You should NOT have time skews... From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Tuesday, January 19, 2010 2:49 PM To: NT System Admin Issues Subject: RE: just who's in charge here (dom controller query)
Make the other one a GC too. You should have time skews like that. That's likely what you need to be investigating. The PDCe should be syncing to a known-good external source (like pool.ntp.org or something similar) and the other DCs should be syncing to it. Check out "w32tm /?". From: paul chinnery [mailto:pdw1...@hotmail.com] Sent: Tuesday, January 19, 2010 2:16 PM To: NT System Admin Issues Subject: RE: just who's in charge here (dom controller query) Some are dc1 (old ops master;pdc em) and some are set to the w2003 dc's. Unfortunately, we've had some cases where the time is off by 2 - 3 minutes. Both W2k DC's are gc and W2k3-dc is also a gc but not the other w2k3 dc. Flat network so all on same subnet. ________________________________ From: mich...@smithcons.com To: ntsysadmin@lyris.sunbelt-software.com Subject: RE: just who's in charge here (dom controller query) Date: Tue, 19 Jan 2010 18:43:25 +0000 PCs will sync their clocks to whatever DC they have their secure channel with (from a CMD prompt "set logonserver" will display that to you). All DCs sync to the PDCe. SO...everyone should still be in sync, to within milliseconds. Are all of your DCs group catalog servers? Are all on the same subnet? From: paul chinnery [mailto:pdw1...@hotmail.com] Sent: Tuesday, January 19, 2010 1:36 PM To: NT System Admin Issues Subject: RE: just who's in charge here (dom controller query) Here are the results from showrepl: repadmin /showrepl w2k3-dc Default-First-Site-Name\W2K3-DC DC Options: IS_GC Site Options: (none) DC object GUID: 4c35da00-ce37-4623-9d4a-c2bc95e60f96 DC invocationID: bafcea0c-da79-439a-9315-9a235f56ed7e ==== INBOUND NEIGHBORS ====================================== DC=mmc,DC=mmcwm,DC=com Default-First-Site-Name\(old ops master w2K) via RPC DC object GUID: 25944c7a-efe5-4321-b2c4-6062bf41d6b7 Last attempt @ 2010-01-19 13:27:56 was successful. Default-First-Site-Name\(secondary W2k dc) via RPC DC object GUID: d25285e6-c2f3-4971-acbf-d2289fb54733 Last attempt @ 2010-01-19 13:28:03 was successful. Default-First-Site-Name\(secondary w2003 dc) via RPC DC object GUID: 41cfc51b-3bc9-4ace-95ed-2ad72e499990 Last attempt @ 2010-01-19 13:29:34 was successful. CN=Configuration,DC=mmc,DC=mmcwm,DC=com Default-First-Site-Name\*** via RPC DC object GUID: 41cfc51b-3bc9-4ace-95ed-2ad72e499990 Last attempt @ 2010-01-19 13:11:29 was successful. Default-First-Site-Name\*** via RPC DC object GUID: 25944c7a-efe5-4321-b2c4-6062bf41d6b7 Last attempt @ 2010-01-19 13:16:56 was successful. Default-First-Site-Name\*** via RPC DC object GUID: d25285e6-c2f3-4971-acbf-d2289fb54733 Last attempt @ 2010-01-19 13:27:03 was successful. CN=Schema,CN=Configuration,DC=mmc,DC=mmcwm,DC=com Default-First-Site-Name\*** via RPC DC object GUID: 41cfc51b-3bc9-4ace-95ed-2ad72e499990 Last attempt @ 2010-01-19 12:51:19 was successful. Default-First-Site-Name\*** via RPC DC object GUID: d25285e6-c2f3-4971-acbf-d2289fb54733 Last attempt @ 2010-01-19 12:51:19 was successful. Default-First-Site-Name\*** via RPC DC object GUID: 25944c7a-efe5-4321-b2c4-6062bf41d6b7 Last attempt @ 2010-01-19 12:51:19 was successful. DC=DomainDnsZones,DC=mmc,DC=mmcwm,DC=com Default-First-Site-Name\*** via RPC DC object GUID: 41cfc51b-3bc9-4ace-95ed-2ad72e499990 Last attempt @ 2010-01-19 12:51:19 was successful. DC=ForestDnsZones,DC=mmc,DC=mmcwm,DC=com Default-First-Site-Name\*** via RPC DC object GUID: 41cfc51b-3bc9-4ace-95ed-2ad72e499990 Last attempt @ 2010-01-19 12:51:19 was successful. dcdiag shows w2k3-dc passing all tests. ________________________________ Subject: RE: just who's in charge here (dom controller query) Date: Tue, 19 Jan 2010 11:05:33 -0500 To: ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com> CC: From: christopher_bod...@glic.com<mailto:christopher_bod...@glic.com> What does replication look like in your environment? Run DCDIAG and REPADMIN to get a health status for AD replication. Chris Bodnar, MCSE Sr. Systems Engineer Infrastructure Service Delivery Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com<mailto:christopher_bod...@glic.com> Phone: 610-807-6459 Fax: 610-807-6003 ________________________________ From: pdw1...@hotmail.com [mailto:pdw1...@hotmail.com] Sent: Tuesday, January 19, 2010 10:53 AM To: NT System Admin Issues Subject: just who's in charge here (dom controller query) When we upgraded Exchange to 2007, we had to install W2k3 dc's. Right now we are in mixed mode as we have to keep a couple of the W2k DC's running. W2K3-DC (server) is the ops master and pdc emulator. However, I have run into two situations where it seems the old W2K DC (DC1) ops master seems to be causing problems. Case 1: Windows time. It appears most pc's are syncing their clocks to DC1 instead of W2K3-DC. Case 2: GPO's are not applying properly (note we don't have that many and they only apply to specific computers). Usually the error on the pc in question is that it can't contact a domain controllers to get the policy. I'm perplexed over this as I thought that whatever was the Ops Master for the domain was the top-level controller (for want of a better phrase). ________________________________ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now.<http://clk.atdmt.com/GBL/go/196390709/direct/01/> ________________________________ This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ________________________________ Hotmail: Trusted email with powerful SPAM protection. Sign up now.<http://clk.atdmt.com/GBL/go/196390707/direct/01/> ________________________________ Hotmail: Free, trusted and rich email service. Get it now.<http://clk.atdmt.com/GBL/go/196390708/direct/01/> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
