Post FSMO roles migration -
After the FSMO roles are migrated successfully we need to check if there is a proper time sync between the new 2016 DC's and most importantly the time on PDC is correct. There can be 2 ways by which a PDC can sync time with -
1. Reach out to an online time server.
2. If there is a NTP server configured in the environment, the PDC will reach out to the NTP server for time sync.
PDC should be able to sync the time properly as all the other domain controllers sync's the time from the PDC server.
For the first option when the time is directly synced online no extra configuration needs to be done.
For the second option when time will be synced from the NTP server, below is the process of configuring NTP server details on the PDC -
1. After the PDC role is transferred to 2016 DC. Run the following command to configure the NTP server detail on 2016 DC -
w32tm /config /manualpeerlist:<ntp server ip address> /syncfromflags:manual /reliable:yes /update
2. run - net stop w32time
3. run - net start w32time
4. run - w32tm /config /syncfromflags:domhier /update
5. run - net stop w32time
6. run - net start w32time
Validate the configuration is set right -
1. Open regedit
2. Go to HKLM\System\CurrentControlSet\Services\w32time\Parameters
1. NTPServer should be set to the ip address of the NTP server.
2. Type should be set to NTP.
3. On all other DC's except the PDC. Type should be set to NT5DS.
3. Run w32tm.exe /resync /rediscover /nowait - After running this command check for event id 139.
4. Run w32tm /query /status to check the source of the time sync. The source on PDC DC should be set to NTP server and the source on all other DC's should be set to PDC server.
5. PDC should not synchronize to itself.
6. Run w32tm.exe /resync /rediscover /nowait on all other DC's to see if the DC's synchronizes correctly with the PDC.
Below is an image which describes the above process -
After the FSMO roles are migrated successfully we need to check if there is a proper time sync between the new 2016 DC's and most importantly the time on PDC is correct. There can be 2 ways by which a PDC can sync time with -
1. Reach out to an online time server.
2. If there is a NTP server configured in the environment, the PDC will reach out to the NTP server for time sync.
PDC should be able to sync the time properly as all the other domain controllers sync's the time from the PDC server.
For the first option when the time is directly synced online no extra configuration needs to be done.
For the second option when time will be synced from the NTP server, below is the process of configuring NTP server details on the PDC -
1. After the PDC role is transferred to 2016 DC. Run the following command to configure the NTP server detail on 2016 DC -
w32tm /config /manualpeerlist:<ntp server ip address> /syncfromflags:manual /reliable:yes /update
2. run - net stop w32time
3. run - net start w32time
4. run - w32tm /config /syncfromflags:domhier /update
5. run - net stop w32time
6. run - net start w32time
Validate the configuration is set right -
1. Open regedit
2. Go to HKLM\System\CurrentControlSet\Services\w32time\Parameters
1. NTPServer should be set to the ip address of the NTP server.
2. Type should be set to NTP.
3. On all other DC's except the PDC. Type should be set to NT5DS.
3. Run w32tm.exe /resync /rediscover /nowait - After running this command check for event id 139.
4. Run w32tm /query /status to check the source of the time sync. The source on PDC DC should be set to NTP server and the source on all other DC's should be set to PDC server.
5. PDC should not synchronize to itself.
6. Run w32tm.exe /resync /rediscover /nowait on all other DC's to see if the DC's synchronizes correctly with the PDC.
Below is an image which describes the above process -
No comments:
Post a Comment