AD and GPO corruption tool or tests

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hey guys

I know this is a stupid question..but how can I prove
through testing and log files that AD and GPO is corrupt?

is there a tool i can use on client and server to prove AD and GPO is corrupt?

thanks

 

You can try using the Resultant Set of Policy tool that is built into Windows 2003.

This tests to see what the effect would be once the policy has been applied.

 

and yes, GPO sections not applied. not even on reboot

andwhat has happended is we have been getting slow logons.
with Applying Comuter Settings.. and we have had network slowness.
and we have had AD security violations in the form of
users were in Groups that should not be some user were users
that were in DOmain Admin groups no seeming patttern just some crossing of users in Groups they should not be in! and both admins have never put them in those grooups and combined with slow logons
with GPO just thought i could test AD database?? tool
thanks this is why i am asking a tool for AD database:

 

I would seriously think about turning auditing on for account management events, so that you get feedback when things change!

 

great idea! it has never happened in the 2 years i have been there...but that is a rockin idea!

you are a genius blue rinse

will do that..I will let you all know what i find out.

i have used so many recommended tools working directly with
an MCSE..who is by far consider a expert all around the cities
he is dumbfounded..
i have used.
even view
netlogo.log, userenv.log
nltest /dsgetdc:domian.com
netdiag, dcdiag and all passed!
we have some funny stuff in the userenv and netlog.log
that are showing GPO not being applied
of which we know using GPO results

butu what causes the lag time? or latency?? and
Apply Computer settings..we can see that in netlog.log
it times out and then logs on! and doesnt apply some GPO settings but the latency is like 2.3 to 3 minutes time laps..
but I am going for broke and reconfiguring the DNS servers to see what that willl do I think our main DNS is over worked!
which cause latency which causes slowlogons and GPO corrupting and or not being applied.

will let you knowbuds!

robert(itdaddy)

 

Did you try the solution to XP taking a long time to log in solution I posted in your other thread?

Pete (def not a genius!).

 

hey bud (bluerinse) refresh me
i probably tried what you said! didnt you mention auditing??
great idea i havent config auditiing yet but will do! next week

in the netlogon.logs you see time laps of 2 to 3 minutes then
it times out and logs on!

but in my home domain, i have SRV calls to my servers and then it logs on..whereas the netlogon.log logs atr work the netlogon
trace seems to be Netbios calls and usages! i know that both
windows 2k pro and xp use DNS to locate DC but XP does it exclusively looking for SRV recoreds correct guys! and then times out if not finding SRV?? and uses netbios way and cached information on local PC?? to me in the netlogons at work there no tcp ip calls I call them to the SRV records it has many FLAGs like DS_NETBIOS etc and very hard to find a Technote on the definitions of some of the combonations of FLAGs it gives out.


can AD get corrupt???

duh me! we did have a DOmain controller have and issue with
active directory and it not replicatiing to its NTDS folder.
in other words, this DC had outdated ntds database.
so we redid it...so many pieces to this puzzle

i will let you guys/gals know what happens next monday when
we have the MCSE techs and phone support from Microsoft
talk to us...going to be interesting but if i were a betting man
i would redo the DNS and AD database to fresh and reboot
and i bet that fixes it!
we shall see

blue rinse what did you recommend to me again it was auditing right and what else??

 

hey sparky

freaking wow! thanks

just what i need

hey forgive me if i dont say thanks and not reply
sometimes i am here and there very busy guy and all
but i appreciate you man!
you rock!
will let you know what up!

thanks a million

robert;D

 

You must of missed my post #6 in this other thread of yours!

Good reason to not cross post!