Moving primary NTP to another DC and verify comms in advance

Question

Moving primary NTP to another DC and verify comms in advance

Sabir Mohamed 41

I am doing a DR drill and for which I need to switch off primary DC for 2 days and during which we will be moving FSMO roles and NTP to domain controller in DR. HOw I can move primary NTP pointing to another DC, which command I can run to make it existing primary DC as normal NTP client and DR DC as primary NTP.
Also, how I will check NTP port communication to the DR DC works fine from other server\client subnets.

Thanks,

Accepted answer

1 additional answer

Your answer

Answer 1

Hello @Sabir Mohamed

First you need to reset the old PDCe time service, so that it is part of the domain hierarchy (Or you just want to reset a client back to default).

From a command prompt on the old NTP server

"net time /setsntp: "

(Note the blank space prior to the end ")
The prior command line tells the DC to delete the current registry settings for the time service

Follow this by:

w32tm /config /syncfromflags:domhier /update

The prior command line should reset the domain time hierarchy

Follow this by:

net stop w32time && net start w32time

This DC should now be part of the time domain hierarchy

Next you need to assign the NTP service to the new PDCe

To verify the PDCe role run the following from a command prompt

Netdom query fsmo

Once you have established the correct DC, follow the steps below as taken from KB816042

Change the server type to NTP. To do this, follow these steps:
Click Start, click Run, type regedit, and then click OK.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
In the right pane, right-click Type, and then click Modify.
In Edit Value, type NTP in the Value data box, and then click OK.
Set AnnounceFlags to 5. To do this, follow these steps:
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
In the right pane, right-click AnnounceFlags, and then click Modify.
In Edit DWORD Value, type 5 in the Value data box, and then click OK.
Enable NTPServer. To do this, follow these steps:
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
In the right pane, right-click Enabled, and then click Modify.
In Edit DWORD Value, type 1 in the Value data box, and then click OK.
Specify the time sources. To do this, follow these steps:
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
In the right pane, right-click NtpServer, and then click Modify.
In Edit Value, type Peers in the Value data box, and then click OK.
Note
Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0x1 to the end of each DNS name. If you do not append ,0x1 to the end of each DNS name, the changes made in step 5 will not take effect.

Select the poll interval. To do this, follow these steps:
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval
In the right pane, right-click SpecialPollInterval, and then click Modify.
In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
Note
TimeInSeconds is a placeholder for the number of seconds that you want between each poll. A recommended value is 900 Decimal. This value configures the Time Server to poll every 15 minutes.

Configure the time correction settings. To do this, follow these steps:
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection
In the right pane, right-click MaxPosPhaseCorrection, and then click Modify.
In Edit DWORD Value, click to select Decimal in the Base box.
In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.

Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection
In the right pane, right-click MaxNegPhaseCorrection, and then click Modify.
In Edit DWORD Value, click to select Decimal in the Base box.
In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
Note
TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.

Quit Registry Editor.
At the command prompt, type the following command to restart the Windows Time service, and then press ENTER:
net stop w32time && net start w32time

Reference – "Keeping the Domain on Time" a Microsoft Blog
http://blogs.msdn.com/b/w32time/archive/2007/09/04/keeping-the-domain-on-time.aspx

Hope this helps with your query,

-----------

--If the reply is helpful, please Upvote and Accept as answer--

Sabir Mohamed 41 Reputation points

2022-01-06T06:42:29.303+00:00

Thank you for the detailed post...

Yes, I will change the ntp to another DC ( FSMO roles will be moved first to this DC)
Then, again after the drill will revert back to the old setup.

This is because drill will be going fo 2 days and we were having issue with time previously when we switched off PDC without moving ntp but only FSMO to other DR DC.

I will mark it answer once tested.

Answer 2

Anonymous

On the PDC emulator you can run

w32tm /unregister
net stop w32time
w32tm /register
net start w32time
w32tm /config /manualpeerlist:<ntp ip address> /syncfromflags:manual /reliable:yes /update
net stop w32time
net start w32time
then check
w32tm /query /source
w32tm /query /configuration

--please don't forget to upvote and Accept as answer if the reply is helpful--

Anonymous

2022-01-05T14:48:55.213+00:00

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--
Sabir Mohamed 41 Reputation points

2022-01-06T06:43:42.167+00:00

Thanks Patrick..

CAn you elaborate what to do on existing ntp server ( to make it normal ntp client) and on new DR DC ( to make it primary ntp)
Anonymous

2022-01-06T13:23:12.51+00:00
All others should use NT5DS time

Some general info

All domain members should use NT5DS domain time.

Desktops and member servers sync with any domain controller.

Domain controllers sync with PDC emulator (one per domain)

PDC emulator in child domain can sync with any domain controller in parent domain.

PDC emulator in parent domain syncs with either a hardware clock or possibly an external source.
https://blogs.technet.microsoft.com/nepapfe/2013/03/01/its-simple-time-configuration-in-active-directory/

So you can run below

w32tm /unregister
net stop w32time
w32tm /register
net start w32time
w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time
then check
w32tm /query /source
w32tm /query /configuration

--please don't forget to upvote and Accept as answer if the reply is helpful--
Anonymous

2022-01-10T13:22:16.797+00:00

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--

Share via

Moving primary NTP to another DC and verify comms in advance

1 additional answer

Your answer