Solved

Time Synchronization

Posted on 2006-10-19
5
384 Views
Last Modified: 2009-07-29
In my company we have 3 offices. Site A is headquarters, and sites B and C are large branch offices. Each office is set up as an A.D. Site and each site has it's own DC. Also, all sites are part of the same AD Domain. Headquarters has two DC's and the PDC Emulator here holds all FSMO (second DC is Exchange Server- arghhh.) I recently came aboard here and noticed that the mast time server for the domain is located at one of the branch offices. I have ran the "net time"  command on some workstations and servers, and they are indeed looking to the branch offices's DC as the master time server. At the Other branch office, I have been hearing reports that workstations are loosing their time synchronization and rolling back an hour (so if it is really 3pm- that particular workstations thinks it is 2pm). This has caused problems such as the inability to log in (Kerberos didn't like that) and invalid time stamps in their work.

I was under the assumption that the first DC in the domain is automatically set as the master time server for that domain. This is not the case (unless that DC in the branch office was explicitley set as the master time server for some unknown reason). Regardless of how and why it happened, I need to set the PDC Emulator in headquarters as the Mast Time Server in the domain. Then I need to set the PDC Emulator query an external time serverfor it's master.

My questions are the following:

1) How do I go about making the PDC EMulator in Headquarters the master time server for the domain?
2) After that is done, how do I make all servers (Both DC's and non) to query that master time server for time synchronization?
3) In reference to question 2, can and should that be done via GPO? If so, please recommend location of GPO and best way to deploy (or batch file login script with net time /setsntp:xxxx)???
4) What do I need to be careful when I switch the master time server role to the PDC Emulator? Please let me know what to expect. Should this be done on off hours? If not, is there the possibility of downtime ?
0
Comment
Question by:Trihimbulus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 4

Expert Comment

by:Shankadude
ID: 17772417
Check this article from Microsoft about time:
http://technet2.microsoft.com/WindowsServer/en/library/71e76587-28f4-4272-a3d7-7f44ca50c0181033.mspx?mfr=true

This gives the default behaviour of windows time services.
if the situation isn't default anymore like you described you can use the w32tm command
(http://technet2.microsoft.com/WindowsServer/en/library/b43a025f-cce2-4c82-b3ea-3b95d482db3a1033.mspx?mfr=true)

Check the part about the w32tm /config /synfromflags:DOMHIER for domain hierarchy.
0
 

Author Comment

by:Trihimbulus
ID: 17798104
Thank you- can someone tell me exactly how to do this?
0
 
LVL 4

Accepted Solution

by:
Shankadude earned 500 total points
ID: 17798766
These settings can be configured from group policy, but to correct an error situation the best way I think is to do it by hand.

The commands you should use for all computers other than the master time server, like the pdc emulator is:
w32tm /config /syncfromflags:DOMHIER

for the PDC emulator you could point to an external ntp source with:

w32tm /config /manualpeerlist:pool.ntp.org /syncfromflags:MANUAL

after that you can configure a group policy if you like. The time settings are under Computer Configuration\Administrative Templates\System\Windows Time Service.

Hope this helps.

0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question