Time Synchronization

In my company we have 3 offices. Site A is headquarters, and sites B and C are large branch offices. Each office is set up as an A.D. Site and each site has it's own DC. Also, all sites are part of the same AD Domain. Headquarters has two DC's and the PDC Emulator here holds all FSMO (second DC is Exchange Server- arghhh.) I recently came aboard here and noticed that the mast time server for the domain is located at one of the branch offices. I have ran the "net time"  command on some workstations and servers, and they are indeed looking to the branch offices's DC as the master time server. At the Other branch office, I have been hearing reports that workstations are loosing their time synchronization and rolling back an hour (so if it is really 3pm- that particular workstations thinks it is 2pm). This has caused problems such as the inability to log in (Kerberos didn't like that) and invalid time stamps in their work.

I was under the assumption that the first DC in the domain is automatically set as the master time server for that domain. This is not the case (unless that DC in the branch office was explicitley set as the master time server for some unknown reason). Regardless of how and why it happened, I need to set the PDC Emulator in headquarters as the Mast Time Server in the domain. Then I need to set the PDC Emulator query an external time serverfor it's master.

My questions are the following:

1) How do I go about making the PDC EMulator in Headquarters the master time server for the domain?
2) After that is done, how do I make all servers (Both DC's and non) to query that master time server for time synchronization?
3) In reference to question 2, can and should that be done via GPO? If so, please recommend location of GPO and best way to deploy (or batch file login script with net time /setsntp:xxxx)???
4) What do I need to be careful when I switch the master time server role to the PDC Emulator? Please let me know what to expect. Should this be done on off hours? If not, is there the possibility of downtime ?
TrihimbulusAsked:
Who is Participating?
 
ShankadudeConnect With a Mentor Commented:
These settings can be configured from group policy, but to correct an error situation the best way I think is to do it by hand.

The commands you should use for all computers other than the master time server, like the pdc emulator is:
w32tm /config /syncfromflags:DOMHIER

for the PDC emulator you could point to an external ntp source with:

w32tm /config /manualpeerlist:pool.ntp.org /syncfromflags:MANUAL

after that you can configure a group policy if you like. The time settings are under Computer Configuration\Administrative Templates\System\Windows Time Service.

Hope this helps.

0
 
ShankadudeCommented:
Check this article from Microsoft about time:
http://technet2.microsoft.com/WindowsServer/en/library/71e76587-28f4-4272-a3d7-7f44ca50c0181033.mspx?mfr=true

This gives the default behaviour of windows time services.
if the situation isn't default anymore like you described you can use the w32tm command
(http://technet2.microsoft.com/WindowsServer/en/library/b43a025f-cce2-4c82-b3ea-3b95d482db3a1033.mspx?mfr=true)

Check the part about the w32tm /config /synfromflags:DOMHIER for domain hierarchy.
0
 
TrihimbulusAuthor Commented:
Thank you- can someone tell me exactly how to do this?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.