• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 332
  • Last Modified:

Taking the last 2003 DC out of a 2008 R2 domain.

I need to take the last 2003 dc out of my 2008 R2 domain. I have transferred the fsmo roles and verified they have been transferred. We have also migrated to Exchange 2010. The dc fsmo roles transfer took place about 2 weeks ago and all logs and replication look good. We now have 2 2008 R2 Dcs both as GCs. The one thing I about forgot is transferring the time server role. However, several years back I set a GPO for time services at the domain level and it applied all DCs. I have check the registry of the 2008 DCs and the GPO is applied.  With this GPO applied is there any need to do any type of tranfer of time services? Seems that I can just demote the 2003 DC since the fsmo roles have been transferred.

Barry
0
barrykeel
Asked:
barrykeel
1 Solution
 
Slav ZabickiSystem EngineerCommented:
you should create a new time server (PDC role). it is possible to run AD without a time server but it is a real nightmare. when the time offset is more than 5 min. kerberos (default settings) just stops working.
just create a new tm server on the new pdc, change GPO and the network should be fine.

simple speaking - shortcuts are ok went you hiking  . . only
0
 
thomasclmCommented:
Just make sure that your PDC emulator is pointing to a good time source.. All other DC's will sync with the PDC.
0
 
Pramod UbheCommented:
Here is the command to update time source (run it on the pdc emulator)

W32tm /config /manualpeerlist:<timesourcename/IP> /syncfromflags:manual /update

I would prefer that you shutdown the 2003dc for few days/hours and see if there are any issues apart from replication error then take a full backup of it and then destroy it.
0
Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

 
barrykeelAuthor Commented:
So the command still needs to be run on the PDC even wirh the GPO in effect? I would definitely shut it down for a week just as I did the old Exchange.
0
 
Slav ZabickiSystem EngineerCommented:
the command needs to be run on you new time server

because you have win 2008 r2 first run w32tm /unregister, reboot the machine, run w32tm register again reboot the machine and run  W32tm /config /manualpeerlist:<timesourcename/IP> /syncfromflags:manual /update where <timesourcename/IP> is an available server from http://www.pool.ntp.org/en/
then change your gpo to point to the new machine and unregister the old w2003k machine.

make sure that everything has been moved before the decommissioning
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now