Transfering the Schema Master FSMO role

On occasion, it may become necessary to move active directory FSMO roles to different servers, such as when decommissioning an old domain controller or adding new DC’s to your forest.

Of all of the FSMO roles (RID, PDC Emulator, Infrastructure Master, Domain Naming Master, and Schema Master) the procedure for moving the schema master is the one I have the hardest time remembering.

Server Configuration

Open a command prompt on the target DC that you will be transferring the schema master role to.

Enter regsvr32 schmmgmt.dll.  This registers the schema management dll so you can open it in MMC..

Next, open MMC, go to Add/Remove snap-in, click Add, select Active Directory Schema, click Add, then click Close and then Ok.

Verify the snap-in is pointed to the DC that you will be transferring the schema master role to.

Right-click on Active Directory Schema, select Change Domain Controller, select Specify Name and enter the name of the target DC in the dialog box. Click Ok.

Now, we’re ready to transfer the role.  Right-click on Active Directory Schema, then select Operations Master.

In the Change Schema Master dialog box, verify the FQDN in the lower dialog box corresponds to the name of the target DC.  Click Change, then click Ok to verify the change.

Check your Directory Service event log for event ID 1458 verifying the successful change.

Correcting W32time errors (Event ID 12)

In active directory, the PDC emulator at the root of the  forest becomes the authoritative time reference for the entire organization.

If the PDC emulator is not set to reference a reliable time source, you will see W32time events in the system log every few hours.

Correcting this error requires that you configure an authoritative active directory time source.

-There are a number of reliable external NTP servers you can sync from.  An easy one for me to remember is north-america.pool.ntp.org.  You can find host names for some others at support.ntp.org.

After you’ve selected an external time reference, open regedit and modifiy to the following keys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type

Right-click Type, click Modify, Edit Value, enter NTP in the Value data box, click OK

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags

Right-click AnnounceFlags, click Modify, Edit DWORD Value, enter 5 in the Value data box, click OK

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer

Right-click Enabled, click Modify, Edit DWORD Value, enter 1 in the Value data box, click OK.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

In the right pane, right-click NtpServer, click Modify, Edit Value, enter north-america.pool.ntp.org,0×1 in the Value data box, click OK. (make sure to append ,0×1 to the end of the string)

The following are optional.  I usually set the polling interval to 3600 seconds and leave the phase correction at the defaults unless I have a large offset I need to correct for.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval

Right-click SpecialPollInterval, click Modify.  In Edit DWORD Value, type 3600 in the Value data box, click OK.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection

In the right pane, right-click MaxPosPhaseCorrection, click Modify.  In Edit DWORD Value, click to select Decimal in the Base box.

In Edit DWORD Value, enter a reasonable value in seconds in the Value data box, click OK.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection

In the right pane, right-click MaxNegPhaseCorrection, click Modify, Edit DWORD Value, click to select Decimal in the Base box.

In Edit DWORD Value, enter a reasonable value in seconds in the Value data box, click OK.

Restart the windows time sevice by typing net stop w32time && net start w32time at a command prompt.

When your PDC emulator has successfully synchronized time with the external source you will see this in the system log.