailto:[mailto:damien.solo...@harrison.edu]>
Sent: Tuesday, June 12, 2012 1:27 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

Couple questions:

1)  I assume there are multiple domain controllers? Do they all report this 
same error or is it just one DC?

2)  What object is an error being reported on? Depending on the object type 
you may have different options for dealing with it

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 2:19 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

Failed with an error (1206 I believe) stating the database is corrupt.

Let me clarify: I, and Microsoft, have run every possible switch or command 

Re: in-depth AD

[Steve Kradel]

Agreed, the very old backups are of almost no use whatsoever.  The
environment is now very likely full of issued SIDs and changed passwords
that the old backup will have no knowledge of, and one would be hacking at
the roots of this problem for years and years.

If some kind of restore / new DC IFM dance doesn't do the trick, and
knowing you've already tapped out MSFT's suggestions for esentutl, I'd
start planning to stand up a new domain (with two or more DCs, aye) and
*try* to migrate the current stuff into it via ADMT immediately.  This
sounds just messed up enough that I'd enjoy working on it for a while at
least. ;)

--Steve

On Tue, Jun 12, 2012 at 10:00 PM, Carl Houseman wrote:

> 
>
> ** **
>
> You've misunderstood the suggestion.
>
> ** **
>
> You've been advised to restore a *recent* backup (one made *since the
> problem began*) to an isolated lab DC, as an experiment.   The theory is,
> since recent backups complete successfully, perhaps the backup does not
> contain the corruption, or the corruption may not be restored.
>
> ** **
>
> Carl
>
> ** **
>
> *From:* Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
> *Sent:* Tuesday, June 12, 2012 5:57 PM
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
> ** **
>
> **shrug**
>
> ** **
>
> Alrighty then… 
>
> ** **
>
> I may actually be able to get my grubby little hands on a backup that
> predates the first 447 event (that is, before 1/6/12). Rather concerned
> though; that is well past the default tombstone age of 60 days (and what is
> currently set). From what I read in Technet the restore of one that old
> will be disallowed.
>
> ** **
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Tuesday, June 12, 2012 4:50 PM
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
> ** **
>
> What Steven said.
>
> You only have one functional DC, and no useful historical backups. You
> might want to know if the one you have can be restored, and, if perchance
> the restore avoids the problem.
>
> -ASB: http://XeeMe.com/AndrewBaker
>
> Sent from my Motorola Droid RAZR
>
> On Jun 12, 2012 5:17 PM, "Daniel Chenault" 
> wrote:
>
> Uh… what’s the point? The problem I’m having predates that backup by
> MONTHS.
>
>  
>
> Daniel Chenault****
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
>  
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Tuesday, June 12, 2012 3:53 PM
> *To:* NT System Admin Issues
> *Subject:* Re: in-depth AD
>
>  
>
> Try restoring that somewhere offline and see if the problem remains
>
>
> 
>
> *ASB*
>
> *http://XeeMe.com/AndrewBaker*
>
> *Harnessing the Advantages of Technology for the SMB market…*
>
> ** **
>
> On Tue, Jun 12, 2012 at 3:56 PM, Daniel Chenault <
> dchena...@lgnetworksinc.com> wrote:
>
> Did a backup last night before booting into DSRM and it completed without
> error for whatever that is worth.
>
>  
>
> 2008 R2 SP1, English, 64-bit
>
>  
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
>  
>
> *From:* Damien Solodow [mailto:damien.solo...@harrison.edu]
> *Sent:* Tuesday, June 12, 2012 2:04 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  
>
> Ah… I was thinking something different based on what you were saying
> earlier.****
>
>  
>
> Are able to get a successful system state backup from that DC?
>
> Also, what Windows version is the DC in question?
>
>  
>
> DAMIEN SOLODOW
>
> Systems Engineer
>
> 317.447.6033 (office)
>
> 317.447.6014 (fax)
>
> HARRISON COLLEGE
>
>  
>
> *From:* Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
> *Sent:* Tuesday, June 12, 2012 2:38 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  
>
> It’s an object of type… uh… I dunno… you tell me…
>
>  
>
> NTDS (1836) A bad page link (error -327) has been detected in a B+ Tree
> (ObjectID: 163, PgnoRoot: 952) of database c:\windows\ntds\ntds.dit (2596
> => 3372, 3369)
>
>  
>
>  ***

RE: in-depth AD

[Carl Houseman]

 

You've misunderstood the suggestion.

 

You've been advised to restore a recent backup (one made since the problem
began) to an isolated lab DC, as an experiment.   The theory is, since recent
backups complete successfully, perhaps the backup does not contain the
corruption, or the corruption may not be restored.

 

Carl

 

From: Daniel Chenault [mailto:dchena...@lgnetworksinc.com] 
Sent: Tuesday, June 12, 2012 5:57 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

 

*shrug*

 

Alrighty then. 

 

I may actually be able to get my grubby little hands on a backup that
predates the first 447 event (that is, before 1/6/12). Rather concerned
though; that is well past the default tombstone age of 60 days (and what is
currently set). From what I read in Technet the restore of one that old will
be disallowed.

 

Daniel Chenault

dchena...@lgnetworksinc.com

Description: Description: cid:image001.jpg@01CCF24C.F9B05160

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Tuesday, June 12, 2012 4:50 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

 

What Steven said.

You only have one functional DC, and no useful historical backups. You might
want to know if the one you have can be restored, and, if perchance the
restore avoids the problem.

-ASB: http://XeeMe.com/AndrewBaker

Sent from my Motorola Droid RAZR

On Jun 12, 2012 5:17 PM, "Daniel Chenault" 
wrote:

Uh. what's the point? The problem I'm having predates that backup by MONTHS.

 

Daniel Chenault

dchena...@lgnetworksinc.com

Description: Description: cid:image001.jpg@01CCF24C.F9B05160

 

From: Andrew S. Baker [mailto:asbz...@gmail.com] 
Sent: Tuesday, June 12, 2012 3:53 PM
To: NT System Admin Issues
Subject: Re: in-depth AD

 

Try restoring that somewhere offline and see if the problem remains





ASB


http://XeeMe.com/AndrewBaker


Harnessing the Advantages of Technology for the SMB market.

 

On Tue, Jun 12, 2012 at 3:56 PM, Daniel Chenault
 wrote:

Did a backup last night before booting into DSRM and it completed without
error for whatever that is worth.

 

2008 R2 SP1, English, 64-bit

 

Daniel Chenault

dchena...@lgnetworksinc.com

Description: Description: cid:image001.jpg@01CCF24C.F9B05160

 

From: Damien Solodow [mailto:damien.solo...@harrison.edu] 
Sent: Tuesday, June 12, 2012 2:04 PM


To: NT System Admin Issues
Subject: RE: in-depth AD

 

Ah. I was thinking something different based on what you were saying earlier.

 

Are able to get a successful system state backup from that DC?

Also, what Windows version is the DC in question?

 

DAMIEN SOLODOW

Systems Engineer

317.447.6033 (office)

317.447.6014 (fax)

HARRISON COLLEGE

 

From: Daniel Chenault [mailto:dchena...@lgnetworksinc.com] 
Sent: Tuesday, June 12, 2012 2:38 PM


To: NT System Admin Issues
Subject: RE: in-depth AD

 

It's an object of type. uh. I dunno. you tell me.

 

NTDS (1836) A bad page link (error -327) has been detected in a B+ Tree
(ObjectID: 163, PgnoRoot: 952) of database c:\windows\ntds\ntds.dit (2596 =>
3372, 3369)

 

 

Daniel Chenault

dchena...@lgnetworksinc.com

Description: Description: cid:image001.jpg@01CCF24C.F9B05160

 

From: Damien Solodow [mailto:damien.solo...@harrison.edu] 
Sent: Tuesday, June 12, 2012 1:27 PM


To: NT System Admin Issues
Subject: RE: in-depth AD

 

Couple questions:

1)  I assume there are multiple domain controllers? Do they all report
this same error or is it just one DC?

2)  What object is an error being reported on? Depending on the object
type you may have different options for dealing with it

 

DAMIEN SOLODOW

Systems Engineer

317.447.6033 (office)

317.447.6014 (fax)

HARRISON COLLEGE

 

From: Daniel Chenault [mailto:dchena...@lgnetworksinc.com] 
Sent: Tuesday, June 12, 2012 2:19 PM


To: NT System Admin Issues
Subject: RE: in-depth AD

 

Failed with an error (1206 I believe) stating the database is corrupt.

 

Let me clarify: I, and Microsoft, have run every possible switch or command
available via ntdsutil and esentutl. Each one failed with an error stating
corruption. Wanting to try and edit the file manually is not a whim or a wild
idea but a last-ditch effort unless someone has a better idea.

 

Daniel Chenault

dchena...@lgnetworksinc.com

Description: Description: cid:image001.jpg@01CCF24C.F9B05160

 

From: Michael B. Smith [mailto:mich...@smithcons.com] 
Sent: Tuesday, June 12, 2012 11:56 AM


To: NT System Admin Issues
Subject: RE: in-depth AD

 

Have you done a defrag of the ntds.dit?

 

From: Daniel Chenault [mailto:dchena...@lgnetworksinc.com] 
Sent: Tuesday, June 12, 2012 12:23 PM


To: NT System Admin Issues
Subject: RE: in-depth AD

 

Oh yes, it's up and running. Basic AD functionality is there; I can create
users, assign permissions and other simple stuff. No replication is happening
and it's to the point that I cannot open the EMC.

 

Daniel Chenault

dchena...@lgnetworksinc.com

Description:

RE: in-depth AD

[Coleman, Hunter]

It sounds like the reality for the customer is a new Active Directory 
environment. Even if you managed to delete the corrupt entry from the .dit, it 
would be reasonable to expect that deletion to create other problems within the 
database.

The cut-your-losses approach may be to spin up a new forest (at least 2 DCs), 
install ADMT, and start migrating out what you can from the broken forest into 
the new one.

