Moving the PDC Emulator FSMO Role – Time Server Issues

I did not want this to be my first post but it needs to be posted out there somewhere for all to read.

There are plenty of documents out there on how to seize the FSMO roles in a windows 2003 domain controller, so I’ll not discuss how that is done. But many of them do not tell you a few extra steps needed if you are moving the PDC Emulator role and that server is (as it should be by default

First of all you should have your main time server on the dc which is running this role. If you transfer PDC to another DC then do the following to the previous PDC Emulator at a command prompt:

w32tm /config /syncfromflags:domhier /reliable:no /update

net stop w32time && net start w32time

This is so that within the domain controller stops looking at itself as the time server (you set it to not be reliable and then to sync it’s time from a DC in the domain hierarchy)

Then Do this to the new PDC Emulator

w32tm /config /manualpeerlist:peers /syncfromflags:manual /reliable:yes /update

(where peers specifies the list of DNS names and/or IP addresses of the NTP time source that the PDC emulator synchronizes from. For example, you can specify my favorite pool.ntp.org. When specifying multiple peers, use a space as the delimiter and enclose them in quotation marks.)

This makes your new PDC emulator look outside the domain when time syncing and makes it reliable so that other DCs will grab time from it when looking for their updates.

You can get a quick view of your network time server settings with the following command:

w32tm /monitor

There should not be any errors and they should all be pointing back to your PDC emulator which, in turn, points to your outside time source (which will change intermittently if you go to a pool of servers like pool.ntp.org)

All registry settings explained here for fine grain tuning of your time server settings.

Zach