Solved

Time Synchronization

Posted on 2006-10-19
5
382 Views
Last Modified: 2009-07-29
In my company we have 3 offices. Site A is headquarters, and sites B and C are large branch offices. Each office is set up as an A.D. Site and each site has it's own DC. Also, all sites are part of the same AD Domain. Headquarters has two DC's and the PDC Emulator here holds all FSMO (second DC is Exchange Server- arghhh.) I recently came aboard here and noticed that the mast time server for the domain is located at one of the branch offices. I have ran the "net time"  command on some workstations and servers, and they are indeed looking to the branch offices's DC as the master time server. At the Other branch office, I have been hearing reports that workstations are loosing their time synchronization and rolling back an hour (so if it is really 3pm- that particular workstations thinks it is 2pm). This has caused problems such as the inability to log in (Kerberos didn't like that) and invalid time stamps in their work.

I was under the assumption that the first DC in the domain is automatically set as the master time server for that domain. This is not the case (unless that DC in the branch office was explicitley set as the master time server for some unknown reason). Regardless of how and why it happened, I need to set the PDC Emulator in headquarters as the Mast Time Server in the domain. Then I need to set the PDC Emulator query an external time serverfor it's master.

My questions are the following:

1) How do I go about making the PDC EMulator in Headquarters the master time server for the domain?
2) After that is done, how do I make all servers (Both DC's and non) to query that master time server for time synchronization?
3) In reference to question 2, can and should that be done via GPO? If so, please recommend location of GPO and best way to deploy (or batch file login script with net time /setsntp:xxxx)???
4) What do I need to be careful when I switch the master time server role to the PDC Emulator? Please let me know what to expect. Should this be done on off hours? If not, is there the possibility of downtime ?
0
Comment
Question by:Trihimbulus
  • 2
5 Comments
 
LVL 4

Expert Comment

by:Shankadude
ID: 17772417
Check this article from Microsoft about time:
http://technet2.microsoft.com/WindowsServer/en/library/71e76587-28f4-4272-a3d7-7f44ca50c0181033.mspx?mfr=true

This gives the default behaviour of windows time services.
if the situation isn't default anymore like you described you can use the w32tm command
(http://technet2.microsoft.com/WindowsServer/en/library/b43a025f-cce2-4c82-b3ea-3b95d482db3a1033.mspx?mfr=true)

Check the part about the w32tm /config /synfromflags:DOMHIER for domain hierarchy.
0
 

Author Comment

by:Trihimbulus
ID: 17798104
Thank you- can someone tell me exactly how to do this?
0
 
LVL 4

Accepted Solution

by:
Shankadude earned 500 total points
ID: 17798766
These settings can be configured from group policy, but to correct an error situation the best way I think is to do it by hand.

The commands you should use for all computers other than the master time server, like the pdc emulator is:
w32tm /config /syncfromflags:DOMHIER

for the PDC emulator you could point to an external ntp source with:

w32tm /config /manualpeerlist:pool.ntp.org /syncfromflags:MANUAL

after that you can configure a group policy if you like. The time settings are under Computer Configuration\Administrative Templates\System\Windows Time Service.

Hope this helps.

0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question