From: Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
Sent: Tuesday, June 12, 2012 3:57 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

*shrug*

Alrighty then...

I may actually be able to get my grubby little hands on a backup that predates 
the first 447 event (that is, before 1/6/12). Rather concerned though; that is 
well past the default tombstone age of 60 days (and what is currently set). 
From what I read in Technet the restore of one that old will be disallowed.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Andrew S. Baker 
[mailto:asbz...@gmail.com]<mailto:[mailto:asbz...@gmail.com]>
Sent: Tuesday, June 12, 2012 4:50 PM
To: NT System Admin Issues
Subject: RE: in-depth AD


What Steven said.

You only have one functional DC, and no useful historical backups. You might 
want to know if the one you have can be restored, and, if perchance the restore 
avoids the problem.

-ASB: http://XeeMe.com/AndrewBaker

Sent from my Motorola Droid RAZR
On Jun 12, 2012 5:17 PM, "Daniel Chenault" 
mailto:dchena...@lgnetworksinc.com>> wrote:
Uh... what's the point? The problem I'm having predates that backup by MONTHS.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Andrew S. Baker [mailto:asbz...@gmail.com<mailto:asbz...@gmail.com>]
Sent: Tuesday, June 12, 2012 3:53 PM
To: NT System Admin Issues
Subject: Re: in-depth AD

Try restoring that somewhere offline and see if the problem remains

ASB

http://XeeMe.com/AndrewBaker

Harnessing the Advantages of Technology for the SMB market...


On Tue, Jun 12, 2012 at 3:56 PM, Daniel Chenault 
mailto:dchena...@lgnetworksinc.com>> wrote:
Did a backup last night before booting into DSRM and it completed without error 
for whatever that is worth.

2008 R2 SP1, English, 64-bit

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu<mailto:damien.solo...@harrison.edu>]
Sent: Tuesday, June 12, 2012 2:04 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

Ah... I was thinking something different based on what you were saying earlier.

Are able to get a successful system state backup from that DC?
Also, what Windows version is the DC in question?

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 2:38 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

It's an object of type... uh... I dunno... you tell me...

NTDS (1836) A bad page link (error -327) has been detected in a B+ Tree 
(ObjectID: 163, PgnoRoot: 952) of database c:\windows\ntds\ntds.dit (2596 => 
3372, 3369)


Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu]<mailto:[mailto:damien.solo...@harrison.edu]>
Sent: Tuesday, June 12, 2012 1:27 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

Couple questions:

1)  I assume there are multiple domain controllers? Do they all report this 
same error or is it just one DC?

2)  What object is an error being reported on? Depending on the object type 
you may have different options for dealing with it

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 2:19 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

Failed with an error (1206 I believe) stating the database is corrupt.

Let me clarify: I, and Microsoft, have run every possible switch or command 
available via ntdsutil and esentutl. Each one failed with an error stating 
corruption. Wanting to try and edit the file manually is not a whim or a wild 
idea but a last-ditch effort unless someone has a better idea.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Michael B. Smith 
[mailto:mich...@smithcons.com]<mailto:[mailto:mich.

RE: in-depth AD

[Daniel Chenault]

*shrug*

Alrighty then...

I may actually be able to get my grubby little hands on a backup that predates 
the first 447 event (that is, before 1/6/12). Rather concerned though; that is 
well past the default tombstone age of 60 days (and what is currently set). 
From what I read in Technet the restore of one that old will be disallowed.

Daniel Chenault
dchena...@lgnetworksinc.com
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Tuesday, June 12, 2012 4:50 PM
To: NT System Admin Issues
Subject: RE: in-depth AD


What Steven said.

You only have one functional DC, and no useful historical backups. You might 
want to know if the one you have can be restored, and, if perchance the restore 
avoids the problem.

-ASB: http://XeeMe.com/AndrewBaker

Sent from my Motorola Droid RAZR
On Jun 12, 2012 5:17 PM, "Daniel Chenault" 
mailto:dchena...@lgnetworksinc.com>> wrote:
Uh... what's the point? The problem I'm having predates that backup by MONTHS.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Andrew S. Baker [mailto:asbz...@gmail.com<mailto:asbz...@gmail.com>]
Sent: Tuesday, June 12, 2012 3:53 PM
To: NT System Admin Issues
Subject: Re: in-depth AD

Try restoring that somewhere offline and see if the problem remains

ASB

http://XeeMe.com/AndrewBaker

Harnessing the Advantages of Technology for the SMB market...


On Tue, Jun 12, 2012 at 3:56 PM, Daniel Chenault 
mailto:dchena...@lgnetworksinc.com>> wrote:
Did a backup last night before booting into DSRM and it completed without error 
for whatever that is worth.

2008 R2 SP1, English, 64-bit

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu<mailto:damien.solo...@harrison.edu>]
Sent: Tuesday, June 12, 2012 2:04 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

Ah... I was thinking something different based on what you were saying earlier.

Are able to get a successful system state backup from that DC?
Also, what Windows version is the DC in question?

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 2:38 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

It's an object of type... uh... I dunno... you tell me...

NTDS (1836) A bad page link (error -327) has been detected in a B+ Tree 
(ObjectID: 163, PgnoRoot: 952) of database c:\windows\ntds\ntds.dit (2596 => 
3372, 3369)


Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu]<mailto:[mailto:damien.solo...@harrison.edu]>
Sent: Tuesday, June 12, 2012 1:27 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

Couple questions:

1)  I assume there are multiple domain controllers? Do they all report this 
same error or is it just one DC?

2)  What object is an error being reported on? Depending on the object type 
you may have different options for dealing with it

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 2:19 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

Failed with an error (1206 I believe) stating the database is corrupt.

Let me clarify: I, and Microsoft, have run every possible switch or command 
available via ntdsutil and esentutl. Each one failed with an error stating 
corruption. Wanting to try and edit the file manually is not a whim or a wild 
idea but a last-ditch effort unless someone has a better idea.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Michael B. Smith 
[mailto:mich...@smithcons.com]<mailto:[mailto:mich...@smithcons.com]>
Sent: Tuesday, June 12, 2012 11:56 AM

To: NT System Admin Issues
Subject: RE: in-depth AD

Have you done a defrag of the ntds.dit?

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 12:23 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

Oh yes, it's up and running. Basic AD functionality is there; I can create 
users, assign permissions and other simple stuff. No replication is happening 
and it's to the point that I cannot open the EMC.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchen

RE: in-depth AD

[Andrew S. Baker]

What Steven said.

You only have one functional DC, and no useful historical backups. You
might want to know if the one you have can be restored, and, if perchance
the restore avoids the problem.

-ASB: http://XeeMe.com/AndrewBaker

Sent from my Motorola Droid RAZR
 On Jun 12, 2012 5:17 PM, "Daniel Chenault" 
wrote:

>  Uh… what’s the point? The problem I’m having predates that backup by
> MONTHS.
>
> ** **
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Tuesday, June 12, 2012 3:53 PM
> *To:* NT System Admin Issues
> *Subject:* Re: in-depth AD
>
> ** **
>
> Try restoring that somewhere offline and see if the problem remains
>
>
> 
>
> *ASB*
>
> *http://XeeMe.com/AndrewBaker*
>
> *Harnessing the Advantages of Technology for the SMB market…*
>
>
>
> 
>
> On Tue, Jun 12, 2012 at 3:56 PM, Daniel Chenault <
> dchena...@lgnetworksinc.com> wrote:
>
> Did a backup last night before booting into DSRM and it completed without
> error for whatever that is worth.
>
>  
>
> 2008 R2 SP1, English, 64-bit
>
>  
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]****
>
>  
>
> *From:* Damien Solodow [mailto:damien.solo...@harrison.edu]
> *Sent:* Tuesday, June 12, 2012 2:04 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  
>
> Ah… I was thinking something different based on what you were saying
> earlier.
>
>  
>
> Are able to get a successful system state backup from that DC?
>
> Also, what Windows version is the DC in question?
>
>  
>
> DAMIEN SOLODOW
>
> Systems Engineer
>
> 317.447.6033 (office)
>
> 317.447.6014 (fax)
>
> HARRISON COLLEGE
>
>  
>
> *From:* Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
> *Sent:* Tuesday, June 12, 2012 2:38 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  
>
> It’s an object of type… uh… I dunno… you tell me…
>
>  
>
> NTDS (1836) A bad page link (error -327) has been detected in a B+ Tree
> (ObjectID: 163, PgnoRoot: 952) of database c:\windows\ntds\ntds.dit (2596
> => 3372, 3369)****
>
>  ****
>
>  
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
>  
>
> *From:* Damien Solodow [mailto:damien.solo...@harrison.edu]
> *Sent:* Tuesday, June 12, 2012 1:27 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  
>
> Couple questions:
>
> 1)  I assume there are multiple domain controllers? Do they all
> report this same error or is it just one DC?
>
> 2)  What object is an error being reported on? Depending on the
> object type you may have different options for dealing with it
>
>  
>
> DAMIEN SOLODOW
>
> Systems Engineer
>
> 317.447.6033 (office)
>
> 317.447.6014 (fax)
>
> HARRISON COLLEGE
>
>  
>
> *From:* Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
> *Sent:* Tuesday, June 12, 2012 2:19 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  
>
> Failed with an error (1206 I believe) stating the database is corrupt.
>
>  
>
> Let me clarify: I, and Microsoft, have run every possible switch or
> command available via ntdsutil and esentutl. Each one failed with an error
> stating corruption. Wanting to try and edit the file manually is not a whim
> or a wild idea but a last-ditch effort unless someone has a better idea.**
> **
>
>  
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
>  
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
> *Sent:* Tuesday, June 12, 2012 11:56 AM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  
>
> Have you done a defrag of the ntds.dit?
>
>  
>
> *From:* Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
> *Sent:* Tuesday, June 12, 2012 12:23 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  
>
> Oh yes, it’s up and running. 

Re: in-depth AD

[Steven Peck]

At the very least you will know if you can restore it.  Since you are into
voodoo territory anyway you might get lucky.  You will have an environment
to play weird make up stuff if you hack the db without mucking up prod
further.

On Tue, Jun 12, 2012 at 2:13 PM, Daniel Chenault <
dchena...@lgnetworksinc.com> wrote:

>  Uh… what’s the point? The problem I’m having predates that backup by
> MONTHS.
>
> ** **
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Tuesday, June 12, 2012 3:53 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: in-depth AD
>
> ** **
>
> Try restoring that somewhere offline and see if the problem remains
>
>
> 
>
> *ASB*
>
> *http://XeeMe.com/AndrewBaker*
>
> *Harnessing the Advantages of Technology for the SMB market…*
>
>
>
> 
>
> On Tue, Jun 12, 2012 at 3:56 PM, Daniel Chenault <
> dchena...@lgnetworksinc.com> wrote:
>
> Did a backup last night before booting into DSRM and it completed without
> error for whatever that is worth.
>
>  
>
> 2008 R2 SP1, English, 64-bit
>
>  
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]****
>
>  
>
> *From:* Damien Solodow [mailto:damien.solo...@harrison.edu]
> *Sent:* Tuesday, June 12, 2012 2:04 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  
>
> Ah… I was thinking something different based on what you were saying
> earlier.
>
>  
>
> Are able to get a successful system state backup from that DC?
>
> Also, what Windows version is the DC in question?
>
>  
>
> DAMIEN SOLODOW
>
> Systems Engineer
>
> 317.447.6033 (office)
>
> 317.447.6014 (fax)
>
> HARRISON COLLEGE
>
>  
>
> *From:* Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
> *Sent:* Tuesday, June 12, 2012 2:38 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  
>
> It’s an object of type… uh… I dunno… you tell me…
>
>  
>
> NTDS (1836) A bad page link (error -327) has been detected in a B+ Tree
> (ObjectID: 163, PgnoRoot: 952) of database c:\windows\ntds\ntds.dit (2596
> => 3372, 3369)****
>
>  ****
>
>  
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
>  
>
> *From:* Damien Solodow [mailto:damien.solo...@harrison.edu]
> *Sent:* Tuesday, June 12, 2012 1:27 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  
>
> Couple questions:
>
> 1)  I assume there are multiple domain controllers? Do they all
> report this same error or is it just one DC?
>
> 2)  What object is an error being reported on? Depending on the
> object type you may have different options for dealing with it
>
>  
>
> DAMIEN SOLODOW
>
> Systems Engineer
>
> 317.447.6033 (office)
>
> 317.447.6014 (fax)
>
> HARRISON COLLEGE
>
>  
>
> *From:* Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
> *Sent:* Tuesday, June 12, 2012 2:19 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  
>
> Failed with an error (1206 I believe) stating the database is corrupt.
>
>  
>
> Let me clarify: I, and Microsoft, have run every possible switch or
> command available via ntdsutil and esentutl. Each one failed with an error
> stating corruption. Wanting to try and edit the file manually is not a whim
> or a wild idea but a last-ditch effort unless someone has a better idea.**
> **
>
>  
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
>  
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
> *Sent:* Tuesday, June 12, 2012 11:56 AM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  
>
> Have you done a defrag of the ntds.dit?
>
>  
>
> *From:* Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
> *Sent:* Tuesday, June 12, 2012 12:23 PM
>
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  
>
> Oh yes, it’s up and running. B

RE: in-depth AD

[Daniel Chenault]

Uh... what's the point? The problem I'm having predates that backup by MONTHS.

Daniel Chenault
dchena...@lgnetworksinc.com
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Tuesday, June 12, 2012 3:53 PM
To: NT System Admin Issues
Subject: Re: in-depth AD

Try restoring that somewhere offline and see if the problem remains

ASB

http://XeeMe.com/AndrewBaker

Harnessing the Advantages of Technology for the SMB market...



On Tue, Jun 12, 2012 at 3:56 PM, Daniel Chenault 
mailto:dchena...@lgnetworksinc.com>> wrote:
Did a backup last night before booting into DSRM and it completed without error 
for whatever that is worth.

2008 R2 SP1, English, 64-bit

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu<mailto:damien.solo...@harrison.edu>]
Sent: Tuesday, June 12, 2012 2:04 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

Ah... I was thinking something different based on what you were saying earlier.

Are able to get a successful system state backup from that DC?
Also, what Windows version is the DC in question?

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 2:38 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

It's an object of type... uh... I dunno... you tell me...

NTDS (1836) A bad page link (error -327) has been detected in a B+ Tree 
(ObjectID: 163, PgnoRoot: 952) of database c:\windows\ntds\ntds.dit (2596 => 
3372, 3369)


Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu]<mailto:[mailto:damien.solo...@harrison.edu]>
Sent: Tuesday, June 12, 2012 1:27 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

Couple questions:

1)  I assume there are multiple domain controllers? Do they all report this 
same error or is it just one DC?

2)  What object is an error being reported on? Depending on the object type 
you may have different options for dealing with it

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 2:19 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

Failed with an error (1206 I believe) stating the database is corrupt.

Let me clarify: I, and Microsoft, have run every possible switch or command 
available via ntdsutil and esentutl. Each one failed with an error stating 
corruption. Wanting to try and edit the file manually is not a whim or a wild 
idea but a last-ditch effort unless someone has a better idea.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Michael B. Smith 
[mailto:mich...@smithcons.com]<mailto:[mailto:mich...@smithcons.com]>
Sent: Tuesday, June 12, 2012 11:56 AM

To: NT System Admin Issues
Subject: RE: in-depth AD

Have you done a defrag of the ntds.dit?

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 12:23 PM

To: NT System Admin Issues
Subject: RE: in-depth AD

Oh yes, it's up and running. Basic AD functionality is there; I can create 
users, assign permissions and other simple stuff. No replication is happening 
and it's to the point that I cannot open the EMC.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Brian Desmond 
[mailto:br...@briandesmond.com]<mailto:[mailto:br...@briandesmond.com]>
Sent: Tuesday, June 12, 2012 11:13 AM

To: NT System Admin Issues
Subject: RE: in-depth AD

Does the machine boot?

Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

w - 312.625.1438 | c   - 312.731.3132

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 10:54 AM

To: NT System Admin Issues
Subject: in-depth AD

It's a long story, aren't they all, but the root of my issue is this: I am 
getting Event ID 447 for Database Corruption on ntds.dit. Microsoft is telling 
me to do an authoritative restore. Problem is this problem goes back to 
January; it is highly doubtful I can locate a backup pre-dating that time 
frame. I inherited this mess and am just trying to fix it. This corruption is 
causing several different pr

Re: in-depth AD

[Andrew S. Baker]

Try restoring that somewhere offline and see if the problem remains


* *

*ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of
Technology for the SMB market…

*



On Tue, Jun 12, 2012 at 3:56 PM, Daniel Chenault <
dchena...@lgnetworksinc.com> wrote:

>  Did a backup last night before booting into DSRM and it completed
> without error for whatever that is worth.
>
> ** **
>
> 2008 R2 SP1, English, 64-bit
>
> ** **
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
> ** **
>
> *From:* Damien Solodow [mailto:damien.solo...@harrison.edu]
> *Sent:* Tuesday, June 12, 2012 2:04 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  ** **
>
> Ah… I was thinking something different based on what you were saying
> earlier.
>
> ** **
>
> Are able to get a successful system state backup from that DC?
>
> Also, what Windows version is the DC in question?
>
> ** **
>
> DAMIEN SOLODOW
>
> Systems Engineer
>
> 317.447.6033 (office)
>
> 317.447.6014 (fax)
>
> HARRISON COLLEGE
>
> ** **
>
> *From:* Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
> *Sent:* Tuesday, June 12, 2012 2:38 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  ** **
>
> It’s an object of type… uh… I dunno… you tell me…
>
> ** **
>
> NTDS (1836) A bad page link (error -327) has been detected in a B+ Tree
> (ObjectID: 163, PgnoRoot: 952) of database c:\windows\ntds\ntds.dit (2596
> => 3372, 3369)
>
> ** **
>
> ** **
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
> ** **
>
> *From:* Damien Solodow [mailto:damien.solo...@harrison.edu]
> *Sent:* Tuesday, June 12, 2012 1:27 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  ** **
>
> Couple questions:
>
> **1)  **I assume there are multiple domain controllers? Do they all
> report this same error or is it just one DC?
>
> **2)  **What object is an error being reported on? Depending on the
> object type you may have different options for dealing with it
>
> ** **
>
> DAMIEN SOLODOW
>
> Systems Engineer
>
> 317.447.6033 (office)
>
> 317.447.6014 (fax)
>
> HARRISON COLLEGE
>
> ** **
>
> *From:* Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
> *Sent:* Tuesday, June 12, 2012 2:19 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  ** **
>
> Failed with an error (1206 I believe) stating the database is corrupt.
>
> ** **
>
> Let me clarify: I, and Microsoft, have run every possible switch or
> command available via ntdsutil and esentutl. Each one failed with an error
> stating corruption. Wanting to try and edit the file manually is not a whim
> or a wild idea but a last-ditch effort unless someone has a better idea.**
> **
>
> ** **
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]****
>
> ** **
>
> *From:* Michael B. Smith [mailto:mich...@smithcons.com]
> *Sent:* Tuesday, June 12, 2012 11:56 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  ** **
>
> Have you done a defrag of the ntds.dit?
>
> ** **
>
> *From:* Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
> *Sent:* Tuesday, June 12, 2012 12:23 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  ** **
>
> Oh yes, it’s up and running. Basic AD functionality is there; I can create
> users, assign permissions and other simple stuff. No replication is
> happening and it’s to the point that I cannot open the EMC.
>
> ** **
>
> Daniel Chenault
>
> dchena...@lgnetworksinc.com
>
> [image: Description: Description: cid:image001.jpg@01CCF24C.F9B05160]
>
> ** **
>
> *From:* Brian Desmond [mailto:br...@briandesmond.com]
> *Sent:* Tuesday, June 12, 2012 11:13 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: in-depth AD
>
>  ** **
>
> *Does the machine boot?***
>
> * *
>
> *Thanks,*
>
> *Brian Desmond*
>
> *br...@briandesmond.com* **
>
> * *
>
> *w – 312.625.1438 | c   – 312.731.3132*
>
> * *
>
> *From:* Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
> *Sent:* Tuesday, June 12, 2012 10:54 AM
>
> *To:* NT System Admin Issues
> *Subje

RE: in-depth AD

[Daniel Chenault]

Did a backup last night before booting into DSRM and it completed without error 
for whatever that is worth.

