[Samba] Network rebuild advice needed

[Peter Pollock]

So I screwed up my AD.

At some point a Windows 2019 server was attempted to be added and it messed
the schema up.

That server was removed and ceremonially burned in the fire pit but I
couldn't fix the issues that had arisen, so I restored both of the original
Samba DC's from backups and everything LOOKS OK on the surface, but they're
not replicating and for some reason some of the permissions on the drive
containing the home folders got changed even though the restore had nothing
to do with that drive... and there are other weird issues, like the windows
computers trying to log on randomly say there is no trust relationship
between them and the domain.

It's all weird and I can't work out how to fix any of it.

I built a new DC (DC3) and that initially got a copy of everything from one
of the original DC's but after that they won't replicate to it. It can
replicate outbound with both of the other DC's but not inbound and DC1 and
DC2 won't replicate with each other at all.

We are a small school and have virtually zero budget (latest DC is built on
an old desktop, so it can't stay around forever) but I've managed to get
funding for a new server, which might help.

One of my big problems is that we only have (or had) 2 servers. I couldn't
risk not having a backup DC so I built them both as samba DC's - but one is
also the fileserver. (I know, fileserves shouldn't be DC's but I didn't
have much choice).

I don't know how to fix the problems and have decided I probably need to
rebuild both of the problem servers from scratch, but my understanding is
that if I do that, I have to demote them then rebuild them with different
names so the AD doesn't get confused. Is that right?

My issue there is the shares on the fileserver. All the windows drive
mappings on the client machines are to \\dc02\sharename  - and they won't
work any more if I rebuild with a different server name. Is there a way to
migrate them across?

My fear is also that there is something screwy with the schema even now and
just rebuilding won't fix that so I'm wondering if I should start again
from scratch with a completely new domain, somehow import all the user
details and go around manually rejoining all the workstations.

I'm looking for advice here. I know I've messed up bad but I have to try to
fix it, although that's hard because now school is back in session I can't
do anything during the day, partly because I'm teaching and partly because
the teachers rely on the network for their teaching. I'm going to take the
school offline in a couple of weeks for an entire weekend to fix this
nonsense... I just don't know what the best way to go about fixing it is?