Tuesday, November 22, 2016

Synchronize Windows Server 2008 (R2) PDC time with external NTP server

PDC need to synchronize to reliable external time source and other member need to synchronize to this PDC only.

For PDC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
DWORD Value, type 5

net stop w32time

 w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org,0x1 1.pool.ntp.org,0x1 2.pool.ntp.org,0x1”  /reliable:yes /update

 w32tm /resync /rediscover

 net start w32time

 you can check result from:
Event Viewer
- w32tm /stripchart /computer:id.pool.ntp.org /samples:2 /dataonly
  error: 0x800705B4 means timeout or no access to NTP server
w32tm /query /configuration    and look for NTP server value
- HKLM\System\CurrentControlSet\services\W32Time\Parameters NTPServer value

 to reset back to default
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
For other DC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags

DWORD Value, type A

 net stop w32time

 w32tm /config /syncfromflags:DOMHIER /update

 w32tm /resync /nowait /rediscover

 net start w32time


Posted by at No comments:
Labels: ,

Tuesday, November 1, 2016

Migrating 2003 AD to 2008 R2 (Part 1)

Force promote DC2 as PDC when DC1 who hold FSMO roles no longer exist

Symptoms:
Want to migrate DC from Windows 2003 server to Windows 2008 R2 server. But DC1 who hold PDC no longer exist.

Solution:
Force moving FSMO to DC2 using ntsdutil

  1. ntdsutil
  2. roles
  3. connections
  4. connect to server DC2
  5. quit
  6. seize PDC
  7. seize schema master
  8. seize RID master
  9. seize infrastructure master
  10. seize domain naming master
  11. quit
Remove DC1 from AD using ntdsutil
  1. ntdsutil
  2. metadata cleanup
  3. connections
  4. connect to server DC2
  5. quit
  6. select operation target
  7. list domains
  8. select domain 0
  9. list sites
  10. select site 0
  11. list servers in site
  12. select server DC1
  13. quit
  14. remove selected server
  15. Confirm by click YES in message box (make sure removing DC1 server)
Remove any trails of DC1 record in:
  1. Active Directory Sites and Services
    1. remove from server object
  2. Active Directory Users and Computers
    1. remove from server object
  3. DNS
    1. remove all DC1 ip records
    2. remove from replicate


Posted by at
Labels: ,
Subscribe to: Posts (Atom)