How do I sync time on my network

Posted on 2005-04-18
Medium Priority
Last Modified: 2010-12-30
I have 2 domain controlers (win 2000 Adv server) I will be also adding third DC 2003 Server. My network has 45 Wkst. (win XP). What is the best practice to sync time. What about synchronizing time to one server over internet and than use logon script to sync the time inside??
Does somebody have the whole think down - all the steps??

Question by:josefkocarek

Expert Comment

ID: 13805933
at work we use a gps time synch to keep all the systems in synch, at home i use the automatic time sync with an online server
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 200 total points
ID: 13805941
Hi Joko,

The XP machines on your network should already be synchronising time with your PDC Emulator (the first DC on your network unless you moved it), this is default behaviour for Windows 200x networks.

You can set that server to synchronise with an external time source if you wish, there's a long list here:


The command you need to issue on the server is:

net time /setsntp:<Server Address>

Where Server Address can be one from the list above.

For the network clients (and the servers), ensure the Windows Time service (Administrative Tools / Services) is running and that you are getting no errors in the Event Log from w32time.

Beyond that they should all pick up the time from the server without further configuration or complaint.


LVL 18

Assisted Solution

by:Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security Officer
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security Officer earned 320 total points
ID: 13805971
The simplest solution to time synchronization in an Active Directory environment is to let the PDC Emulator in the forest root domain use its own CMOS clock as the source of reliable time for the forest.

If you want to ensure that the clocks on your machines are more accurate in terms of absolute (and not just relative) time, you can sync the PDC Emulator in your forest root domain to one of the reliable time servers available on the Internet. This is a good idea if your company is a large enterprise with sites spanning several countries, or if your organization has two or more forests linked by forest trusts.

The procedure for doing this on a PDC Emulator running Windows Server 2003 in the forest root domain is as follows. Open Registry Editor (regedit.exe) and configure the following registry entries:

This registry entry determines which peers W32Time will accept synchronization from. Change this REG_SZ value from NT5DS to NTP so the PDC Emulator synchronizes from the list of reliable time servers specified in the NtpServer registry entry described below.

This registry entry controls whether the local computer is marked as a reliable time server (which is only possible if the previous registry entry is set to NTP as described above). Change this REG_DWORD value from 10 to 5 here.

This registry entry specifies a space-delimited list of stratum 1 time servers from which the local computer can obtain reliable time stamps. The list may consist of one or more DNS names or IP addresses (if DNS names are used then you must append ,0x1 to the end of each DNS name). For example, to synchronize the PDC Emulator in your forest root domain with tock.usno.navy.mil, an open-access SNTP time server run by the United States Naval Observatory, change the value of the NtpServer registry entry from time.microsoft.com,0x1 to tock.usno.navy.mil,0x1 here. Alternatively, you can specify the IP address of this time server, which is instead.  I usually use the IP as it seems to work better

Now stop and restart the Windows Time service using the following commands:
net stop w32time
net start w32time

It may take an hour or so for the PDC Emulator to fully synchronize with the external time server because of the nature of the polling method W32Time uses. Depending on the latency of your Internet connection, the accuracy of the CMOS clock on your forest root PDC Emulator may be within a second or two of UTC. If you need more accurate time however, you can purchase a hardware time source like an atomic clock and connect it to your PDC emulator.

Alternatively, if you don’t want to wait for time convergence to occur between your stratum 2 time server (your forest root PDC Emulator) and the external stratum 1 time server, you can run the following command on your PDC Emulator:
w32tm /resync /rediscover

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 13806587
Good job samccarthy

I am not sure, that the answer Chris is giving me will totaly solve  problem with wkst sync. You are speeking just about PDC. What about workstations. Chris says it is automatic.

I was thinking about writing batch script
net time \\server /set /y
gpupdate /force

and post it into netlogon share and add the script into my domain controler and default domain policy login scripts. Hoping that when users login the script will sync with our PDC (server) The gpupdate /force will just force the changes in policy to apply to the particular computer or user.
LVL 71

Expert Comment

by:Chris Dent
ID: 13807096

If the workstations are not currently syncing time with the DC then check the Windows Time Service is started on each workstation.

If it is started, and they're still not picking up the right time then you may have to investigate some of the other methods such as the logon script.

But since Domain Authentication (Kerberos) relies on synchronised time within a domain then you shouldn't bump into any big problems.


Accepted Solution

salvagbf earned 480 total points
ID: 13809097
First, you want to make sure that your DC that you'll be syncing your clients with always has the right time.  To do this, first you should go to http://www.eecis.udel.edu/~mills/ntp/clock2a.html and find a time server that's close to you, then you want to activate that on your DC and your DC will automatically sync regurlarly with it.  At a command prompt on your DC type:

net time /setsntp:time.server.name.com

Then add the following lines (depending on the client) to a logon.bat file (replacing serverName with the DC your clients will be syncing with of course)

:: For Win 98
net time \\serverName /set /yes
:: For Win 2k
net time /setsntp:xxx.xxx.xxx.xxx

For Win XP you need to use GP.  
Computer Configuration -> Administrative Templates -> System -> Windows Time Service -> Time Providers
Enable "Enable Windows NTP Client
Edit and enter appropriate settings in "Configure Windows NTP Client"

LVL 18
ID: 13811761
By default, the workstations will sync with the authenticating Domain Controller which in turn syncs with the PDC Emulator.  As long as the service is turned on, it is all automatic and there is no need for scripts.  

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question