• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1060
  • Last Modified:

Setting up PDC to be Authoritative Time Server

We're novices at the whole NTP/Time Service setup, so here goes:
Currently whenever a NET TIME command  is run from a client PC on our domain, it returns a "Could not locate Time server" message. Although we are part of a larger Forest, we also have a member server that runs our Time & Attendance system on site and syncs with a Galleon Atomic clock.
I'd like an opinion on whether this scenario would be OK:

Set the PDC to be our local domain internal authoritative time server by pointing it at the T&A server (not an external NTP) using this command from the Microsoft site:
w32tm /config /manualpeerlist:<servername> /syncfromflags:manual /reliable:yes /update

Or should we sync with either 1) time.windows.com or 2) a PDC further up the domain forest?

Some experience/advice would be much appreciated.
2 Solutions
Here you go:


As an auditting tool, may I recommend Domain Time II, from Symetricom's website. Just google search Domain Time II.
As per http://support.microsoft.com/kb/216734 and http://support.microsoft.com/kb/816042, this is what Microsoft recommends.

By default, Windows-based computers use the following hierarchy:
• All client desktop computers nominate the authenticating domain controller as their in-bound time partner.
• All member servers follow the same process as client desktop computers.
• Domain controllers may nominate the primary domain controller (PDC) operations master as their in-bound time partner but may use a parent domain controller based on stratum numbering.
• All PDC operations masters follow the hierarchy of domains in the selection of their in-bound time partner.
Following this hierarchy, the PDC operations master at the root of the forest becomes authoritative for the organization. We highly recommend that you configure the authoritative Time Server to gather the time from a hardware source. When you configure the authoritative Time Server to sync with an Internet time source, there is no authentication. We also recommend that you reduce your time correction settings for your servers and stand-alone clients. These recommendations provide more accuracy and security to your domain.
dannewtonAuthor Commented:
Thnaks Guys. I took some stuff from both your posts and also a bit of home-spun inspiration into the mix so I''ll split the points. Many thanks.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now