Well if the PDCE does in fact show up as Domain Role "5" the WMI Filter would be simple and you wouldn't have the tattooing problem you're experiencing when using a custom ADM. The GPP extensions might also be of use here, as they can clean up after themselves when they fall out of scope. Jamie Nelson | Infrastructure Consultant | BI&T Operations | Devon Energy | Work: 405.552.8054 | http://www.dvn.com <http://www.dvn.com/> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Crosby, Damian (IT) Sent: Thursday, June 19, 2008 2:03 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: WMI Filtering PDCE NTP Settings Enough to forget about :( Distributed datacenters and site powerdowns means the FSMO roles are often moved around. Moving the FSMO role does not unfortunately clean up the NTP registry settings appropriately especially if manual peerlists are configured using ADM extensions. Thanks. ________________________________ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Nelson, Jamie Sent: 18 June 2008 20:20 To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: WMI Filtering PDCE NTP Settings I would usually just set that in the local GPO on the PDCE so you don't have to mess with a WMI filter. You only need to do it on one box basically, so there is really no need to create a domain GPO. Although I understand your point about the PDCE role moving, how often does that really happen? Jamie Nelson | Infrastructure Consultant | BI&T Operations | Devon Energy | Work: 405.552.8054 | http://www.dvn.com <http://www.dvn.com/> From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Crosby, Damian (IT) Sent: Wednesday, June 18, 2008 11:41 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] WMI Filtering PDCE NTP Settings Does anyone use a GPO to control time settings (source NTP servers amongst others)? Further to ensure that settings are applied in the event of the FSMO PDCE role being moved does anyone filter using WMI to ensure its applied to only the PDCE? eg: select * from Win32_ComputerSystem where DomainRole = 5 Thanks! ________________________________ NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error. ________________________________ Confidentiality Warning: This message and any attachments are intended only for the use of the intended recipient(s), are confidential, and may be privileged. If you are not the intended recipient, you are hereby notified that any review, retransmission, conversion to hard copy, copying, circulation or other use of all or any portion of this message and any attachments is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system. ________________________________ NOTICE: If received in error, please destroy and notify sender. Sender does not intend to waive confidentiality or privilege. Use of this email is prohibited when received in error.