Solved

Time Synchronization

Posted on 2006-10-19
5
383 Views
Last Modified: 2009-07-29
In my company we have 3 offices. Site A is headquarters, and sites B and C are large branch offices. Each office is set up as an A.D. Site and each site has it's own DC. Also, all sites are part of the same AD Domain. Headquarters has two DC's and the PDC Emulator here holds all FSMO (second DC is Exchange Server- arghhh.) I recently came aboard here and noticed that the mast time server for the domain is located at one of the branch offices. I have ran the "net time"  command on some workstations and servers, and they are indeed looking to the branch offices's DC as the master time server. At the Other branch office, I have been hearing reports that workstations are loosing their time synchronization and rolling back an hour (so if it is really 3pm- that particular workstations thinks it is 2pm). This has caused problems such as the inability to log in (Kerberos didn't like that) and invalid time stamps in their work.

I was under the assumption that the first DC in the domain is automatically set as the master time server for that domain. This is not the case (unless that DC in the branch office was explicitley set as the master time server for some unknown reason). Regardless of how and why it happened, I need to set the PDC Emulator in headquarters as the Mast Time Server in the domain. Then I need to set the PDC Emulator query an external time serverfor it's master.

My questions are the following:

1) How do I go about making the PDC EMulator in Headquarters the master time server for the domain?
2) After that is done, how do I make all servers (Both DC's and non) to query that master time server for time synchronization?
3) In reference to question 2, can and should that be done via GPO? If so, please recommend location of GPO and best way to deploy (or batch file login script with net time /setsntp:xxxx)???
4) What do I need to be careful when I switch the master time server role to the PDC Emulator? Please let me know what to expect. Should this be done on off hours? If not, is there the possibility of downtime ?
0
Comment
Question by:Trihimbulus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 4

Expert Comment

by:Shankadude
ID: 17772417
Check this article from Microsoft about time:
http://technet2.microsoft.com/WindowsServer/en/library/71e76587-28f4-4272-a3d7-7f44ca50c0181033.mspx?mfr=true

This gives the default behaviour of windows time services.
if the situation isn't default anymore like you described you can use the w32tm command
(http://technet2.microsoft.com/WindowsServer/en/library/b43a025f-cce2-4c82-b3ea-3b95d482db3a1033.mspx?mfr=true)

Check the part about the w32tm /config /synfromflags:DOMHIER for domain hierarchy.
0
 

Author Comment

by:Trihimbulus
ID: 17798104
Thank you- can someone tell me exactly how to do this?
0
 
LVL 4

Accepted Solution

by:
Shankadude earned 500 total points
ID: 17798766
These settings can be configured from group policy, but to correct an error situation the best way I think is to do it by hand.

The commands you should use for all computers other than the master time server, like the pdc emulator is:
w32tm /config /syncfromflags:DOMHIER

for the PDC emulator you could point to an external ntp source with:

w32tm /config /manualpeerlist:pool.ntp.org /syncfromflags:MANUAL

after that you can configure a group policy if you like. The time settings are under Computer Configuration\Administrative Templates\System\Windows Time Service.

Hope this helps.

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question