0

I have a single forest/domain with 2 DCs, SERVER2 and SERVER3. SERVER2 holds the FSMO roles. Both are healthy.

I now wish to remove SERVER2 for a clean reinstall. Based on my research for the project, I propose to take these steps:

  1. Transfer the FSMO roles to SERVER3
  2. Demote SERVER2 to a member server
  3. Remove SERVER2 from the domain
  4. Perform the reinstall of SERVER2
  5. Join SERVER2 to the domain
  6. Promote SERVER2 to a DC
  7. Transfer the FSMO roles to SERVER2

Is this all that's necessary for the task? Do I need to do any sort of cleanup or maintenance on SERVER3 after removing SERVER2 at step #3?

InteXX
  • 713
  • 13
  • 31

1 Answers1

1

The DC that holds the PDCe FSMO role is the authoritative time server for the domain. This is where the other DC's sync their time to. When you transfer the FSMO roles to SERVER3 you'll need to reconfigure the Windows Time service on SERVER3. Then when you move the FSMO roles back to the newly installed SERVER2 you'll need to reconfigure the Windows Time service on BOTH DC's. Here's how I do it:

PDCe FSMO Role Holder

net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm.exe /config /manualpeerlist:time.windows.com /syncfromflags:manual /reliable:YES /update
net stop w32time
net start w32time

Domain Members (Including other Domain Controllers)

net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /config /syncfromflags:DOMHIER /update
net stop w32time
net start w32time
joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • 1
    Thanks, Mr. Keyboard! – InteXX Dec 23 '21 at 21:03
  • Would you happen to know how to turn domain time sync OFF on a member workstation? It's hosted in a VM and I want to set it to sync from the host (which in turn syncs from the PDCe). According to [this](https://www.altaro.com/hyper-v/hyper-v-time-synchronization/) it won't do to simply disable the service. – InteXX Feb 18 '22 at 23:32
  • I ran your second script on a VM workstation. `w32tm /query /status` results... before: `Source: VM IC Time Synchronization Provider`, after: `Source: SERVER4.DOMAIN.local`. So it seems I've gone and mucked it up pretty good. – InteXX Feb 18 '22 at 23:55
  • I changed it to `/syncfromflags:NO` and now I get `Source: Local CMOS Clock`. Hm. Do you know of a way to get it back to `VM IC Time Synchronization Provider`? – InteXX Feb 19 '22 at 00:03
  • Well, never mind. It seems to have fixed itself in the time since. – InteXX Feb 19 '22 at 02:54