New role, inherited AD

OK so as part of my new role I am now in charge of AD.

I've been asked by the Service Desk team why sometimes the replication doesn't work properly etc.

I'm in the middle of resolving this and I've also just noticed that of the 4 DC's they have, two of them are not in the Domain Controllers OU.

Am I good to just move them back? They really shouldn't be where they are now.


  • AndersonSmithAndersonSmith Member Posts: 471 ■■■□□□□□□□
    I would check to make sure there aren't any Group Policies being applied to them in the OU they're currently in before moving them back. Have you used any of the Repadmin command or checked Event Logs to troubleshoot replication? Does anyone know why the two of the four DCs weren't put in the Domain Controllers OU to begin with? I'd do a little investigating before moving them into the Domain Controllers OU. Now, having said that, I found myself in a similar situation a few years back when I took over as a SysAdmin for my current employer. Replication between some of the DCs was very inconsistent. Ultimately the resolution was to move some of the DCs back to the Domain Controllers OU.
    All the best,

    "Everything that has a beginning has an end"
  • kiki162kiki162 Member Posts: 635
    You might be able to move them back. What DC's are on your workstations? The DC's that are not in the DC OU, what OU are they under currently, and are there any GPO's associated with them? Are those DC's doing anything else special, like have DHCP setup, or some other service that's not needed.

    My advice, take a look at things carefully first before you move them back.
  • gorebrushgorebrush Member Posts: 2,741
    Yeah I haven't rushed to move them back, the domain is fairly trivial in terms of what policies are in there so I think I won't be long until I move them back.
  • 4_lom4_lom Member Posts: 485
    If they are not in the domain controllers OU, are you sure they are getting the domain controllers GPO applied to them? If they aren't getting this GPO applied, it can cause replication (among other issues). As long as there are no non-default GPO's being applied to the servers, there shouldn't be an issue moving them back to the domain controllers OU.
    Goals for 2018: MCSA: Cloud Platform, AWS Solutions Architect, MCSA : Server 2016, MCSE: Messaging

  • powerfoolpowerfool Senior Member Member Posts: 1,649 ■■■■■■■■□□
    After getting the OU situation resolved... consider looking into setting up AD NOTIFY. There are very few situation that exist today where it would negatively impact your environment, and the improvements to replication convergence are amazing.
    AZ-204 [ ] AZ-400 [X] AZ-500
    2020 Goals: Azure Developer Associate, Azure DevOps Expert, Azure Security Associate
  • gorebrushgorebrush Member Posts: 2,741
    Thanks for the tips, all. I'll have a look at what policies are being applied. I think someone moved them because they don't understand AD :)
  • gorebrushgorebrush Member Posts: 2,741
    Nailed it - enabled triggered replication and now it's like lightning, moved DC's about and sorted all the Site link objects out.

    Thanks all
Sign In or Register to comment.