2008 R2 SP1, English, 64-bit

Daniel Chenault
dchena...@lgnetworksinc.com
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Damien Solodow [mailto:damien.solo...@harrison.edu]
Sent: Tuesday, June 12, 2012 2:04 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Ah... I was thinking something different based on what you were saying earlier.

Are able to get a successful system state backup from that DC?
Also, what Windows version is the DC in question?

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 2:38 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

It's an object of type... uh... I dunno... you tell me...

NTDS (1836) A bad page link (error -327) has been detected in a B+ Tree 
(ObjectID: 163, PgnoRoot: 952) of database c:\windows\ntds\ntds.dit (2596 => 
3372, 3369)


Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu]<mailto:[mailto:damien.solo...@harrison.edu]>
Sent: Tuesday, June 12, 2012 1:27 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Couple questions:

1)  I assume there are multiple domain controllers? Do they all report this 
same error or is it just one DC?

2)  What object is an error being reported on? Depending on the object type 
you may have different options for dealing with it

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 2:19 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Failed with an error (1206 I believe) stating the database is corrupt.

Let me clarify: I, and Microsoft, have run every possible switch or command 
available via ntdsutil and esentutl. Each one failed with an error stating 
corruption. Wanting to try and edit the file manually is not a whim or a wild 
idea but a last-ditch effort unless someone has a better idea.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Michael B. Smith 
[mailto:mich...@smithcons.com]<mailto:[mailto:mich...@smithcons.com]>
Sent: Tuesday, June 12, 2012 11:56 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Have you done a defrag of the ntds.dit?

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 12:23 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Oh yes, it's up and running. Basic AD functionality is there; I can create 
users, assign permissions and other simple stuff. No replication is happening 
and it's to the point that I cannot open the EMC.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Brian Desmond 
[mailto:br...@briandesmond.com]<mailto:[mailto:br...@briandesmond.com]>
Sent: Tuesday, June 12, 2012 11:13 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Does the machine boot?

Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

w - 312.625.1438 | c   - 312.731.3132

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 10:54 AM
To: NT System Admin Issues
Subject: in-depth AD

It's a long story, aren't they all, but the root of my issue is this: I am 
getting Event ID 447 for Database Corruption on ntds.dit. Microsoft is telling 
me to do an authoritative restore. Problem is this problem goes back to 
January; it is highly doubtful I can locate a backup pre-dating that time 
frame. I inherited this mess and am just trying to fix it. This corruption is 
causing several different problems (naturally).

What I want to know from the collective list wisdom and knowledge is... is it 
possible to use a tool, such as adsiedit, to locate a specific object (it is 
called out specifically in the aforementioned event) and 
edit/massage/delete/assassinate the object?

Because, as I see it, I have three choices at this point:

1)  Auth restore (highly unlikely)

2)  Edit/massage ntds.dit (maybe?)

3)  Recreate this entire domain from scratch (seven locations 
internationally, hundreds of users and computers, lord knows how many printers 
total, plus Exchange and Great Plains, permissions on umpty-hundred shares - 
just shoot me now)

Daniel Chenault
dchena...@lgnetwork

RE: in-depth AD

[Daniel Chenault]

I can’t even log into the other two boxes. Had someone onsite plug in KVM and 
still no joy even though I’m positive the account is good since it’s the one 
I’m using elsewhere in the domain. So, no, I would say those two are not doing 
anything but using up electricity.

Daniel Chenault
dchena...@lgnetworksinc.com
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Tuesday, June 12, 2012 2:00 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

So only one of the domain controllers has this issue? And you are saying that 
the others never replicated successfully with it once they came online? But 
they are still successfully authenticating users? If that's the case, couldn't 
you just remove the offending DC and seize any FSMO roles it had?

Christopher Bodnar
Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture 
and Engineering Services

Tel 610-807-6459
3900 Burgess Place, Bethlehem, PA 18017
christopher_bod...@glic.com

[cid:image002.jpg@01CD48A8.E0E545C0]

The Guardian Life Insurance Company of America

www.guardianlife.com<http://www.guardianlife.com/>







From:Daniel Chenault 
mailto:dchena...@lgnetworksinc.com>>
To:"NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Date:    06/12/2012 02:54 PM
Subject:RE: in-depth AD




Sounds great.. one problem. There is only one DC to serve as a reference and 
that is the one with the problem. When I ran the command it said “invalid 
naming context” which I take to mean “you can’t compare it to itself you dummy”

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Tuesday, June 12, 2012 12:13 PM
To: NT System Admin Issues
Subject: Re: in-depth AD

Any chance this might really be a USN Rollback issue?

http://blogs.technet.com/b/glennl/archive/2007/07/26/clean-that-active-directory-forest-of-lingering-objects.aspx

Doing something like this on each of the domain controllers?

Repadmin /removelingeringobjects ACMEDC1 2ba99ac3-8a25-4711-8d84-c87c44902d0a 
CN=Configuration,DC=acme,DC=com
Repadmin /removelingeringobjects ACMEDC2 2ba99ac3-8a25-4711-8d84-c87c44902d0a 
CN=Configuration,DC=acme,DC=com
Christopher Bodnar
Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture 
and Engineering Services

Tel 610-807-6459
3900 Burgess Place, Bethlehem, PA 18017
christopher_bod...@glic.com

[cid:image002.jpg@01CD48A8.E0E545C0]

The Guardian Life Insurance Company of America

www.guardianlife.com<http://www.guardianlife.com/>








From:Daniel Chenault 
mailto:dchena...@lgnetworksinc.com>>
To:"NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Date:06/12/2012 11:55 AM
Subject:in-depth AD






It’s a long story, aren’t they all, but the root of my issue is this: I am 
getting Event ID 447 for Database Corruption on ntds.dit. Microsoft is telling 
me to do an authoritative restore. Problem is this problem goes back to 
January; it is highly doubtful I can locate a backup pre-dating that time 
frame. I inherited this mess and am just trying to fix it. This corruption is 
causing several different problems (naturally).

What I want to know from the collective list wisdom and knowledge is… is it 
possible to use a tool, such as adsiedit, to locate a specific object (it is 
called out specifically in the aforementioned event) and 
edit/massage/delete/assassinate the object?

Because, as I see it, I have three choices at this point:
1)  Auth restore (highly unlikely)
2)  Edit/massage ntds.dit (maybe?)
3)  Recreate this entire domain from scratch (seven locations 
internationally, hundreds of users and computers, lord knows how many printers 
total, plus Exchange and Great Plains, permissions on umpty-hundred shares – 
just shoot me now)

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
Office: 972-528-6546 x 1002
Fax: 972-982-0054
9550 Skillman Road
Suite 500
Dallas, TX 75243
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

- This message, and any attachments to 
it, may contain information that is privileged, confidential, and exempt from 
disclosure under applicable l

RE: in-depth AD

[Daniel Chenault]

I was looking at auth restore and saw that a single object can be restored. 
Okay... but the object to be restored is referenced with LDAP. So this brings 
me back to my original question, slightly modified: how do I find out the LDAP 
reference of this single object (error posted in a message in this thread) when 
all I have is an object ID?

Daniel Chenault
dchena...@lgnetworksinc.com
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: David Lum [mailto:david@nwea.org]
Sent: Tuesday, June 12, 2012 1:40 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

I happen to have Microsoft here as part of a Premier support function, they're 
here doing Active Directory Risk Assessment and Diagnosis, so we have the right 
guys here.

He agrees that unless you have a backup, you're effectively screwed. If it 
helps you feel better, what you're seeing is pretty rare :(.

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 11:19 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Failed with an error (1206 I believe) stating the database is corrupt.

Let me clarify: I, and Microsoft, have run every possible switch or command 
available via ntdsutil and esentutl. Each one failed with an error stating 
corruption. Wanting to try and edit the file manually is not a whim or a wild 
idea but a last-ditch effort unless someone has a better idea.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Michael B. Smith 
[mailto:mich...@smithcons.com]<mailto:[mailto:mich...@smithcons.com]>
Sent: Tuesday, June 12, 2012 11:56 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Have you done a defrag of the ntds.dit?

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 12:23 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Oh yes, it's up and running. Basic AD functionality is there; I can create 
users, assign permissions and other simple stuff. No replication is happening 
and it's to the point that I cannot open the EMC.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Brian Desmond 
[mailto:br...@briandesmond.com]<mailto:[mailto:br...@briandesmond.com]>
Sent: Tuesday, June 12, 2012 11:13 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Does the machine boot?

Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

w - 312.625.1438 | c   - 312.731.3132

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 10:54 AM
To: NT System Admin Issues
Subject: in-depth AD

It's a long story, aren't they all, but the root of my issue is this: I am 
getting Event ID 447 for Database Corruption on ntds.dit. Microsoft is telling 
me to do an authoritative restore. Problem is this problem goes back to 
January; it is highly doubtful I can locate a backup pre-dating that time 
frame. I inherited this mess and am just trying to fix it. This corruption is 
causing several different problems (naturally).

What I want to know from the collective list wisdom and knowledge is... is it 
possible to use a tool, such as adsiedit, to locate a specific object (it is 
called out specifically in the aforementioned event) and 
edit/massage/delete/assassinate the object?

