Solved

Migrating the PDC FSMO role from Win2003 DC to Win2008R2 DC ?

Posted on 2015-01-14
10
200 Views
Last Modified: 2015-01-21
People,

Before I configure the new Windows Server 2008 R2 domain controller VM as the definitive time source of the domain, Can anyone here please share the command and the caveats of what do I need to do to successfully transfer the FSMO role from the old Win2k3 box to the new Windows 2k8 R2 VM ?

Any help would be greatly appreciated.

Thanks,
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 24

Assisted Solution

by:NVIT
NVIT earned 100 total points
ID: 40550551
Easy. I didn't have any issues doing it. See the link I followed to transfer the roles via the GUI and related links here: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_28588800.html#a40524900
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40550562
ok, so what about the values that you typed in the registry below:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameter\
Type: NTP
NtpServer:

is it the IP address like:
64.15.205.100
	  64.15.205.101
	  208.48.81.134
	  208.48.81.133

Open in new window


or a FQDN like:
0.au.pool.ntp.org
1.au.pool.ntp.org
2.au.pool.ntp.org
3.au.pool.ntp.org

Open in new window


which one is preferred ?
0
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 400 total points
ID: 40550738
The command to set authoritative time source could be:
The command:
w32tm /config /manualpeerlist:peers  /syncfromflags:manual /reliable:yes /update

Replace peers with NTP server name, if multiple NTP servers, replace peers as shown below

w32tm /config /manualpeerlist:"contoso.com clock.adatum.com" /syncfromflags:manual /reliable:yes /update

Open in new window

http://technet.microsoft.com/en-us/library/cc786897(v=ws.10).aspx

The above command will automatically update registry
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40550984
Thanks Mahesh, I guess in this when using FQDN is there any caveats or impact due to DNS resolution ?
0
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 400 total points
ID: 40551077
That's right
U have to have proper internet access in order to reach these internet servers
Also internet DNS name resolution should work correctly
If you have any internal NTP server \ device you can point your PDC to its IP\hostname

In order to check if your time synchronization is working correctly, you can run below command on PDC server from elevated command prompt
w32tm /query /source
w32tm /query /status

Also check event ID 37 and 35 in system event log on server
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40552584
Mahesh, the command :

w32tm /query /source
w32tm /query /status

Open in new window


Doesn't work because the current old NTP server is Windows Server 2003.
0
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 400 total points
ID: 40552938
OK, are you getting event ID 35 and 37 in event viewer \ system log on 2003 PDC server?

I think you have opened TWO threads for same question.

If you are moving FSMO from old 2003 to new 2008 DC, 1st run below commands on 2003 server
w32tm /config /syncfromflags:domhier /reliable:no /update
net stop w32time
net start w32time
http://technet.microsoft.com/en-us/library/cc738042(v=ws.10).aspx

Then run commands in earlier post on new PDC server to specify new NTP server
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40553169
Not yet checked Mahesh. I'll look for it in the office tomorrow.

So when I run that command, do I need to change or modify the setting through GPO or through registry still ?
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 400 total points
ID: 40553179
I hope you already have moved PDC role to new server

Three things you need to do:
1st thing:
On old PDC run command from cmd:
w32tm /config /syncfromflags:domhier /reliable:no /update
net stop w32time
net start w32time
--------------------------------------------------------------------
2nd thing:
on new PDC run commands mentioned in my 1st comment:
Then check for event ID 35 and 37 in system event.
--------------------------------------------------------------------
3rd thing:
Lastly create GPO and setup startup script under computer configuration
Create .bat file like below

 w32tm /config /syncfromflags:domhier /update
 net stop w32time
 net start w32time

Apply this GPO to OU containing all computers and servers, hopefully this will direct \ force all computers to new PDC server for time synchronization.
0
 
LVL 8

Author Closing Comment

by:Senior IT System Engineer
ID: 40563713
Thanks !
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question