Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why
COURSE of the MONTH
8 days, 12 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
2008 R2 Active Directory: Transfer PDC Emulator FSMO and External Time Source Sync
Posted on 2013-01-07
Hi, we're planning to decommision a DC that currently holds all the FSMO roles. We will be transferring all 5 roles to a single DC, which includes the PDC Emulator. The existing PDC Emulator is configured to sync time with an external time source. Does anyone have steps on what needs to be done on the future PDC emulator? Thanks.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3
- +2
7 Comments
Active 2 days ago
Transfer the FSMO roles and then setup your external time sync on the new DC.
To transfer FMSO roles: http://www.petri.co.il/transferring_fsmo_roles.htm
To setup external time sync (example only, you can use your own external peers of course):
W32tm /config /update /manualpeerlist:”pool.ntp.
Net stop w32time
Net start w32time
Verify:
W32tm /query /configuration
W32tm /query /source
W32tm /stripchart /computer:<source>
MO
To transfer FMSO roles: http://www.petri.co.il/transferring_fsmo_roles.htm
To setup external time sync (example only, you can use your own external peers of course):
W32tm /config /update /manualpeerlist:”pool.ntp.
Net stop w32time
Net start w32time
Verify:
W32tm /query /configuration
W32tm /query /source
W32tm /stripchart /computer:<source>
MO
Active 2 days ago
Another note, if you no longer have any Server 2008 or prior version DC's make sure to raise your forest functional level to 2008 R2, so you can take full advantage of a 2008 R2 active directory environment.
MO
MO
at the PDC emulator type the following command to set it to sync with external time source tick.usno.navy.mil and tock.usno.navy.mil.
To move the FSMO roles
Open Active Directory Users and Computers
RC the domain name and select change domain controllers
select the domain controller the role is to be transferred to
RC the domain name and select Operations Masters
Click the change button on RID, PDC, and Infrastructure tabs
Close ADUC
Register the schema snap in (open a elevated command prompt and type regsvr32 schmmgmt.dll)
Start, Run, mmc, OK
File Add/Remove Snap In
AD Schema, Add, OK
Right Click AD Schema and select change domain controllers
Select the new Schema target server, OK
RC AD Schema and select Operations Master
Click change button
I would also read this article about where to put the FSMO roles. It's not a good idea to have them all on the same server.
http://support.microsoft.com/kb/223346
w32tm /config /manualpeerlist:"tick.usno.navy.mil tock.usno.navy.mil" /syncfromflags:manual /reliable:yes /update
To move the FSMO roles
Open Active Directory Users and Computers
RC the domain name and select change domain controllers
select the domain controller the role is to be transferred to
RC the domain name and select Operations Masters
Click the change button on RID, PDC, and Infrastructure tabs
Close ADUC
Register the schema snap in (open a elevated command prompt and type regsvr32 schmmgmt.dll)
Start, Run, mmc, OK
File Add/Remove Snap In
AD Schema, Add, OK
Right Click AD Schema and select change domain controllers
Select the new Schema target server, OK
RC AD Schema and select Operations Master
Click change button
I would also read this article about where to put the FSMO roles. It's not a good idea to have them all on the same server.
http://support.microsoft.com/kb/223346
Unless you notice your FSMO role holder is overloaded you can put them all on the same box. That article is a bit dated.
Is this box also a DNS server? If it is make sure clients are pointing to the new DC/DNS for DNS (both static and DHCP clients)
Thanks
Mike
Is this box also a DNS server? If it is make sure clients are pointing to the new DC/DNS for DNS (both static and DHCP clients)
Thanks
Mike
Thanks Mike, it is a DNS/DHCP server as well and I'm running Network Monitor to see what is connecting to it via DNS. Is there any particular order you would recommend transferring the FSMO roles? Thanks.
Active 2 days ago
There is no set defined order just make sure you get them all. I would not demote the old DC until you're certain you have all clients accessing the new DC for DNS.
MO
MO
Active today
I would first check the health of Proposed role holder using dcdiag /q
Then I will check replication health using repadmin /replsum
Then only I will move FSMO roles using one of the below two article
http://technet.microsoft.com/en-us/library/cc779716(v=ws.10).aspx
http://www.elmajdal.net/win2k8/Transferring_FSMO_Roles_in_Windows_Server_2008.aspx
I have written an article to configure time service in windows Domain env Please go through it and configure time server accordingly
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/A_10789-Time-Service-Configuration.html
Do not use navy servers as your external time source it had issues in past read below article
Did Your Active Directory Domain Time Just Jump To The Year 2000?
http://blogs.technet.com/b/askpfeplat/archive/2012/11/19/did-your-active-directory-domain-time-just-jump-to-the-year-2000.aspx
Then I will check replication health using repadmin /replsum
Then only I will move FSMO roles using one of the below two article
http://technet.microsoft.com/en-us/library/cc779716(v=ws.10).aspx
http://www.elmajdal.net/win2k8/Transferring_FSMO_Roles_in_Windows_Server_2008.aspx
I have written an article to configure time service in windows Domain env Please go through it and configure time server accordingly
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/A_10789-Time-Service-Configuration.html
Do not use navy servers as your external time source it had issues in past read below article
Did Your Active Directory Domain Time Just Jump To The Year 2000?
http://blogs.technet.com/b/askpfeplat/archive/2012/11/19/did-your-active-directory-domain-time-just-jump-to-the-year-2000.aspx
Featured Post
![[Webinar] How Hackers Steal Your Credentials](https://filedb.experts-exchange.com/files/public/2017/5/20/3315d9d8-8110-4d52-be94-a5aacdd83e4b.png)
Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP, Windows Server…
- Ransomware
- Experts Exchange
- Windows XP
- Windows OS
- Windows Server 2008
- Windows Server 2003, Security
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention.
Multiple USB devices need t…
Are you ready to implement Active Directory best practices without reading 300+ pages?
You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses
Course of the Month8 days, 12 hours left to enroll
764 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.