Hello,

I've been lurking for about 4 months now and for my first post I wish to respectfully request the ear of sysadmin, and perhaps some advice.

I am the new guy at work (about a month off of probation) and they have me sitting on an understaffed helpdesk despite claims they're still looking for someone to take on the role. I've been aiming at network/system administration but have accepted that some time in the trenches isn't terrible for someone with little professional experience, but a few issues have been cropping up that need to be sorted out before they get out of hand, and while I like to think I have a solid understanding of the concepts of Active Directory (passed my AD 2008 Config MCTS), I lack both experience and a mentor to really guide further investigation into the matter.

The problems:

1. Exchange 2003 server no longer relays email for external domains (not a huge issue, they are migrating to a new server anyway so I just added lower priority MX records and Accepted all internal domains to patch this temporarily)

2. Exchange 2010 server is not sending emails to most nested groups but will send to direct members of the distribution lists. It is also not allowing me to make changes to the 'Send As..' permissions on public folders still on the Exchange 2003 database, giving me Access Denied errors (patched the first issue using powershell to move users around) It is also no longer resolving user's names against their email addresses.

3. I suspect that at least one of our three DCs is pretty borked, we're getting all kinds of replication and DNS events, specifically one where the primary DNS service won't start unless the AD replication signals that it has synchronized successfully (4013), while the AD logs are telling me it can't make changed because the AD DS is too busy processing information (1083).

4. Our FortiGuard Web Filter is no longer authenticating on the DCs and treating everyone like guests (blocking Google, so many tickets), but this only occurs every now and then and is probably linked to #3

With that said I am pretty sure we're having trouble with replication but dcdiag and repadmin are coming back with successful results on all their tests unless I forget to run something as an administrator. I have been sifting through our DNS records and IP settings and by all accounts the DCs should be able to talk to one another but I wouldn't be surprised if I missed something silly. Attempting to restart replication has been met with little success either.

The events started over the course of the last week and a half. The only major work that I am aware of around then was two weeks ago when someone in my department decided to expand the DHCP scope at the primary office. Instead of letting the old scope run out, they went and deleted the old scope and created a new one that included the former one. Wasn't too surprised when I found out that a number of servers and workstations stopped being in the right subnet or started having duplicate IP addresses.

tldr: Our systems appear to be growing more dis-joined and unstable, I am getting over my head and could use some assistance.

Thanks for your time