We currently have two (2012 and 2012 R2) DC but SYSVOL seems to be corrupted as we cannot apply GPOs due to permissions complains (from either server). But we don't have a valid system backup so GPOs and AD cannot be restored completely.
We have tried to restore permissions in both filesystem and GPOs but it does not help. We have gone through every and each "solution" we could find on the internet with no luck.
Can anyone provide the per directory permissions and groups as well as for the GPOs?
If we finally must restore the system from scratch, how can I keep users profiles and passwords for existing users?
Is there a way to install a new server, promote to DC and get a clean SYSVOL without loosing AD information?
What would happen with PCs where current domain users are login in if we do demote all current DCs, install a new one with the same domain name and create users with same credentials by hand? Would the still be able to log in or there is some hidden information that will detect that server has changed and will draw such accounts unusable even after rejoining the new (same name) domain?
What do you recommend in this scenario?
Thanks in advance
0 Answers