Solved

Taking the last 2003 DC out of a 2008 R2 domain.

Posted on 2013-05-19
6
316 Views
Last Modified: 2013-06-24
I need to take the last 2003 dc out of my 2008 R2 domain. I have transferred the fsmo roles and verified they have been transferred. We have also migrated to Exchange 2010. The dc fsmo roles transfer took place about 2 weeks ago and all logs and replication look good. We now have 2 2008 R2 Dcs both as GCs. The one thing I about forgot is transferring the time server role. However, several years back I set a GPO for time services at the domain level and it applied all DCs. I have check the registry of the 2008 DCs and the GPO is applied.  With this GPO applied is there any need to do any type of tranfer of time services? Seems that I can just demote the 2003 DC since the fsmo roles have been transferred.

Barry
0
Comment
Question by:barrykeel
6 Comments
 
LVL 5

Expert Comment

by:zabicki
Comment Utility
you should create a new time server (PDC role). it is possible to run AD without a time server but it is a real nightmare. when the time offset is more than 5 min. kerberos (default settings) just stops working.
just create a new tm server on the new pdc, change GPO and the network should be fine.

simple speaking - shortcuts are ok went you hiking  . . only
0
 
LVL 2

Expert Comment

by:thomasclm
Comment Utility
Just make sure that your PDC emulator is pointing to a good time source.. All other DC's will sync with the PDC.
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
Comment Utility
Here is the command to update time source (run it on the pdc emulator)

W32tm /config /manualpeerlist:<timesourcename/IP> /syncfromflags:manual /update

I would prefer that you shutdown the 2003dc for few days/hours and see if there are any issues apart from replication error then take a full backup of it and then destroy it.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:barrykeel
Comment Utility
So the command still needs to be run on the PDC even wirh the GPO in effect? I would definitely shut it down for a week just as I did the old Exchange.
0
 
LVL 5

Accepted Solution

by:
zabicki earned 500 total points
Comment Utility
the command needs to be run on you new time server

because you have win 2008 r2 first run w32tm /unregister, reboot the machine, run w32tm register again reboot the machine and run  W32tm /config /manualpeerlist:<timesourcename/IP> /syncfromflags:manual /update where <timesourcename/IP> is an available server from http://www.pool.ntp.org/en/
then change your gpo to point to the new machine and unregister the old w2003k machine.

make sure that everything has been moved before the decommissioning
0
 
LVL 5

Expert Comment

by:zabicki
Comment Utility
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now