Because, as I see it, I have three choices at this point:

1)  Auth restore (highly unlikely)

2)  Edit/massage ntds.dit (maybe?)

3)  Recreate this entire domain from scratch (seven locations 
internationally, hundreds of users and computers, lord knows how many printers 
total, plus Exchange and Great Plains, permissions on umpty-hundred shares - 
just shoot me now)

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
Office: 972-528-6546 x 1002
Fax: 972-982-0054
9550 Skillman Road
Suite 500
Dallas, TX 75243
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana

RE: in-depth AD

[Michael B. Smith]

That would be a core index, probably in the schema.

From: Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
Sent: Tuesday, June 12, 2012 2:38 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

It's an object of type... uh... I dunno... you tell me...

NTDS (1836) A bad page link (error -327) has been detected in a B+ Tree 
(ObjectID: 163, PgnoRoot: 952) of database c:\windows\ntds\ntds.dit (2596 => 
3372, 3369)


Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu]<mailto:[mailto:damien.solo...@harrison.edu]>
Sent: Tuesday, June 12, 2012 1:27 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Couple questions:

1)  I assume there are multiple domain controllers? Do they all report this 
same error or is it just one DC?

2)  What object is an error being reported on? Depending on the object type 
you may have different options for dealing with it

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 2:19 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Failed with an error (1206 I believe) stating the database is corrupt.

Let me clarify: I, and Microsoft, have run every possible switch or command 
available via ntdsutil and esentutl. Each one failed with an error stating 
corruption. Wanting to try and edit the file manually is not a whim or a wild 
idea but a last-ditch effort unless someone has a better idea.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Michael B. Smith 
[mailto:mich...@smithcons.com]<mailto:[mailto:mich...@smithcons.com]>
Sent: Tuesday, June 12, 2012 11:56 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Have you done a defrag of the ntds.dit?

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 12:23 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Oh yes, it's up and running. Basic AD functionality is there; I can create 
users, assign permissions and other simple stuff. No replication is happening 
and it's to the point that I cannot open the EMC.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Brian Desmond 
[mailto:br...@briandesmond.com]<mailto:[mailto:br...@briandesmond.com]>
Sent: Tuesday, June 12, 2012 11:13 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Does the machine boot?

Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

w - 312.625.1438 | c   - 312.731.3132

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 10:54 AM
To: NT System Admin Issues
Subject: in-depth AD

It's a long story, aren't they all, but the root of my issue is this: I am 
getting Event ID 447 for Database Corruption on ntds.dit. Microsoft is telling 
me to do an authoritative restore. Problem is this problem goes back to 
January; it is highly doubtful I can locate a backup pre-dating that time 
frame. I inherited this mess and am just trying to fix it. This corruption is 
causing several different problems (naturally).

What I want to know from the collective list wisdom and knowledge is... is it 
possible to use a tool, such as adsiedit, to locate a specific object (it is 
called out specifically in the aforementioned event) and 
edit/massage/delete/assassinate the object?

Because, as I see it, I have three choices at this point:

1)  Auth restore (highly unlikely)

2)  Edit/massage ntds.dit (maybe?)

3)  Recreate this entire domain from scratch (seven locations 
internationally, hundreds of users and computers, lord knows how many printers 
total, plus Exchange and Great Plains, permissions on umpty-hundred shares - 
just shoot me now)

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
Office: 972-528-6546 x 1002
Fax: 972-982-0054
9550 Skillman Road
Suite 500
Dallas, TX 75243
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http:

RE: in-depth AD

[Damien Solodow]

Ah... I was thinking something different based on what you were saying earlier.

Are able to get a successful system state backup from that DC?
Also, what Windows version is the DC in question?

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
Sent: Tuesday, June 12, 2012 2:38 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

It's an object of type... uh... I dunno... you tell me...

NTDS (1836) A bad page link (error -327) has been detected in a B+ Tree 
(ObjectID: 163, PgnoRoot: 952) of database c:\windows\ntds\ntds.dit (2596 => 
3372, 3369)


Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Damien Solodow 
[mailto:damien.solo...@harrison.edu]<mailto:[mailto:damien.solo...@harrison.edu]>
Sent: Tuesday, June 12, 2012 1:27 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Couple questions:

1)  I assume there are multiple domain controllers? Do they all report this 
same error or is it just one DC?

2)  What object is an error being reported on? Depending on the object type 
you may have different options for dealing with it

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 2:19 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Failed with an error (1206 I believe) stating the database is corrupt.

Let me clarify: I, and Microsoft, have run every possible switch or command 
available via ntdsutil and esentutl. Each one failed with an error stating 
corruption. Wanting to try and edit the file manually is not a whim or a wild 
idea but a last-ditch effort unless someone has a better idea.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Michael B. Smith 
[mailto:mich...@smithcons.com]<mailto:[mailto:mich...@smithcons.com]>
Sent: Tuesday, June 12, 2012 11:56 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Have you done a defrag of the ntds.dit?

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 12:23 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Oh yes, it's up and running. Basic AD functionality is there; I can create 
users, assign permissions and other simple stuff. No replication is happening 
and it's to the point that I cannot open the EMC.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Brian Desmond 
[mailto:br...@briandesmond.com]<mailto:[mailto:br...@briandesmond.com]>
Sent: Tuesday, June 12, 2012 11:13 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Does the machine boot?

Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

w - 312.625.1438 | c   - 312.731.3132

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 10:54 AM
To: NT System Admin Issues
Subject: in-depth AD

It's a long story, aren't they all, but the root of my issue is this: I am 
getting Event ID 447 for Database Corruption on ntds.dit. Microsoft is telling 
me to do an authoritative restore. Problem is this problem goes back to 
January; it is highly doubtful I can locate a backup pre-dating that time 
frame. I inherited this mess and am just trying to fix it. This corruption is 
causing several different problems (naturally).

What I want to know from the collective list wisdom and knowledge is... is it 
possible to use a tool, such as adsiedit, to locate a specific object (it is 
called out specifically in the aforementioned event) and 
edit/massage/delete/assassinate the object?

Because, as I see it, I have three choices at this point:

1)  Auth restore (highly unlikely)

2)  Edit/massage ntds.dit (maybe?)

3)  Recreate this entire domain from scratch (seven locations 
internationally, hundreds of users and computers, lord knows how many printers 
total, plus Exchange and Great Plains, permissions on umpty-hundred shares - 
just shoot me now)

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
Office: 972-528-6546 x 1002
Fax: 972-982-0054
9550 Skillman Road
Suite 500
Dallas, TX 75243
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums

RE: in-depth AD

[Christopher Bodnar]

So only one of the domain controllers has this issue? And you are saying 
that the others never replicated successfully with it once they came 
online? But they are still successfully authenticating users? If that's 
the case, couldn't you just remove the offending DC and seize any FSMO 
roles it had? 



Christopher Bodnar 
Enterprise Achitect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Daniel Chenault 
To: "NT System Admin Issues" 
Date:   06/12/2012 02:54 PM
Subject:    RE: in-depth AD



Sounds great.. one problem. There is only one DC to serve as a reference 
and that is the one with the problem. When I ran the command it said 
“invalid naming context” which I take to mean “you can’t compare it to 
itself you dummy”
 
Daniel Chenault
dchena...@lgnetworksinc.com

 
From: Christopher Bodnar [mailto:christopher_bod...@glic.com] 
Sent: Tuesday, June 12, 2012 12:13 PM
To: NT System Admin Issues
Subject: Re: in-depth AD
 
Any chance this might really be a USN Rollback issue? 

http://blogs.technet.com/b/glennl/archive/2007/07/26/clean-that-active-directory-forest-of-lingering-objects.aspx
 


Doing something like this on each of the domain controllers? 

Repadmin /removelingeringobjects ACMEDC1 
2ba99ac3-8a25-4711-8d84-c87c44902d0a CN=Configuration,DC=acme,DC=com 
Repadmin /removelingeringobjects ACMEDC2 
2ba99ac3-8a25-4711-8d84-c87c44902d0a CN=Configuration,DC=acme,DC=com 

Christopher Bodnar 
Enterprise Achitect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 


The Guardian Life Insurance Company of America

www.guardianlife.com 






From:Daniel Chenault  
To:"NT System Admin Issues"  
Date:06/12/2012 11:55 AM 
Subject:in-depth AD 




It’s a long story, aren’t they all, but the root of my issue is this: I am 
getting Event ID 447 for Database Corruption on ntds.dit. Microsoft is 
telling me to do an authoritative restore. Problem is this problem goes 
back to January; it is highly doubtful I can locate a backup pre-dating 
that time frame. I inherited this mess and am just trying to fix it. This 
corruption is causing several different problems (naturally). 
  
What I want to know from the collective list wisdom and knowledge is… is 
it possible to use a tool, such as adsiedit, to locate a specific object 
(it is called out specifically in the aforementioned event) and 
edit/massage/delete/assassinate the object? 
  
Because, as I see it, I have three choices at this point: 
1)  Auth restore (highly unlikely) 
2)  Edit/massage ntds.dit (maybe?) 
3)  Recreate this entire domain from scratch (seven locations 
internationally, hundreds of users and computers, lord knows how many 
printers total, plus Exchange and Great Plains, permissions on 
umpty-hundred shares – just shoot me now) 
  
Daniel Chenault 
dchena...@lgnetworksinc.com 
Office: 972-528-6546 x 1002 
Fax: 972-982-0054 
9550 Skillman Road 
Suite 500 
Dallas, TX 75243 

  
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin 
- This message, and any 
attachments to it, may contain information that is privileged, 
confidential, and exempt from disclosure under applicable law. If the 
reader of this message is not the intended recipient, you are notified 
that any use, dissemination, distribution, copying, or communication of 
this message is strictly prohibited. If you have received this message in 
error, please notify the sender immediately by return e-mail and delete 
the message and any attachments. Thank you. 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exem

RE: in-depth AD

[David Lum]

I happen to have Microsoft here as part of a Premier support function, they're 
here doing Active Directory Risk Assessment and Diagnosis, so we have the right 
guys here.

