Solved

Windows 2000 Active Directory - W32Time and KCC question

Posted on 2004-04-09
7
154 Views
Last Modified: 2010-04-13
I am in the process of replacing my DC's with better machines.  All are done but one.  This last one held the Rid Master and the PDC Emulator roles before I transferred them to the new machine.  Being that it was the PDC Emulator, I made it the authoritative time server as well.  Now that the roles have been moved, I made it's replacement the authoritative time server.  I never did anything to the old machine to let it know that it wasn't the authoritative time server anymore.  Is there something I should have done?  I setup the W32Time service on all DC's to log everything and they still use the old DC to sync time with.  I am scared to dcpromo it down being that all the DC's rely on it for time sync and for another reason mentioned below.  Shouldn't the DC's automatically use the PDC Emulator for time sync or is there something I need to do to let them know that they should be sync'ing up with the new machine?  Also, all of my DC's that are in remote locations replicate with this machine.  Once I dcpromo it down, can I rely on the KCC to make new connections with one of my other DC's or is there something I need to do?  I have three DC's in HQ - 2 new ones and the one that I am waiting to dcpromo down.  I have made the two new ones preferred bridgeheads for the IP site link.  It's only been a few miinutes since I've done that so I haven't seen any change yet.  Was that the correct thing to do?  Thanks in advance.
0
Comment
Question by:TomCRiley
7 Comments
 
LVL 31

Accepted Solution

by:
Gareth Gudger earned 168 total points
ID: 10792053
You can specify the authoritive time server to clients by utilizing the NET TIME command in a logon script. Otherwise they will default to the current DC.
0
 
LVL 2

Author Comment

by:TomCRiley
ID: 10792094
I'm sorry if I was unclear but I'm not talking about the clients.  I need the other DC's to sync time with the new PDC Emulator instead of with the old one.
0
 
LVL 10

Assisted Solution

by:BloodRed
BloodRed earned 166 total points
ID: 10792165
To expound on diggisaur's comment, set the new DC to be a reliable time source(registry entry, see link below), remove the reliable time source setting from the old DC, and if necessary(I'd set it manually personally, just to be sure) set the SNTP server setting on the other DCs to look to the new PDC by using either the NET TIME command or a registry entry.

http://support.microsoft.com/default.aspx?scid=kb;en-us;223184&Product=win2000

-BR
0
 
LVL 16

Assisted Solution

by:JamesDS
JamesDS earned 166 total points
ID: 10795809
All DCs will look to the PDCEmulator for time synch UNLESS they have been told to look elsewhere by seting the following command:

NET TIME /SETSNTP:servername

So, if you want to ensure they all look at the PDCE then run this at all DCs:

NET TIME /SETSNTP:

Which will clear any previous settings and revert to the PDCE

You should then set the PDCE to look for time at your external time source:

NET TIME /SETSNTP:time.windows.com

I have used time.windows.com as an example as that is the default used by XP when it's not on a domain.

Cheers

JamesDS
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
win2k service packs 5 643
Update a root certificate 8 652
Trust between Windows Domains 2000/2003 and Windows 2012-R2 2 186
My production physical server goes down, Please help. 11 92
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Edureka is one of the fastest growing and most effective online learning sites.  We are here to help you succeed.

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now