Solved

net time returns a DC in an alternate site that's not the PDC Emulator

Posted on 2004-08-31
6
273 Views
Last Modified: 2010-04-14
Why does the "net time" command run on an XP or W2K workstation (that are joined to a W2K native mode AD) return a domain controller in another site that does not hold the PDC Emulator role ?

The XP workstation, W2K workstation and the PDC Emulator are in different subnets bound to the same site.

Also, W2K domain controllers in a third site also return the same value.

It seems to me, these machines should be returning the value of the PDC Emulator for the domain.

0
Comment
Question by:kevinbeamer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 25

Accepted Solution

by:
mikeleebrla earned 125 total points
ID: 11945978
if your workstation in question is XP and your domain is 2000 native  then the PDC emulator role is irrelivant.... as the PDC Emulator role is for backward compatibility with NT 4.0 DCs ...  the net time command will return the value of the autoritative time server for your domain, NOT the PDC emulator.  below is a link that explains how to set up the authoritative time server for your domain.  which site they are in is 100% irrelivant,,, as the time is set for the domain,,, not the site


http://support.microsoft.com/default.aspx?scid=216734
0
 

Author Comment

by:kevinbeamer
ID: 11948110
i think i've stumbled onto a microsoft undocumented feature :)

workstations, member servers and dc's in the same domain use the domain controller that comes first in the alphabet

even the pdc emulators themselves...

i know this sounds silly, but try it for yourself...

add a dc with an alphabetical name thats "higher" on the list and watch the output of "net time" shift to the new server.

i've tested this in all 5 domains in our forest and each time the result was predictable
0
 
LVL 16

Assisted Solution

by:JamesDS
JamesDS earned 125 total points
ID: 11949531
A few problems here !

The windows time service will sync workstations with the local DC and DCs will sync with the PDC emulator for the domain and then up through the forest to the root PDCE.

The PDCEmulator IS NOT IRRELEVANT ON AN AD DOMAIN. It is used (among many other things) for the timesynch and for "urgent" replication and password checking on recent change.

The NET TIME command WILL NOT NECESSARILY RETURN THE VALUE OF THE AUTHORITATIVE TIME SERVER FOR YOUR DOMAIN, it will return the time at the DC you authenticated against when you last booted up and logged on. If you run it at a DC it will return the time from the PDCEmulator for your domain.

The reason you seem to be getting the "highest" DC returning time is that all your DCs being tested are probably in the same site as you are and when DNS is queried for a local DC, it will return the IP of the DC first in the list - very possibly alphabetically.

If you had multiple sites and subnets and these were setup correctly then the DC returned would be the local one for your site.


Cheers

JamesDS
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article describes how to import Lotus Notes Contacts into Outlook 2016, 2013, 2010 and 2007 etc. with a few manual steps. You can easily export and migrate Lotus Notes contacts into Microsoft Outlook without having to use any third party tools.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question