<

Time Service Configuration

Published on
31,889 Points
8,589 Views
3 Endorsements
Last Modified:
Approved
There have been many people confused about the time service configuration in Windows Domain Environment that what registry settings to be configured in DC what should be my authoritative Time server? On which server should I point external time source ?

This Article discusses some of the steps needed (at least those which I could remember), and the rest you can ask me via comments if there are any doubts or concern or correction

First of all there is no need to touch any of the Time service registry. Avoiding registry changes will save you from much of the confusion which could be created in your mind after seeing the complex time service settings in registry.

You can configure all the required settings via command line in few simple steps which will be illustrated below.

As per time service design, the server holding PDC emulator role should act as a SPOC(Source for time ) for all the Domain controller in domain

All the DC's should be getting the time from PDC role holder server. All the clients should be getting time from any of the DC where they are authenticating themselves

Now the question comes up how do I determine my PDC role holder ?
You can get the name of PDC role holder simply by running
netdom query fsmo 

Open in new window


So now you have to configure Time service on this DC you found as PDC role holder in above command. Use below commands in there order to configure you time service on PDC

net stop w32time
w32tm /unregister
w32tm /register
net start w32time
net time /setsntp: 
net stop w32time & net start w32time
w32tm /config /manualpeerlist:pool.ntp.org /syncfromflags:manual /reliable:yes /update
w32tm /resync /rediscover
net stop w32time & net start w32time

Open in new window

If you need description of any of the above command you ask me a question in comment box below, but, I would like to tell you that 7th command sets your PDC role holder to sync with pool.ntp.org server and here you should make sure that your firewall is set to allow traffic to this destination on UDP port 123

Now we need to config the same service on your other domain controllers which are not PDC role holder

Follow below set of commands again on non-PDC role holders to configure time of theese DC's. Run below command from CMD (Run as administrator if you are using 2008)

net stop w32time 
w32tm /unregister 
w32tm /register 
net start w32time 
net time /setsntp: 
Net stop w32time & net start w32time 
w32tm /config /syncfromflags:domhier /update 
W32tm /resync /rediscover 
net stop w32time & net start w32time

Open in new window



Now you will ask yourself... how do you make sure that I am getting time from the source which I have configured from above few commands ......Ok lets see a simplest command
w32tm /monitor

Open in new window

Which will output someting like below

C:\Users\artcileauthorID>w32tm /monitor
DC1.contoso.local *** PDC ***[10.10.10.10:123]:
    ICMP: 2ms delay
    NTP: +0.0000000s offset from DC1.contoso.local
        RefID: 120-88-47-10.infra.hnsdc.com [120.88.47.10]
        Stratum: 3
DC1.contoso.local *** PDC ***[10.10.10.11:123]:
    ICMP: 2ms delay
    NTP: -0.0391449s offset from DC1.contoso.local
        RefID: DC1.contoso.local [10.10.10.10]
        Stratum: 4

In above example DC1 is my time source

=======================================================================

after doing all above run
dcdiag /test:advertising 

Open in new window

to check whether your DC is advertising as authoritative time server and use w32tm /monitor command on DC to see if its time source is correct that's it

one more thing ..If you are following above method DO NOT USE GROUP POLICIES TO CONFIGURE TIME on clients

If time service is running then clients will select there authentication DC as there time source

That was all I could figure out to write here If you have any question/queries/correction please comment below I will answer when time permits :)
3
Author:Life1430
Enjoy this complimentary article view.

Get unlimited access to our entire library of technical procedures, guides, and tutorials written by certified industry professionals.

Get 7 days free
Click here to view the full article

Using this article for work? Experts Exchange can benefit your whole team.

Learn More
COLLABORATE WITH CERTIFIED PROFESSIONALS
Experts Exchange is a tech solutions provider where users receive personalized tech help from vetted certified professionals. These industry professionals also write and publish relevant articles on our site.
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Learn from the best.