Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Time Synchronization

Posted on 2006-10-19
5
Medium Priority
?
391 Views
Last Modified: 2009-07-29
In my company we have 3 offices. Site A is headquarters, and sites B and C are large branch offices. Each office is set up as an A.D. Site and each site has it's own DC. Also, all sites are part of the same AD Domain. Headquarters has two DC's and the PDC Emulator here holds all FSMO (second DC is Exchange Server- arghhh.) I recently came aboard here and noticed that the mast time server for the domain is located at one of the branch offices. I have ran the "net time"  command on some workstations and servers, and they are indeed looking to the branch offices's DC as the master time server. At the Other branch office, I have been hearing reports that workstations are loosing their time synchronization and rolling back an hour (so if it is really 3pm- that particular workstations thinks it is 2pm). This has caused problems such as the inability to log in (Kerberos didn't like that) and invalid time stamps in their work.

I was under the assumption that the first DC in the domain is automatically set as the master time server for that domain. This is not the case (unless that DC in the branch office was explicitley set as the master time server for some unknown reason). Regardless of how and why it happened, I need to set the PDC Emulator in headquarters as the Mast Time Server in the domain. Then I need to set the PDC Emulator query an external time serverfor it's master.

My questions are the following:

1) How do I go about making the PDC EMulator in Headquarters the master time server for the domain?
2) After that is done, how do I make all servers (Both DC's and non) to query that master time server for time synchronization?
3) In reference to question 2, can and should that be done via GPO? If so, please recommend location of GPO and best way to deploy (or batch file login script with net time /setsntp:xxxx)???
4) What do I need to be careful when I switch the master time server role to the PDC Emulator? Please let me know what to expect. Should this be done on off hours? If not, is there the possibility of downtime ?
0
Comment
Question by:Trihimbulus
  • 2
3 Comments
 
LVL 4

Expert Comment

by:Shankadude
ID: 17772417
Check this article from Microsoft about time:
http://technet2.microsoft.com/WindowsServer/en/library/71e76587-28f4-4272-a3d7-7f44ca50c0181033.mspx?mfr=true

This gives the default behaviour of windows time services.
if the situation isn't default anymore like you described you can use the w32tm command
(http://technet2.microsoft.com/WindowsServer/en/library/b43a025f-cce2-4c82-b3ea-3b95d482db3a1033.mspx?mfr=true)

Check the part about the w32tm /config /synfromflags:DOMHIER for domain hierarchy.
0
 

Author Comment

by:Trihimbulus
ID: 17798104
Thank you- can someone tell me exactly how to do this?
0
 
LVL 4

Accepted Solution

by:
Shankadude earned 2000 total points
ID: 17798766
These settings can be configured from group policy, but to correct an error situation the best way I think is to do it by hand.

The commands you should use for all computers other than the master time server, like the pdc emulator is:
w32tm /config /syncfromflags:DOMHIER

for the PDC emulator you could point to an external ntp source with:

w32tm /config /manualpeerlist:pool.ntp.org /syncfromflags:MANUAL

after that you can configure a group policy if you like. The time settings are under Computer Configuration\Administrative Templates\System\Windows Time Service.

Hope this helps.

0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Kernel Data Recovery is a renowned Data Recovery solution provider which offers wide range of softwares for both enterprise and home users with its cost-effective solutions. Let's have a quick overview of the journey and data recovery tools range he…

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question