If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.
2008 R2 Active Directory: Transfer PDC Emulator FSMO and External Time Source Sync
Hi, we're planning to decommision a DC that currently holds all the FSMO roles. We will be transferring all 5 roles to a single DC, which includes the PDC Emulator. The existing PDC Emulator is configured to sync time with an external time source. Does anyone have steps on what needs to be done on the future PDC emulator? Thanks.
Asked:
Who is Participating?
Another note, if you no longer have any Server 2008 or prior version DC's make sure to raise your forest functional level to 2008 R2, so you can take full advantage of a 2008 R2 active directory environment.
MO
MO
at the PDC emulator type the following command to set it to sync with external time source tick.usno.navy.mil and tock.usno.navy.mil.
To move the FSMO roles
Open Active Directory Users and Computers
RC the domain name and select change domain controllers
select the domain controller the role is to be transferred to
RC the domain name and select Operations Masters
Click the change button on RID, PDC, and Infrastructure tabs
Close ADUC
Register the schema snap in (open a elevated command prompt and type regsvr32 schmmgmt.dll)
Start, Run, mmc, OK
File Add/Remove Snap In
AD Schema, Add, OK
Right Click AD Schema and select change domain controllers
Select the new Schema target server, OK
RC AD Schema and select Operations Master
Click change button
I would also read this article about where to put the FSMO roles. It's not a good idea to have them all on the same server.
http://support.microsoft.com/kb/223346
w32tm /config /manualpeerlist:"tick.usno.navy.mil tock.usno.navy.mil" /syncfromflags:manual /reliable:yes /update
To move the FSMO roles
Open Active Directory Users and Computers
RC the domain name and select change domain controllers
select the domain controller the role is to be transferred to
RC the domain name and select Operations Masters
Click the change button on RID, PDC, and Infrastructure tabs
Close ADUC
Register the schema snap in (open a elevated command prompt and type regsvr32 schmmgmt.dll)
Start, Run, mmc, OK
File Add/Remove Snap In
AD Schema, Add, OK
Right Click AD Schema and select change domain controllers
Select the new Schema target server, OK
RC AD Schema and select Operations Master
Click change button
I would also read this article about where to put the FSMO roles. It's not a good idea to have them all on the same server.
http://support.microsoft.com/kb/223346
Unless you notice your FSMO role holder is overloaded you can put them all on the same box. That article is a bit dated.
Is this box also a DNS server? If it is make sure clients are pointing to the new DC/DNS for DNS (both static and DHCP clients)
Thanks
Mike
Is this box also a DNS server? If it is make sure clients are pointing to the new DC/DNS for DNS (both static and DHCP clients)
Thanks
Mike
Thanks Mike, it is a DNS/DHCP server as well and I'm running Network Monitor to see what is connecting to it via DNS. Is there any particular order you would recommend transferring the FSMO roles? Thanks.
There is no set defined order just make sure you get them all. I would not demote the old DC until you're certain you have all clients accessing the new DC for DNS.
MO
MO
I would first check the health of Proposed role holder using dcdiag /q
Then I will check replication health using repadmin /replsum
Then only I will move FSMO roles using one of the below two article
http://technet.microsoft.com/en-us/library/cc779716(v=ws.10).aspx
http://www.elmajdal.net/win2k8/Transferring_FSMO_Roles_in_Windows_Server_2008.aspx
I have written an article to configure time service in windows Domain env Please go through it and configure time server accordingly
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/A_10789-Time-Service-Configuration.html
Do not use navy servers as your external time source it had issues in past read below article
Did Your Active Directory Domain Time Just Jump To The Year 2000?
http://blogs.technet.com/b/askpfeplat/archive/2012/11/19/did-your-active-directory-domain-time-just-jump-to-the-year-2000.aspx
Then I will check replication health using repadmin /replsum
Then only I will move FSMO roles using one of the below two article
http://technet.microsoft.com/en-us/library/cc779716(v=ws.10).aspx
http://www.elmajdal.net/win2k8/Transferring_FSMO_Roles_in_Windows_Server_2008.aspx
I have written an article to configure time service in windows Domain env Please go through it and configure time server accordingly
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/A_10789-Time-Service-Configuration.html
Do not use navy servers as your external time source it had issues in past read below article
Did Your Active Directory Domain Time Just Jump To The Year 2000?
http://blogs.technet.com/b/askpfeplat/archive/2012/11/19/did-your-active-directory-domain-time-just-jump-to-the-year-2000.aspx
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
To transfer FMSO roles: http://www.petri.co.il/transferring_fsmo_roles.htm
To setup external time sync (example only, you can use your own external peers of course):
W32tm /config /update /manualpeerlist:”pool.ntp.
Net stop w32time
Net start w32time
Verify:
W32tm /query /configuration
W32tm /query /source
W32tm /stripchart /computer:<source>
MO