Solved

How to synchronize time between all DC's in 1 Domain

Posted on 2007-11-28
7
1,913 Views
Last Modified: 2011-09-20
What is the best way to sync the time between all 9 of my DC's in my Domain. I have a single Domain with 4 Sites. Plus can anyone tell me how important time synchronization is between my DC's and why?
0
Comment
Question by:crsrvn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 15

Accepted Solution

by:
wingatesl earned 500 total points
ID: 20371795
Time syncronization is important for kerberos authentication to work. I think it is anything over 10 - 15 minutes difference and it fails. No kerberos, no DC (eventually)
 The easy way to sync the time is this
NET TIME \\TIMESRV /SET /YES
The MS way is this
http://support.microsoft.com/kb/307897/EN-US/
It still works for 2003 server
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20371838
On the DC with the PDC role, you should use the command:

NET TIME /SETSNTP:...

You should not change other machines as they need to sync with the PDC and this will happen automatically.

See http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_22978705.html for a solution for UK time servers.

Where are you based?
0
 
LVL 1

Expert Comment

by:markdormer
ID: 20371873
I would set one of them to synchronise with an external Stratum 1 NTP server and the rest will synchronise from that machine.

See these
http://www.ntp.org/
http://support.microsoft.com/kb/816042

http://technet2.microsoft.com/WindowsServer/en/library/b43a025f-cce2-4c82-b3ea-3b95d482db3a1033.mspx?mfr=true

http://blogs.msdn.com/w32time/default.aspx
0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20371932
You should use a Stratum 2 NTP server, because you do not have atomic or satellite clock hardware.  You may need to set the flags in the registry, too.  See the question I referred to.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 20371976
The answer selected is not entirely correct.  While the procedures described will work, the correct way is to set an SNTP server using the command SteveH_UK suggested on the DC with the PC Emulator role.  All domain systems - if properly configured - will synchronize their time with the PDC emulator ensuring all systems are correctly set.

Among other things, having a time on a DC that is significantly different can result in the failure of Exchange server, among other things (I know this from first hand experience - I recently moved and had one DC down for 10 days prior to the conversion to standard time (from daylight time) and when I brought the system back online a few days ago, it caused Exchange to stop functioning because it didn't automatically adjust the time as expected.
0
 
LVL 15

Expert Comment

by:wingatesl
ID: 20373286
The question did not read that he had a requirement to syncronize the PDC to the outside world therefor that was not included. The net time was used because it forces a refresh from the PDC.
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20373340
I agree with wingatesl that it was not a request in the question.  The problem in using the computer time is that onboard clocks often have problems, and this can set you up for future problems.  That doesn't mean you can't do it, just that it isn't a recommended solution.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question