Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to synchronize time between all DC's in 1 Domain

Posted on 2007-11-28
7
1,910 Views
Last Modified: 2011-09-20
What is the best way to sync the time between all 9 of my DC's in my Domain. I have a single Domain with 4 Sites. Plus can anyone tell me how important time synchronization is between my DC's and why?
0
Comment
Question by:crsrvn
7 Comments
 
LVL 15

Accepted Solution

by:
wingatesl earned 500 total points
ID: 20371795
Time syncronization is important for kerberos authentication to work. I think it is anything over 10 - 15 minutes difference and it fails. No kerberos, no DC (eventually)
 The easy way to sync the time is this
NET TIME \\TIMESRV /SET /YES
The MS way is this
http://support.microsoft.com/kb/307897/EN-US/
It still works for 2003 server
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20371838
On the DC with the PDC role, you should use the command:

NET TIME /SETSNTP:...

You should not change other machines as they need to sync with the PDC and this will happen automatically.

See http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_22978705.html for a solution for UK time servers.

Where are you based?
0
 
LVL 1

Expert Comment

by:markdormer
ID: 20371873
I would set one of them to synchronise with an external Stratum 1 NTP server and the rest will synchronise from that machine.

See these
http://www.ntp.org/
http://support.microsoft.com/kb/816042

http://technet2.microsoft.com/WindowsServer/en/library/b43a025f-cce2-4c82-b3ea-3b95d482db3a1033.mspx?mfr=true

http://blogs.msdn.com/w32time/default.aspx
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20371932
You should use a Stratum 2 NTP server, because you do not have atomic or satellite clock hardware.  You may need to set the flags in the registry, too.  See the question I referred to.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 20371976
The answer selected is not entirely correct.  While the procedures described will work, the correct way is to set an SNTP server using the command SteveH_UK suggested on the DC with the PC Emulator role.  All domain systems - if properly configured - will synchronize their time with the PDC emulator ensuring all systems are correctly set.

Among other things, having a time on a DC that is significantly different can result in the failure of Exchange server, among other things (I know this from first hand experience - I recently moved and had one DC down for 10 days prior to the conversion to standard time (from daylight time) and when I brought the system back online a few days ago, it caused Exchange to stop functioning because it didn't automatically adjust the time as expected.
0
 
LVL 15

Expert Comment

by:wingatesl
ID: 20373286
The question did not read that he had a requirement to syncronize the PDC to the outside world therefor that was not included. The net time was used because it forces a refresh from the PDC.
0
 
LVL 19

Expert Comment

by:SteveH_UK
ID: 20373340
I agree with wingatesl that it was not a request in the question.  The problem in using the computer time is that onboard clocks often have problems, and this can set you up for future problems.  That doesn't mean you can't do it, just that it isn't a recommended solution.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
In-place Upgrading Dirsync to Azure AD Connect
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question