Loading...

Set time on a VMWare hosted domain controller

When you set up a domain controller in VMWare and join machines to it, you will typically need to set an external NTP server for it to communicate with as it will, over time become 1,2,3,4,5 minutes off. I’ve seen this numerous times. There are a few other methods to resolve this, but this is my preferred. (The immediate install won’t have this problem, it will probably crop up about 5 months down the line).

  1. Make sure you are setting this on the domain controller with the FSMO roles.
    netdom /query fsmo
  2. Stop the time service (you will usually get the best results this way)
    net stop w32time
  3. Set the time sources you will use. This site has an excellent list. https://tf.nist.gov/tf-cgi/servers.cgi
    w32tm /config /syncfromflags:manual /manualpeerlist:time.nist.gov
  4. Set your domain controller as a reliable time source for clients connecting.
    w32tm /config /reliable:yes
  5. Start the time service back up
    net start w32time
  6. Force a time update
    w32tm /query /configuration
  7. Verify your work
    w32tm /query /status

This was used on Windows Server 2019 and should work on 2016 as well. Older versions I haven’t used this exact process on.

Swap Domain Controller

I was tasked with moving the domain controller to another server so the license for the Server Essentials 2012 could be re-purposed for a specific software program. This also removed the 25 user restriction limit of Server Essentials. I had to first virtualize the environment which is another story altogether. So here’s what I had to do:

  1. Install the Server 2012 Standard
  2. Install the Active Directory Role — the process is pretty straightforward
  3. Point DHCP server to the new Server Install IP for DNS.
  4. Verify a few clients have picked up the new IP over the next few days. It will take time to renew the IP leases. I didn’t uninstall the DNS role from the Essentials copy anyhow so this wasn’t mandatory for me.
  5. Open Active Directory Users and Computers on the new DC
  6. Right click and choose Operations Masters. Click change on each tab.
  7. Open Active Directory Domains and Trusts, right click the root node and click Operations Master. Click Change.
  8. Open cmd as admin and type regsvr32 schmmgmt.dll and push enter
  9. Type mmc and push enter
  10. File> Add/Remove snapin, Find Active Directory Schema snap-in and open it
  11. Right click the new snapin, click Change Active Directory Domain Controller…
  12. Click on your new DC and click OK. You’ll get a message, don’t worry about it.
  13. Right click again on the snapin and click Operations Master… Click Change
    1. Change grayed out? Make sure you are a schema admin member in AD Users/ Groups. Log off and back on.
  14. Run dcdiag /a to verify everything is ok and proceed to demoting your old DC.

 

This is a great tutorial as well:

Transferring FSMO Roles

error: