DC migration from 2008 to 2012
We've just finished adding a new Windows Server 2012 R2 DC to our existing 2008 R2 AD environment. Everything appeared to go smoothly in the transition but we have some follow-up questions.
1. When I run "netdom query fsmo", it shows 3 of the roles being held by the new PDC, but 2 (schema master and domain naming master) are still assigned to the old PDC. Why is this, and what do I need to do to transfer the roles so I can demote the old PDC? Does this have anything to do with this message I got during migration?
2. When I run "net time" from any client (including the new PDC), it still shows the old PDC as the time source. I've run
on the new PDC and
on the old one, and all clients still show the old PDC as the time server. What do I need to do to ensure the new PDC is the only time server?
3. Is it possible to swap the IP addresses of the old and new PDCs so the new one has the same IP the old one did and nothing has to change with client connections? If so, at what point do I make the swap and is there anything else that needs to be done in conjunction with this?
1. When I run "netdom query fsmo", it shows 3 of the roles being held by the new PDC, but 2 (schema master and domain naming master) are still assigned to the old PDC. Why is this, and what do I need to do to transfer the roles so I can demote the old PDC? Does this have anything to do with this message I got during migration?
"A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain “treyresearch5.net”. Otherwise, no action is required."
2. When I run "net time" from any client (including the new PDC), it still shows the old PDC as the time source. I've run
w32tm /config /syncfromflags:manual /manualpeerlist:"0.us.pool
net stop w32time && net start w32time
net stop w32time && net start w32time
on the new PDC and
w32tm /config /syncfromflags:domhier /reliable:no /update
net stop w32time && net start w32time
net stop w32time && net start w32time
on the old one, and all clients still show the old PDC as the time server. What do I need to do to ensure the new PDC is the only time server?
3. Is it possible to swap the IP addresses of the old and new PDCs so the new one has the same IP the old one did and nothing has to change with client connections? If so, at what point do I make the swap and is there anything else that needs to be done in conjunction with this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for that. I was able to get the schema master and the domain naming master roles transferred successfully. However, I've followed the article you linked to for the time service, and the clients are still showing the old PDC as the time server. What do I need to do to fix this?
Also, does anyone know if it is possible to swap the IP addresses of the old and new PDCs so the new one has the same IP the old one did and nothing has to change with client connections? If so, at what point do I make the swap and is there anything else that needs to be done in conjunction with this?
Also, does anyone know if it is possible to swap the IP addresses of the old and new PDCs so the new one has the same IP the old one did and nothing has to change with client connections? If so, at what point do I make the swap and is there anything else that needs to be done in conjunction with this?
For 1st question
,nothing is wrong.
see below thread
https://www.experts-exchange.com/questions/28606062/DNS-delegation-option-when-promoting-DC.html
For 2nd question:
The process is correct
Check on new PDC if Event ID 35 and 37 are reporting
also check with below commands if time server configuration is successful
w32tm /query /source
w32tm /query /status
On client machines you can run below commands in .bat via GPO startup script
w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time
https://technet.microsoft.com/en-us/library/cc758905(v=ws.10).aspx
For 3rd question:
No need to swap IP
It doesn't help
Ensure that AD replication and dns name resolution happening correctly and on new DC ensure that sysvol and netlogon is shared out
Check event 1394 in directory event logs
,nothing is wrong.
see below thread
https://www.experts-exchange.com/questions/28606062/DNS-delegation-option-when-promoting-DC.html
For 2nd question:
The process is correct
Check on new PDC if Event ID 35 and 37 are reporting
also check with below commands if time server configuration is successful
w32tm /query /source
w32tm /query /status
On client machines you can run below commands in .bat via GPO startup script
w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time
https://technet.microsoft.com/en-us/library/cc758905(v=ws.10).aspx
For 3rd question:
No need to swap IP
It doesn't help
Ensure that AD replication and dns name resolution happening correctly and on new DC ensure that sysvol and netlogon is shared out
Check event 1394 in directory event logs
ASKER
Question 2: Event IDs 35 and 37 are both reporting on the new PDC, and I can see where it had previously shown in the events that it was receiving time from the old PDC, but all the newer events show the external time source I specified. So that's good, but I tried running
Question 3: We would like to swap IPs so that we don't have to change the DNS server setting for all the clients who have static IP addresses pointing to the old PDC as a DNS server. So I'm not sure what you mean by it doesn't help?
w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time
on a client (Windows 7) machine and just got an error (The system cannot find the file specified 0x80070002). I wouldn't really want to have to do this on every single client machine either, is there another option? net stop w32time
net start w32time
Question 3: We would like to swap IPs so that we don't have to change the DNS server setting for all the clients who have static IP addresses pointing to the old PDC as a DNS server. So I'm not sure what you mean by it doesn't help?
ASKER
Update: I tested shutting down the original PDC to see what "net time" would return on a client, and even though it took a few seconds longer the first time I ran it, it did return the new PDC name and time. It ran quickly after that. When I powered the old PDC back up, the client is back to reporting to it. Does this mean the new PDC is effectively operating as a time source and I can safely demote and remove the original PDC? I don't really understand why the old one is the preferred source when it's running.
Do you have a GPO in place to point to the old PDC in question? If you do maybe the policy has not applied to your machine. Also have you setup the external time source on the new PDC server?
Will.
Will.
ASKER
No, we aren't pointing to it in any GPOs. For the external time source, I set a peer list of 4 ntp sites.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks to all for the help.
Will - we were able to transfer the remaining roles successfully.
Mahesh - running the command from an elevated prompt did allow me to run it, but after doing so it still shows the old PDC. However as you mentioned it doesn't matter because it can fetch time from any DC and does so when I shut the old one down temporarily.
Saige - thanks for the tips on DHCP reservations, that's definitely something we are going to look into doing, and will also follow your instructions on IP swap when we are ready to remove the original.
Will - we were able to transfer the remaining roles successfully.
Mahesh - running the command from an elevated prompt did allow me to run it, but after doing so it still shows the old PDC. However as you mentioned it doesn't matter because it can fetch time from any DC and does so when I shut the old one down temporarily.
Saige - thanks for the tips on DHCP reservations, that's definitely something we are going to look into doing, and will also follow your instructions on IP swap when we are ready to remove the original.
-saige-