Paul,
Thanks again. Unfortunately this isn't a case where we're seeing clear
errors, just puzzling anomalies. Still several questions and gaps of
knowledge -- please pardon.
We're using four (mainly) methods in effort to determine what source a
Computer (meaning a PC, Member Server or Domain Controller):
1. "NET TIME"
2. "NET TIME /QUERYSNTP"
3. "NET TIME /DOMAIN:acme.lan"
4. "w32tm /resync" (or "w32tm -s" for Win2000), then check System Event
Log
for report of time source.
Often these report different results; Sometimes the results aren't as
expected. For instance:
- In some cases NET TIME reports the source as a DC which is not the
PDC
Emulator;
- NET TIME /DOMAIN:acme.lan never shows the PDC Emulator as the source
[but
maybe I don't understand the command -- more research in order on my
part']
- Event Log messages often report a source different than expected --
different
than that indicated by NET TIME commands;
- Often the source is indicated as our "SERVER1", a Win2000 DC which
formerly
served as the PDC Emulator. The FSMO roles, including PDC Emulator,
were
recently transferred to a new Win2003 server, DC01, a Win2003 DC.
- WinXP clients show SERVER1 as thier source (even though "NETDOM
/QUERY
FSMO" reports that the client see DC1 as the PDC)
Obviously I still have research to do and info to collect. In the
meantime
maybe you can offer some insight, particularly toward these questions:
1. Is there a definitive method (other than Event Log messages) to
determine
which source a Computer is using as it's time source? That is, to
verify
that it's using the PDC Emulator.
2. What tools exists for examining & diagnosing the mysteries of
"Domain
Hierarchy-Based Synchronization"?
Thanks Again!
Eggy
:
What errors are you getting. I don't see where there should be any
differences.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
Paul,
Thanks. Can you tell me how to make the change on the Win2000 DC?
That
is,
what command(s) are needed on the Win2000 DC in order to configure
it
to
get
it's time from the new PDC? The instructions referenced below are
for
200*3*, and don't seem to work on 2000.
This issue has lead to other questions and I plan to post them also.
I'll
post them separately but will put a link in this thread.
Thanks for your help.
Eggy
PS - I saw your web site piece about decommissioning Win2000 DCs.
It's
very
helpful -- concise and too the point. And you're right -- that IS a
nice
a$$!
:
You should reconfig the 2000 PDCe to get its time from the new
PDCe.
As
long as it stays within 5 minutes of the time from the new PDCe
Kerberos
will work fine, but I would fix it so the old DC gets its time from
the
new
PDCe.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
When a Win2003 DC is introduced into a Win2000 domain, and the
Win2003
DC
is
set as the PDC Emulator, is it necessary to update Time Server
settings
on
the former, Win2000, PDC? Microsoft offers some guidance
(details
below),
but it seems to pertain only to Win2003 (the w32tm command
switches
aren't
supported in Win2000). What about the case where the 'previous
PDC'
is
Win2000? -- How do I 'demote' it as a Time Server? Is it
automagic?
How
can
I verify it's working as planned ('net time /querysntp' indicates
the
new
PDC
emulator -- is that adequate verification)?
Thanks in advance for your help!
Eggy
Here are details of Microsoft's instructions: First, configure
Time
Service
on 'new' PDC --
http://technet2.microsoft.com/windo...ef46-4931-8e4a-2fc5b4ddb0471033.mspx?mfr=true
then change Time Service on the previous PDC emulator --
http://technet2.microsoft.com/windo...c594-4d43-9195-e54e4cb89d251033.mspx?mfr=true
