+ Post New Thread
Results 1 to 12 of 12
Windows Server 2008 R2 Thread, Rebuild Domain Controller in Technical; Hello, So I'm wanting to rebuild the domain controller at my workplace (if my boss allows it) however is it ...
  1. #1

    Join Date
    Feb 2014
    Location
    Cumbria
    Posts
    178
    Thank Post
    5
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Arrow Rebuild Domain Controller

    Hello,
    So I'm wanting to rebuild the domain controller at my workplace (if my boss allows it) however is it particularly hard?

    I've done the whole setting up a DC from scratch, but obviously this involves migration of users, group policies etc.


    How hard can it be?
    Let me know your thoughts/advice!

    Thanks.

  2. #2

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    9,127
    Thank Post
    351
    Thanked 1,322 Times in 907 Posts
    Blog Entries
    4
    Rep Power
    1136
    If you have more that one domain controller it shouldn't be too hard as AD/GP settings will be inherited from the other server when the rebuild is complete and the server joins the domain.

    Is there anything on the server that is to be re-built that is not present on another server? [EG: My DC1 server has Homework Tracker services and folders not present anywhere else on the domain. If I were to rebuild this server I would have to restore from backup or re-install this from scratch]

  3. #3

    Join Date
    Feb 2014
    Location
    Cumbria
    Posts
    178
    Thank Post
    5
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by DaveP View Post
    If you have more that one domain controller it shouldn't be too hard as AD/GP settings will be inherited from the other server when the rebuild is complete and the server joins the domain.

    Is there anything on the server that is to be re-built that is not present on another server? [EG: My DC1 server has Homework Tracker services and folders not present anywhere else on the domain. If I were to rebuild this server I would have to restore from backup or re-install this from scratch]
    Don't think so!
    We already have two domain controllers, however it's really messy and there are ou's and group policies all over the place, so I kinda want to redo the entire group policy system mainly.

  4. #4

    Join Date
    Jan 2014
    Posts
    8
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Quote Originally Posted by GRitchie View Post
    Don't think so!
    We already have two domain controllers, however it's really messy and there are ou's and group policies all over the place, so I kinda want to redo the entire group policy system mainly.
    Creating another domain controller isn't really the answer then as everything will replacate from the exisiting domain controllers.

    You should look at tidying up and re-organising the existing AD and GP structure, creating a new domain would be overkill IMO.

  5. #5

    Join Date
    Feb 2014
    Location
    Cumbria
    Posts
    178
    Thank Post
    5
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by heyjim View Post
    Creating another domain controller isn't really the answer then as everything will replacate from the exisiting domain controllers.

    You should look at tidying up and re-organising the existing AD and GP structure, creating a new domain would be overkill IMO.
    Okay, so is there an easy way of finding out which machines in the computer OU's are in use and which arent?

    There didn't used to be a naming system, so all machines are like 'GRITCHIE' 'GRITCHIE-2' 'GRITCHIE-NEW' etc. etc. etc.
    I suppose I just want to clean it all up and make it neat and tidy - I have OCD when it comes to things like this!

  6. #6

    Join Date
    Jan 2014
    Posts
    8
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    It's not something I've done for a while but maybe try dsquery computer -inactive 4 on your DC - that would show any computers that haven't been active for 4 weeks (you can obviously change 4 to whatever). Be careful though as sometimes laptops etc could potentially be away from the domain for x amount of time, so you wouldn't want to delete them.

    Maybe also move the computers that you know are active into a new OU?

    I'm sure they'll be loads of stuff on Google about finding inactive objects.
    Last edited by heyjim; 20th May 2014 at 10:13 PM.

  7. #7
    ADMaster's Avatar
    Join Date
    May 2012
    Posts
    348
    Thank Post
    5
    Thanked 38 Times in 33 Posts
    Rep Power
    25
    Here is a script I wrote just for this job.

    Just change the path if you wish. This will output a csv of all the computers with last logon time. Open it an excel to filter / sort by date.

    the dsquery command above can me piped to dsrm to remove the computers as well. But I would look at them in excel first to get a better visual on the dates.



    Code:
    clear
    
    $comps = Get-ADComputer -Filter * -Properties lastlogontimestamp
    
    foreach ($comp in $comps){
    $out =  $comp.Name + "," + [datetime]::FromFileTime($comp.lastlogontimestamp )
    $out | Out-File c:\work\lastlogon.csv -Append -Encoding ascii
    }
    
    echo 'Done'
    Cheers

  8. 2 Thanks to ADMaster:

    ninjashadow (21st May 2014), psydii (21st May 2014)

  9. #8

    Join Date
    Feb 2014
    Location
    Cumbria
    Posts
    178
    Thank Post
    5
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by ADMaster View Post
    Here is a script I wrote just for this job.

    Just change the path if you wish. This will output a csv of all the computers with last logon time. Open it an excel to filter / sort by date.

    the dsquery command above can me piped to dsrm to remove the computers as well. But I would look at them in excel first to get a better visual on the dates.



    Code:
    clear
    
    $comps = Get-ADComputer -Filter * -Properties lastlogontimestamp
    
    foreach ($comp in $comps){
    $out =  $comp.Name + "," + [datetime]::FromFileTime($comp.lastlogontimestamp )
    $out | Out-File c:\work\lastlogon.csv -Append -Encoding ascii
    }
    
    echo 'Done'

    Cheers
    Tried this and it didn't work for some reason :-/

  10. #9
    ADMaster's Avatar
    Join Date
    May 2012
    Posts
    348
    Thank Post
    5
    Thanked 38 Times in 33 Posts
    Rep Power
    25
    What OS are you on, I believe the get-adcomputer cmdlet is part of the windows 8/2012 RSAT. You could accomplish the same with quest's AD cmdlets with slightly different syntax. I'll see what I can find.

  11. #10
    ADMaster's Avatar
    Join Date
    May 2012
    Posts
    348
    Thank Post
    5
    Thanked 38 Times in 33 Posts
    Rep Power
    25
    Here you go, same thing except with quest AD cmdlets, you'll need to install them.


    Code:
    clear
    
    $comps = Get-QADComputer  
    
    foreach ($comp in $comps){
    $out =  $comp.Name + "," + [datetime]::FromFileTime($comp.lastlogontimestamp )
    $out | Out-File c:\work\lastlogon.csv -Append -Encoding ascii
    }
    
    echo 'Done'

  12. #11

    Join Date
    Feb 2014
    Location
    Cumbria
    Posts
    178
    Thank Post
    5
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by ADMaster View Post
    Here you go, same thing except with quest AD cmdlets, you'll need to install them.


    Code:
    clear
    
    $comps = Get-QADComputer  
    
    foreach ($comp in $comps){
    $out =  $comp.Name + "," + [datetime]::FromFileTime($comp.lastlogontimestamp )
    $out | Out-File c:\work\lastlogon.csv -Append -Encoding ascii
    }
    
    echo 'Done'
    We're on Windows Server 2008

  13. #12
    fairm010's Avatar
    Join Date
    Jun 2010
    Location
    C:/Windows/System32/
    Posts
    1,314
    Thank Post
    53
    Thanked 172 Times in 152 Posts
    Rep Power
    50
    You can use this Cjwdev | AD Info - Active Directory Reporting Tool to look at last used machines on your domain.



SHARE:
+ Post New Thread

Similar Threads

  1. Domain Controller W2K rebuild
    By armadillo in forum Windows
    Replies: 3
    Last Post: 31st August 2007, 10:00 AM
  2. Upgrading 2003 SP1 domain controller to 2003 R2
    By Andi in forum Wireless Networks
    Replies: 4
    Last Post: 27th June 2007, 02:22 PM
  3. Domain controller not registering as a DC
    By Dos_Box in forum Windows
    Replies: 5
    Last Post: 13th June 2007, 06:17 PM
  4. decommisioning a domain controller
    By Oops_my_bad in forum Windows
    Replies: 3
    Last Post: 19th April 2007, 06:54 PM
  5. Replies: 15
    Last Post: 1st April 2006, 05:13 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •