We help IT Professionals succeed at work.

How to configure Win2K3 server to server as a time server in a domain?!

Hi guys,
I have a 2 DCs (Main and Backup) both Windows 2003 R2 SP2. Both DNS and Both DHCP server (different Scopes). I would like to have these two serve as a time server in the domain and have all XP Pro clients sync their clocks with these domains. I would like these domain to get their clock from an external source (atomic clock) somewhere. How would I go about doing that? Anything to change in the group policy?

Many thanks,
Watch Question

this will explain it in detail http://support.microsoft.com/kb/816042
Toni UranjekConsultant/Trainer
Hi SpiderPig,

Configure your PDC emulator to sync time with external time server. All other domain controllers will sync their time with PDC emulator and clients will sync their time with domain controllers. No additional settings are required.
More info: http://www.windowsnetworking.com/articles_tutorials/Configuring-Windows-Time-Service.html


In short he clients will automatically go to the PDC for the time if they are part of the domain

This is actually done automatically in a AD Domain.  The PDC emulator will be your time server by default.


Question #1 how can you identify the PDC emulator between the two DCs I have?
Question #2 Do I really need to open UDP 123 on the firewall and map it to the DC? Isnt it a one way communication from the DC to the External source? Do I need to do it on the XP workstaions as well?
Q #3 should I configure the second DC as well?


I just looked at my other DC and it doesnt even have the W32Svr in the registry and no time server service! Am I missing anything? Do I need to manually install it?



I got it, I did unregister and register w32time and restart the service it worked. I then confgiured the second DC like I configured the first, and watched both clocks are synced.

I alsoed configured the two DC as time server in the DHCP scope. I guess I am done. I just need to watch the workstaions now and see if its working.

Still need to know if I need to open UDP 123 to the DCs in the firewall?

Cheers guys.

If they are getting time from an outside source yes.


O.K I guess I am not done yet. I have made the changes on DC01 and it worked fine, I know find out that the DC02 report Event ID 14  Event Type:      Warning
Event Source:      W32Time
Event Category:      None
Event ID:      14
Date:            1/28/2008
Time:            8:15:25 PM
User:            N/A
Computer:      DC02
The time provider NtpClient was unable to find a domain controller to use as a time source. NtpClient will try again in 15 minutes.

Is it becuase only one domain should be synced? How should I configure DC2 then?

Also, I noticed my server clock (all) are 10 secs behind a NIST Atomic clock even though I am using a NIST atomic clock!? any ideas?

Explore More ContentExplore courses, solutions, and other research materials related to this topic.