He agrees that unless you have a backup, you're effectively screwed. If it 
helps you feel better, what you're seeing is pretty rare :(.

From: Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
Sent: Tuesday, June 12, 2012 11:19 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Failed with an error (1206 I believe) stating the database is corrupt.

Let me clarify: I, and Microsoft, have run every possible switch or command 
available via ntdsutil and esentutl. Each one failed with an error stating 
corruption. Wanting to try and edit the file manually is not a whim or a wild 
idea but a last-ditch effort unless someone has a better idea.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[cid:image001.jpg@01CD4890.0A9C2C30]

From: Michael B. Smith 
[mailto:mich...@smithcons.com]<mailto:[mailto:mich...@smithcons.com]>
Sent: Tuesday, June 12, 2012 11:56 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Have you done a defrag of the ntds.dit?

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 12:23 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Oh yes, it's up and running. Basic AD functionality is there; I can create 
users, assign permissions and other simple stuff. No replication is happening 
and it's to the point that I cannot open the EMC.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[cid:image001.jpg@01CD4890.0A9C2C30]

From: Brian Desmond 
[mailto:br...@briandesmond.com]<mailto:[mailto:br...@briandesmond.com]>
Sent: Tuesday, June 12, 2012 11:13 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Does the machine boot?

Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

w - 312.625.1438 | c   - 312.731.3132

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 10:54 AM
To: NT System Admin Issues
Subject: in-depth AD

It's a long story, aren't they all, but the root of my issue is this: I am 
getting Event ID 447 for Database Corruption on ntds.dit. Microsoft is telling 
me to do an authoritative restore. Problem is this problem goes back to 
January; it is highly doubtful I can locate a backup pre-dating that time 
frame. I inherited this mess and am just trying to fix it. This corruption is 
causing several different problems (naturally).

What I want to know from the collective list wisdom and knowledge is... is it 
possible to use a tool, such as adsiedit, to locate a specific object (it is 
called out specifically in the aforementioned event) and 
edit/massage/delete/assassinate the object?

Because, as I see it, I have three choices at this point:

1)  Auth restore (highly unlikely)

2)  Edit/massage ntds.dit (maybe?)

3)  Recreate this entire domain from scratch (seven locations 
internationally, hundreds of users and computers, lord knows how many printers 
total, plus Exchange and Great Plains, permissions on umpty-hundred shares - 
just shoot me now)

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
Office: 972-528-6546 x 1002
Fax: 972-982-0054
9550 Skillman Road
Suite 500
Dallas, TX 75243
[cid:image001.jpg@01CD4890.0A9C2C30]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email t

RE: in-depth AD

[Daniel Chenault]

It's an object of type... uh... I dunno... you tell me...

NTDS (1836) A bad page link (error -327) has been detected in a B+ Tree 
(ObjectID: 163, PgnoRoot: 952) of database c:\windows\ntds\ntds.dit (2596 => 
3372, 3369)


Daniel Chenault
dchena...@lgnetworksinc.com
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Damien Solodow [mailto:damien.solo...@harrison.edu]
Sent: Tuesday, June 12, 2012 1:27 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Couple questions:

1)  I assume there are multiple domain controllers? Do they all report this 
same error or is it just one DC?

2)  What object is an error being reported on? Depending on the object type 
you may have different options for dealing with it

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 2:19 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Failed with an error (1206 I believe) stating the database is corrupt.

Let me clarify: I, and Microsoft, have run every possible switch or command 
available via ntdsutil and esentutl. Each one failed with an error stating 
corruption. Wanting to try and edit the file manually is not a whim or a wild 
idea but a last-ditch effort unless someone has a better idea.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Michael B. Smith 
[mailto:mich...@smithcons.com]<mailto:[mailto:mich...@smithcons.com]>
Sent: Tuesday, June 12, 2012 11:56 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Have you done a defrag of the ntds.dit?

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 12:23 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Oh yes, it's up and running. Basic AD functionality is there; I can create 
users, assign permissions and other simple stuff. No replication is happening 
and it's to the point that I cannot open the EMC.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Brian Desmond 
[mailto:br...@briandesmond.com]<mailto:[mailto:br...@briandesmond.com]>
Sent: Tuesday, June 12, 2012 11:13 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Does the machine boot?

Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

w - 312.625.1438 | c   - 312.731.3132

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 10:54 AM
To: NT System Admin Issues
Subject: in-depth AD

It's a long story, aren't they all, but the root of my issue is this: I am 
getting Event ID 447 for Database Corruption on ntds.dit. Microsoft is telling 
me to do an authoritative restore. Problem is this problem goes back to 
January; it is highly doubtful I can locate a backup pre-dating that time 
frame. I inherited this mess and am just trying to fix it. This corruption is 
causing several different problems (naturally).

What I want to know from the collective list wisdom and knowledge is... is it 
possible to use a tool, such as adsiedit, to locate a specific object (it is 
called out specifically in the aforementioned event) and 
edit/massage/delete/assassinate the object?

Because, as I see it, I have three choices at this point:

1)  Auth restore (highly unlikely)

2)  Edit/massage ntds.dit (maybe?)

3)  Recreate this entire domain from scratch (seven locations 
internationally, hundreds of users and computers, lord knows how many printers 
total, plus Exchange and Great Plains, permissions on umpty-hundred shares - 
just shoot me now)

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
Office: 972-528-6546 x 1002
Fax: 972-982-0054
9550 Skillman Road
Suite 500
Dallas, TX 75243
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsys

RE: in-depth AD

[Daniel Chenault]

Sounds great.. one problem. There is only one DC to serve as a reference and 
that is the one with the problem. When I ran the command it said “invalid 
naming context” which I take to mean “you can’t compare it to itself you dummy”

Daniel Chenault
dchena...@lgnetworksinc.com
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Tuesday, June 12, 2012 12:13 PM
To: NT System Admin Issues
Subject: Re: in-depth AD

Any chance this might really be a USN Rollback issue?

http://blogs.technet.com/b/glennl/archive/2007/07/26/clean-that-active-directory-forest-of-lingering-objects.aspx

Doing something like this on each of the domain controllers?

Repadmin /removelingeringobjects ACMEDC1 2ba99ac3-8a25-4711-8d84-c87c44902d0a 
CN=Configuration,DC=acme,DC=com
Repadmin /removelingeringobjects ACMEDC2 2ba99ac3-8a25-4711-8d84-c87c44902d0a 
CN=Configuration,DC=acme,DC=com
Christopher Bodnar
Enterprise Achitect I, Corporate Office of Technology:Enterprise Architecture 
and Engineering Services

Tel 610-807-6459
3900 Burgess Place, Bethlehem, PA 18017
christopher_bod...@glic.com

[cid:image002.jpg@01CD489F.8F126600]

The Guardian Life Insurance Company of America

www.guardianlife.com<http://www.guardianlife.com/>







From:Daniel Chenault 
mailto:dchena...@lgnetworksinc.com>>
To:"NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Date:06/12/2012 11:55 AM
Subject:in-depth AD




It’s a long story, aren’t they all, but the root of my issue is this: I am 
getting Event ID 447 for Database Corruption on ntds.dit. Microsoft is telling 
me to do an authoritative restore. Problem is this problem goes back to 
January; it is highly doubtful I can locate a backup pre-dating that time 
frame. I inherited this mess and am just trying to fix it. This corruption is 
causing several different problems (naturally).

What I want to know from the collective list wisdom and knowledge is… is it 
possible to use a tool, such as adsiedit, to locate a specific object (it is 
called out specifically in the aforementioned event) and 
edit/massage/delete/assassinate the object?

Because, as I see it, I have three choices at this point:
1)  Auth restore (highly unlikely)
2)  Edit/massage ntds.dit (maybe?)
3)  Recreate this entire domain from scratch (seven locations 
internationally, hundreds of users and computers, lord knows how many printers 
total, plus Exchange and Great Plains, permissions on umpty-hundred shares – 
just shoot me now)

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
Office: 972-528-6546 x 1002
Fax: 972-982-0054
9550 Skillman Road
Suite 500
Dallas, TX 75243
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

- This message, and any attachments to 
it, may contain information that is privileged, confidential, and exempt from 
disclosure under applicable law. If the reader of this message is not the 
intended recipient, you are notified that any use, dissemination, distribution, 
copying, or communication of this message is strictly prohibited. If you have 
received this message in error, please notify the sender immediately by return 
e-mail and delete the message and any attachments. Thank you.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<><>

RE: in-depth AD

[Michael B. Smith]

Is there just one DC?

From: Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
Sent: Tuesday, June 12, 2012 2:19 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Failed with an error (1206 I believe) stating the database is corrupt.

Let me clarify: I, and Microsoft, have run every possible switch or command 
available via ntdsutil and esentutl. Each one failed with an error stating 
corruption. Wanting to try and edit the file manually is not a whim or a wild 
idea but a last-ditch effort unless someone has a better idea.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Michael B. Smith 
[mailto:mich...@smithcons.com]<mailto:[mailto:mich...@smithcons.com]>
Sent: Tuesday, June 12, 2012 11:56 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Have you done a defrag of the ntds.dit?

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 12:23 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Oh yes, it's up and running. Basic AD functionality is there; I can create 
users, assign permissions and other simple stuff. No replication is happening 
and it's to the point that I cannot open the EMC.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Brian Desmond 
[mailto:br...@briandesmond.com]<mailto:[mailto:br...@briandesmond.com]>
Sent: Tuesday, June 12, 2012 11:13 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Does the machine boot?

Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

w - 312.625.1438 | c   - 312.731.3132

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 10:54 AM
To: NT System Admin Issues
Subject: in-depth AD

It's a long story, aren't they all, but the root of my issue is this: I am 
getting Event ID 447 for Database Corruption on ntds.dit. Microsoft is telling 
me to do an authoritative restore. Problem is this problem goes back to 
January; it is highly doubtful I can locate a backup pre-dating that time 
frame. I inherited this mess and am just trying to fix it. This corruption is 
causing several different problems (naturally).

What I want to know from the collective list wisdom and knowledge is... is it 
possible to use a tool, such as adsiedit, to locate a specific object (it is 
called out specifically in the aforementioned event) and 
edit/massage/delete/assassinate the object?

Because, as I see it, I have three choices at this point:

1)  Auth restore (highly unlikely)

2)  Edit/massage ntds.dit (maybe?)

3)  Recreate this entire domain from scratch (seven locations 
internationally, hundreds of users and computers, lord knows how many printers 
total, plus Exchange and Great Plains, permissions on umpty-hundred shares - 
just shoot me now)

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
Office: 972-528-6546 x 1002
Fax: 972-982-0054
9550 Skillman Road
Suite 500
Dallas, TX 75243
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltso

RE: in-depth AD

[Damien Solodow]

Couple questions:

1)  I assume there are multiple domain controllers? Do they all report this 
same error or is it just one DC?

2)  What object is an error being reported on? Depending on the object type 
you may have different options for dealing with it

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
Sent: Tuesday, June 12, 2012 2:19 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Failed with an error (1206 I believe) stating the database is corrupt.

Let me clarify: I, and Microsoft, have run every possible switch or command 
available via ntdsutil and esentutl. Each one failed with an error stating 
corruption. Wanting to try and edit the file manually is not a whim or a wild 
idea but a last-ditch effort unless someone has a better idea.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Michael B. Smith 
[mailto:mich...@smithcons.com]<mailto:[mailto:mich...@smithcons.com]>
Sent: Tuesday, June 12, 2012 11:56 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Have you done a defrag of the ntds.dit?

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 12:23 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Oh yes, it's up and running. Basic AD functionality is there; I can create 
users, assign permissions and other simple stuff. No replication is happening 
and it's to the point that I cannot open the EMC.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Brian Desmond 
[mailto:br...@briandesmond.com]<mailto:[mailto:br...@briandesmond.com]>
Sent: Tuesday, June 12, 2012 11:13 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Does the machine boot?

Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

w - 312.625.1438 | c   - 312.731.3132

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 10:54 AM
To: NT System Admin Issues
Subject: in-depth AD

It's a long story, aren't they all, but the root of my issue is this: I am 
getting Event ID 447 for Database Corruption on ntds.dit. Microsoft is telling 
me to do an authoritative restore. Problem is this problem goes back to 
January; it is highly doubtful I can locate a backup pre-dating that time 
frame. I inherited this mess and am just trying to fix it. This corruption is 
causing several different problems (naturally).

What I want to know from the collective list wisdom and knowledge is... is it 
possible to use a tool, such as adsiedit, to locate a specific object (it is 
called out specifically in the aforementioned event) and 
edit/massage/delete/assassinate the object?

Because, as I see it, I have three choices at this point:

1)  Auth restore (highly unlikely)

2)  Edit/massage ntds.dit (maybe?)

3)  Recreate this entire domain from scratch (seven locations 
internationally, hundreds of users and computers, lord knows how many printers 
total, plus Exchange and Great Plains, permissions on umpty-hundred shares - 
just shoot me now)

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
Office: 972-528-6546 x 1002
Fax: 972-982-0054
9550 Skillman Road
Suite 500
Dallas, TX 75243
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise

RE: in-depth AD

[Daniel Chenault]

3 DCs; the other two have NEVER experienced a successful replication because of 
this corruption. For all intents and purposes there is one DC.

Daniel Chenault
dchena...@lgnetworksinc.com
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Coleman, Hunter [mailto:hcole...@mt.gov]
Sent: Tuesday, June 12, 2012 12:04 PM
To: NT System Admin Issues
Subject: RE: in-depth AD


Are you only seeing the 447 event ID on one DC? Is replication only blocked 
to/from that one DC?




From: Daniel Chenault [dchena...@lgnetworksinc.com]
Sent: Tuesday, June 12, 2012 10:22 AM
To: NT System Admin Issues
Subject: RE: in-depth AD
Oh yes, it's up and running. Basic AD functionality is there; I can create 
users, assign permissions and other simple stuff. No replication is happening 
and it's to the point that I cannot open the EMC.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Brian Desmond 
[mailto:br...@briandesmond.com]<mailto:[mailto:br...@briandesmond.com]>
Sent: Tuesday, June 12, 2012 11:13 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Does the machine boot?

Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

w - 312.625.1438 | c   - 312.731.3132

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 10:54 AM
To: NT System Admin Issues
Subject: in-depth AD

It's a long story, aren't they all, but the root of my issue is this: I am 
getting Event ID 447 for Database Corruption on ntds.dit. Microsoft is telling 
me to do an authoritative restore. Problem is this problem goes back to 
January; it is highly doubtful I can locate a backup pre-dating that time 
frame. I inherited this mess and am just trying to fix it. This corruption is 
causing several different problems (naturally).

What I want to know from the collective list wisdom and knowledge is... is it 
possible to use a tool, such as adsiedit, to locate a specific object (it is 
called out specifically in the aforementioned event) and 
edit/massage/delete/assassinate the object?

Because, as I see it, I have three choices at this point:

1)  Auth restore (highly unlikely)

2)  Edit/massage ntds.dit (maybe?)

3)  Recreate this entire domain from scratch (seven locations 
internationally, hundreds of users and computers, lord knows how many printers 
total, plus Exchange and Great Plains, permissions on umpty-hundred shares - 
just shoot me now)

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
Office: 972-528-6546 x 1002
Fax: 972-982-0054
9550 Skillman Road
Suite 500
Dallas, TX 75243
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: in-depth AD

[Daniel Chenault]

Failed with an error (1206 I believe) stating the database is corrupt.

Let me clarify: I, and Microsoft, have run every possible switch or command 
available via ntdsutil and esentutl. Each one failed with an error stating 
corruption. Wanting to try and edit the file manually is not a whim or a wild 
idea but a last-ditch effort unless someone has a better idea.

Daniel Chenault
dchena...@lgnetworksinc.com
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Tuesday, June 12, 2012 11:56 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Have you done a defrag of the ntds.dit?

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 12:23 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Oh yes, it's up and running. Basic AD functionality is there; I can create 
users, assign permissions and other simple stuff. No replication is happening 
and it's to the point that I cannot open the EMC.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Brian Desmond 
[mailto:br...@briandesmond.com]<mailto:[mailto:br...@briandesmond.com]>
Sent: Tuesday, June 12, 2012 11:13 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Does the machine boot?

Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

w - 312.625.1438 | c   - 312.731.3132

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 10:54 AM
To: NT System Admin Issues
Subject: in-depth AD

It's a long story, aren't they all, but the root of my issue is this: I am 
getting Event ID 447 for Database Corruption on ntds.dit. Microsoft is telling 
me to do an authoritative restore. Problem is this problem goes back to 
January; it is highly doubtful I can locate a backup pre-dating that time 
frame. I inherited this mess and am just trying to fix it. This corruption is 
causing several different problems (naturally).

What I want to know from the collective list wisdom and knowledge is... is it 
possible to use a tool, such as adsiedit, to locate a specific object (it is 
called out specifically in the aforementioned event) and 
edit/massage/delete/assassinate the object?

Because, as I see it, I have three choices at this point:

1)  Auth restore (highly unlikely)

2)  Edit/massage ntds.dit (maybe?)

3)  Recreate this entire domain from scratch (seven locations 
internationally, hundreds of users and computers, lord knows how many printers 
total, plus Exchange and Great Plains, permissions on umpty-hundred shares - 
just shoot me now)

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
Office: 972-528-6546 x 1002
Fax: 972-982-0054
9550 Skillman Road
Suite 500
Dallas, TX 75243
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: in-depth AD

[Christopher Bodnar]

Any chance this might really be a USN Rollback issue? 

http://blogs.technet.com/b/glennl/archive/2007/07/26/clean-that-active-directory-forest-of-lingering-objects.aspx

Doing something like this on each of the domain controllers?

Repadmin /removelingeringobjects ACMEDC1 
2ba99ac3-8a25-4711-8d84-c87c44902d0a CN=Configuration,DC=acme,DC=com
Repadmin /removelingeringobjects ACMEDC2 
2ba99ac3-8a25-4711-8d84-c87c44902d0a CN=Configuration,DC=acme,DC=com


Christopher Bodnar 
Enterprise Achitect I, Corporate Office of Technology:Enterprise 
Architecture and Engineering Services 
Tel 610-807-6459 
3900 Burgess Place, Bethlehem, PA 18017 
christopher_bod...@glic.com 




The Guardian Life Insurance Company of America

www.guardianlife.com 







From:   Daniel Chenault 
To: "NT System Admin Issues" 
Date:   06/12/2012 11:55 AM
Subject:in-depth AD



It’s a long story, aren’t they all, but the root of my issue is this: I am 
getting Event ID 447 for Database Corruption on ntds.dit. Microsoft is 
telling me to do an authoritative restore. Problem is this problem goes 
back to January; it is highly doubtful I can locate a backup pre-dating 
that time frame. I inherited this mess and am just trying to fix it. This 
corruption is causing several different problems (naturally). 
 
What I want to know from the collective list wisdom and knowledge is… is 
it possible to use a tool, such as adsiedit, to locate a specific object 
(it is called out specifically in the aforementioned event) and 
edit/massage/delete/assassinate the object? 
 
