Layer3

Adventures in Networking, Routing, Switching, Virtualization, Storage, etc.

Posts Tagged ‘Server 2003’

Transfering the Schema Master FSMO role

Posted by Chris on April 12, 2009

On occasion, it may become necessary to move active directory FSMO roles to different servers, such as when decommissioning an old domain controller or adding new DC’s to your forest.

Of all of the FSMO roles (RID, PDC Emulator, Infrastructure Master, Domain Naming Master, and Schema Master) the procedure for moving the schema master is the one I have the hardest time remembering.

Server Configuration

Open a command prompt on the target DC that you will be transferring the schema master role to.

Enter regsvr32 schmmgmt.dll.  This registers the schema management dll so you can open it in MMC..

schema-snap-inNext, open MMC, go to Add/Remove snap-in, click Add, select Active Directory Schema, click Add, then click Close and then Ok.

Verify the snap-in is pointed to the DC that you will be transferring the schema master role to.

Right-click on Active Directory Schema, select Change Domain Controller, select Specify Name and enter the name of the target DC in the dialog box. Click Ok.

Now, we’re ready to transfer the role.  Right-click on Active Directory Schema, then select Operations Master.

schema-transferIn the Change Schema Master dialog box, verify the FQDN in the lower dialog box corresponds to the name of the target DC.  Click Change, then click Ok to verify the change.

Check your Directory Service event log for event ID 1458 verifying the successful change.

Posted in Active Directory, Networking, Server | Tagged: , , , , | 1 Comment »

Correcting W32time errors (Event ID 12)

Posted by Chris on March 30, 2009

In active directory, the PDC emulator at the root of the  forest becomes the authoritative time reference for the entire organization.

event_id-12If the PDC emulator is not set to reference a reliable time source, you will see W32time events in the system log every few hours.

Correcting this error requires that you configure an authoritative active directory time source.

-There are a number of reliable external NTP servers you can sync from.  An easy one for me to remember is north-america.pool.ntp.org.  You can find host names for some others at support.ntp.org.

After you’ve selected an external time reference, open regedit and modifiy to the following keys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type

Right-click Type, click Modify, Edit Value, enter NTP in the Value data box, click OK

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags

Right-click AnnounceFlags, click Modify, Edit DWORD Value, enter 5 in the Value data box, click OK

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer

Right-click Enabled, click Modify, Edit DWORD Value, enter 1 in the Value data box, click OK.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

In the right pane, right-click NtpServer, click Modify, Edit Value, enter north-america.pool.ntp.org,0×1 in the Value data box, click OK. (make sure to append ,0×1 to the end of the string)

The following are optional.  I usually set the polling interval to 3600 seconds and leave the phase correction at the defaults unless I have a large offset I need to correct for.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval

Right-click SpecialPollInterval, click Modify.  In Edit DWORD Value, type 3600 in the Value data box, click OK.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection

In the right pane, right-click MaxPosPhaseCorrection, click Modify.  In Edit DWORD Value, click to select Decimal in the Base box.

In Edit DWORD Value, enter a reasonable value in seconds in the Value data box, click OK.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection

In the right pane, right-click MaxNegPhaseCorrection, click Modify, Edit DWORD Value, click to select Decimal in the Base box.

In Edit DWORD Value, enter a reasonable value in seconds in the Value data box, click OK.

Restart the windows time sevice by typing net stop w32time && net start w32time at a command prompt.

event_id-35When your PDC emulator has successfully synchronized time with the external source you will see this in the system log.

Posted in Active Directory, Server | Tagged: , , | Leave a Comment »

Exporting a Windows Server 2003 DHCP Database

Posted by Chris on February 19, 2009

This is the quickest method I’ve found to move a DHCP server from one Windows 2003 server to another.

First, make sure you have the DHCP server service installed on the destination server.

Make sure the log in account you are using for the export/import has local admin privileges.

From the command prompt on the source server enter the following:

netsh dhcp server export c:\dhcpdb.txt all

This exports the database to a text file named dhcpdb.txt.

Copy this file to the destination server.

From a command prompt on the destination server enter the following:

netsh dhcp server import c:\dhcpdb.txt all

While still on the destination server go to Administrative Tools > DHCP.  Right-click on the server object select Authorize.

Wait a few seconds and select refresh, verify the green arrow appears on the server object.

Make sure to de-authorize the DHCP server on the source server.

Go to a command prompt on a desktop and perform a ipconfig /release, ipconfig /renew.  Then type ipconfig /all verify the desktop is pulling it’s ip address from the new DHCP server.

Posted in Networking, Server | Tagged: , , | Leave a Comment »