Solved

How to synchronize time between all DC's in 1 Domain

Posted on 2007-11-28
7
1,907 Views
Last Modified: 2011-09-20
What is the best way to sync the time between all 9 of my DC's in my Domain. I have a single Domain with 4 Sites. Plus can anyone tell me how important time synchronization is between my DC's and why?
0
Comment
Question by:crsrvn
7 Comments
 
LVL 15

Accepted Solution

by:
wingatesl earned 500 total points
ID: 20371795
Time syncronization is important for kerberos authentication to work. I think it is anything over 10 - 15 minutes difference and it fails. No kerberos, no DC (eventually)
 The easy way to sync the time is this
NET TIME \\TIMESRV /SET /YES
The MS way is this
http://support.microsoft.com/kb/307897/EN-US/
It still works for 2003 server
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20371838
On the DC with the PDC role, you should use the command:

NET TIME /SETSNTP:...

You should not change other machines as they need to sync with the PDC and this will happen automatically.

See http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_22978705.html for a solution for UK time servers.

Where are you based?
0
 
LVL 1

Expert Comment

by:markdormer
ID: 20371873
I would set one of them to synchronise with an external Stratum 1 NTP server and the rest will synchronise from that machine.

See these
http://www.ntp.org/
http://support.microsoft.com/kb/816042

http://technet2.microsoft.com/WindowsServer/en/library/b43a025f-cce2-4c82-b3ea-3b95d482db3a1033.mspx?mfr=true

http://blogs.msdn.com/w32time/default.aspx
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20371932
You should use a Stratum 2 NTP server, because you do not have atomic or satellite clock hardware.  You may need to set the flags in the registry, too.  See the question I referred to.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 20371976
The answer selected is not entirely correct.  While the procedures described will work, the correct way is to set an SNTP server using the command SteveH_UK suggested on the DC with the PC Emulator role.  All domain systems - if properly configured - will synchronize their time with the PDC emulator ensuring all systems are correctly set.

Among other things, having a time on a DC that is significantly different can result in the failure of Exchange server, among other things (I know this from first hand experience - I recently moved and had one DC down for 10 days prior to the conversion to standard time (from daylight time) and when I brought the system back online a few days ago, it caused Exchange to stop functioning because it didn't automatically adjust the time as expected.
0
 
LVL 15

Expert Comment

by:wingatesl
ID: 20373286
The question did not read that he had a requirement to syncronize the PDC to the outside world therefor that was not included. The net time was used because it forces a refresh from the PDC.
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20373340
I agree with wingatesl that it was not a request in the question.  The problem in using the computer time is that onboard clocks often have problems, and this can set you up for future problems.  That doesn't mean you can't do it, just that it isn't a recommended solution.
0

Join & Write a Comment

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now