Because, as I see it, I have three choices at this point:
1)  Auth restore (highly unlikely)
2)  Edit/massage ntds.dit (maybe?)
3)  Recreate this entire domain from scratch (seven locations 
internationally, hundreds of users and computers, lord knows how many 
printers total, plus Exchange and Great Plains, permissions on 
umpty-hundred shares – just shoot me now)
 
Daniel Chenault
dchena...@lgnetworksinc.com
Office: 972-528-6546 x 1002
Fax: 972-982-0054
9550 Skillman Road
Suite 500
Dallas, TX 75243

 
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


-
This message, and any attachments to it, may contain information
that is privileged, confidential, and exempt from disclosure under
applicable law.  If the reader of this message is not the intended
recipient, you are notified that any use, dissemination,
distribution, copying, or communication of this message is strictly
prohibited.  If you have received this message in error, please
notify the sender immediately by return e-mail and delete the
message and any attachments.  Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
<><>

RE: in-depth AD

[Coleman, Hunter]

Are you only seeing the 447 event ID on one DC? Is replication only blocked 
to/from that one DC?




From: Daniel Chenault [dchena...@lgnetworksinc.com]
Sent: Tuesday, June 12, 2012 10:22 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Oh yes, it’s up and running. Basic AD functionality is there; I can create 
users, assign permissions and other simple stuff. No replication is happening 
and it’s to the point that I cannot open the EMC.

Daniel Chenault
dchena...@lgnetworksinc.com
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Tuesday, June 12, 2012 11:13 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Does the machine boot?

Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

w – 312.625.1438 | c   – 312.731.3132

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 10:54 AM
To: NT System Admin Issues
Subject: in-depth AD

It’s a long story, aren’t they all, but the root of my issue is this: I am 
getting Event ID 447 for Database Corruption on ntds.dit. Microsoft is telling 
me to do an authoritative restore. Problem is this problem goes back to 
January; it is highly doubtful I can locate a backup pre-dating that time 
frame. I inherited this mess and am just trying to fix it. This corruption is 
causing several different problems (naturally).

What I want to know from the collective list wisdom and knowledge is… is it 
possible to use a tool, such as adsiedit, to locate a specific object (it is 
called out specifically in the aforementioned event) and 
edit/massage/delete/assassinate the object?

Because, as I see it, I have three choices at this point:

1)  Auth restore (highly unlikely)

2)  Edit/massage ntds.dit (maybe?)

3)  Recreate this entire domain from scratch (seven locations 
internationally, hundreds of users and computers, lord knows how many printers 
total, plus Exchange and Great Plains, permissions on umpty-hundred shares – 
just shoot me now)

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
Office: 972-528-6546 x 1002
Fax: 972-982-0054
9550 Skillman Road
Suite 500
Dallas, TX 75243
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: in-depth AD

[Michael B. Smith]

Have you done a defrag of the ntds.dit?

From: Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
Sent: Tuesday, June 12, 2012 12:23 PM
To: NT System Admin Issues
Subject: RE: in-depth AD

Oh yes, it's up and running. Basic AD functionality is there; I can create 
users, assign permissions and other simple stuff. No replication is happening 
and it's to the point that I cannot open the EMC.

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Brian Desmond 
[mailto:br...@briandesmond.com]<mailto:[mailto:br...@briandesmond.com]>
Sent: Tuesday, June 12, 2012 11:13 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Does the machine boot?

Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

w - 312.625.1438 | c   - 312.731.3132

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 10:54 AM
To: NT System Admin Issues
Subject: in-depth AD

It's a long story, aren't they all, but the root of my issue is this: I am 
getting Event ID 447 for Database Corruption on ntds.dit. Microsoft is telling 
me to do an authoritative restore. Problem is this problem goes back to 
January; it is highly doubtful I can locate a backup pre-dating that time 
frame. I inherited this mess and am just trying to fix it. This corruption is 
causing several different problems (naturally).

What I want to know from the collective list wisdom and knowledge is... is it 
possible to use a tool, such as adsiedit, to locate a specific object (it is 
called out specifically in the aforementioned event) and 
edit/massage/delete/assassinate the object?

Because, as I see it, I have three choices at this point:

1)  Auth restore (highly unlikely)

2)  Edit/massage ntds.dit (maybe?)

3)  Recreate this entire domain from scratch (seven locations 
internationally, hundreds of users and computers, lord knows how many printers 
total, plus Exchange and Great Plains, permissions on umpty-hundred shares - 
just shoot me now)

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
Office: 972-528-6546 x 1002
Fax: 972-982-0054
9550 Skillman Road
Suite 500
Dallas, TX 75243
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: in-depth AD

[Daniel Chenault]

Oh yes, it's up and running. Basic AD functionality is there; I can create 
users, assign permissions and other simple stuff. No replication is happening 
and it's to the point that I cannot open the EMC.

Daniel Chenault
dchena...@lgnetworksinc.com
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Brian Desmond [mailto:br...@briandesmond.com]
Sent: Tuesday, June 12, 2012 11:13 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Does the machine boot?

Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

w - 312.625.1438 | c   - 312.731.3132

From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 10:54 AM
To: NT System Admin Issues
Subject: in-depth AD

It's a long story, aren't they all, but the root of my issue is this: I am 
getting Event ID 447 for Database Corruption on ntds.dit. Microsoft is telling 
me to do an authoritative restore. Problem is this problem goes back to 
January; it is highly doubtful I can locate a backup pre-dating that time 
frame. I inherited this mess and am just trying to fix it. This corruption is 
causing several different problems (naturally).

What I want to know from the collective list wisdom and knowledge is... is it 
possible to use a tool, such as adsiedit, to locate a specific object (it is 
called out specifically in the aforementioned event) and 
edit/massage/delete/assassinate the object?

Because, as I see it, I have three choices at this point:

1)  Auth restore (highly unlikely)

2)  Edit/massage ntds.dit (maybe?)

3)  Recreate this entire domain from scratch (seven locations 
internationally, hundreds of users and computers, lord knows how many printers 
total, plus Exchange and Great Plains, permissions on umpty-hundred shares - 
just shoot me now)

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
Office: 972-528-6546 x 1002
Fax: 972-982-0054
9550 Skillman Road
Suite 500
Dallas, TX 75243
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: in-depth AD

[Daniel Chenault]

I fully understand. At this point I am looking at from the binary level; it's a 
database with corruption in a specific place that needs to be rooted out. The 
only advice I'm looking for is how to FIND the object. No one's attaching any 
liability to anyone who answers my thread.

Daniel Chenault
dchena...@lgnetworksinc.com
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Tuesday, June 12, 2012 11:06 AM
To: NT System Admin Issues
Subject: RE: in-depth AD

Without knowing a lot more, I'd hesitate to offer any advice on such a crucial 
piece of infrastructure.

I hesitate to do this, because it'll seem somewhat self-serving, but I'd 
suggest you retain someone to take an in-depth look at it:

Brian Desmond
ASB
Webster
Me
...or any AD expert you really trust.


From: Daniel Chenault 
[mailto:dchena...@lgnetworksinc.com]<mailto:[mailto:dchena...@lgnetworksinc.com]>
Sent: Tuesday, June 12, 2012 11:54 AM
To: NT System Admin Issues
Subject: in-depth AD

It's a long story, aren't they all, but the root of my issue is this: I am 
getting Event ID 447 for Database Corruption on ntds.dit. Microsoft is telling 
me to do an authoritative restore. Problem is this problem goes back to 
January; it is highly doubtful I can locate a backup pre-dating that time 
frame. I inherited this mess and am just trying to fix it. This corruption is 
causing several different problems (naturally).

What I want to know from the collective list wisdom and knowledge is... is it 
possible to use a tool, such as adsiedit, to locate a specific object (it is 
called out specifically in the aforementioned event) and 
edit/massage/delete/assassinate the object?

Because, as I see it, I have three choices at this point:

1)  Auth restore (highly unlikely)

2)  Edit/massage ntds.dit (maybe?)

3)  Recreate this entire domain from scratch (seven locations 
internationally, hundreds of users and computers, lord knows how many printers 
total, plus Exchange and Great Plains, permissions on umpty-hundred shares - 
just shoot me now)

Daniel Chenault
dchena...@lgnetworksinc.com<mailto:dchena...@lgnetworksinc.com>
Office: 972-528-6546 x 1002
Fax: 972-982-0054
9550 Skillman Road
Suite 500
Dallas, TX 75243
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: in-depth AD

[Michael B. Smith]

Without knowing a lot more, I'd hesitate to offer any advice on such a crucial 
piece of infrastructure.

I hesitate to do this, because it'll seem somewhat self-serving, but I'd 
suggest you retain someone to take an in-depth look at it:

Brian Desmond
ASB
Webster
Me
...or any AD expert you really trust.


From: Daniel Chenault [mailto:dchena...@lgnetworksinc.com]
Sent: Tuesday, June 12, 2012 11:54 AM
To: NT System Admin Issues
Subject: in-depth AD

It's a long story, aren't they all, but the root of my issue is this: I am 
getting Event ID 447 for Database Corruption on ntds.dit. Microsoft is telling 
me to do an authoritative restore. Problem is this problem goes back to 
January; it is highly doubtful I can locate a backup pre-dating that time 
frame. I inherited this mess and am just trying to fix it. This corruption is 
causing several different problems (naturally).

What I want to know from the collective list wisdom and knowledge is... is it 
possible to use a tool, such as adsiedit, to locate a specific object (it is 
called out specifically in the aforementioned event) and 
edit/massage/delete/assassinate the object?

Because, as I see it, I have three choices at this point:

1)  Auth restore (highly unlikely)

2)  Edit/massage ntds.dit (maybe?)

3)  Recreate this entire domain from scratch (seven locations 
internationally, hundreds of users and computers, lord knows how many printers 
total, plus Exchange and Great Plains, permissions on umpty-hundred shares - 
just shoot me now)

Daniel Chenault
dchena...@lgnetworksinc.com
Office: 972-528-6546 x 1002
Fax: 972-982-0054
9550 Skillman Road
Suite 500
Dallas, TX 75243
[Description: Description: cid:image001.jpg@01CCF24C.F9B05160]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>