Hello all. I'm Matt and I am new here. I'm also new to this level of networking. Let me start off by explaining my situation to help everyone better understand why I'm having to do what I'm doing.
I apologize upfront if I say anything stupid. It's because I still am when it comes to Windows Server and AD DS
I have a network that was built by the previous IT guy. I have one server with all VM servers in it for everything we needed. Well, he left the company in a bad way. when I took over the role, I was not prepared at all. But the job had to be done. This system of VM's included two DCs with AD DS, DNS, and DHCP and three other Windows based servers that served the purpose of hosting different software. All of this behind SonicWall routers. I don't want to go into too much detail about the old system because I’m fading it out completely. When the last IT guy left, it was bad, like I said earlier. I was not trained on anything in any way. I came into the whole thing blind. He had access to anything within that network. Every VPN he set up. There was no way I could change all the passwords he set within the VPN users. I didn’t know how to at the time. Two weeks after his departure, our main software went down. no communication between anything. Domain showed "Unauthorized" beside the local domain name. I was able to get client computers and servers communicating again but could not get our software working. So, I started from scratch. I ordered 3 Dell PowerEdge R620 servers and a bunch of Ubiquiti networking gear. I was able to get a domain network built with a DC running AD DS and DNS. I got our software that we use for one half of the company running on new equipment on one static internet connection and had no choice but to get the other half of the company’s software up and running again on the old system that was built by the last IT guy. Reason is the software used by that part of the company is so old and pieced together that I really had to do my homework before I could think about moving the software and database over to my new network.
In the middle of all this going on, my DC starts losing the time. That causes all my client computers to lose time as well. Our credit card processing software started failing because of the time difference between us and them. I’m scrambling trying to keep this other system running and now I’ve got time syncing issues. In a hurry, I end up running some command that point my DC to look at a new external server for its time syncing. TBH, I ran a couple commands that I honestly don’t remember what they were exactly because I had never dealt with this type of issue on this type of network with Windows Server 2019. So, I made mistakes, probably more than less. I started getting Kerberos errors in my event logs and DFS Replication quit running completely (I only have one DC on my network currently, the one I am discussing). RDS stopped working correctly on all servers. I recently went to deploy Remote Desktop Licensing on my DC and it will not communicate with AD. I get random errors in my event logs. I will have all info attached with this post.
This old system that still runs the other half of the company is falling apart. I can’t figure out how to keep the last IT guy out. He is still in it. That’s a whole other story……. Every morning, I have to log into each server on the old system log into a local account on the server, join the server to workgroup the go into AD and delete each computer from computers, then rejoin each server and stuff works for the day. About 3 weeks ago I had to do this procedure on a Sunday morning for someone who was working remotely on the side of the company on the old system. That very next Monday morning, I woke up and remoted into the servers to do my procedure and all servers were still logged into their domain accounts. If I don’t do this procedure every morning, every user using terminal server via RDS and their AD accounts will get the message about no trust relationship between workstation and server. The domain account that all the servers services are tied to wont log in either until I do this procedure. When I do the rejoining to the domain with the servers, I cannot do it with the Domain Admin account originally used which is the same account used to log the servers in to run their services. I had to create a new Domain Admin account on the one DC that was still “kind of” working. Along with this going on, I also have daily duties so I’ve had little time to research between normal work stuff and my family life.
Back to my new network, and my original question. When the time got off on my DC and workstations, I think I caused a lot of the errors I’m getting. My question is, me being a novice with AD, should I try to repair or should I get the replication working and build a new DC with AD DS and DNS and let it copy over? I need to do something because I have to get RDS working for Terminal Services to be able to move this old software over to a new server. Thank you for taking the time to read this mess!
My current DC on new network is running windows server 2019
Other servers run server 2016
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 72%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 28.999999999999996%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVW%3C/text%3E%3C/svg%3E)