Net Time comes back with time on Remote Domain Controller

BTP: Do you do the authoritative time server stuff on ONLY the PDC?  Cuz I did exactly that last week before I saw this issue come up.  This is all in trying to solve another open question that I have running that seems unsolvable.  Or do I have to do all these changes on EVERY DC in the AD?

obDa:
Did what BTPringle suggested a week before.  But just on the PDC.  Any other reason why a "net time" command would get its time from a remote DC?  In fact ALL workstations and DCs and servers come back with the same response.  Shouldn't they be getting their time from the PDC?

I'm afraid I have to repeat myself, simply because I have no idea how to say it any clearer: "net time dates back to NT4, it will only return any DC from the NetBIOS browse list; it knows exactly nothing about AD and its time synchronisation hierarchy. It's deprecated and can only be used to configure the external time source on the PDC emulator. [...] You have to check the event log for time sync events to find out which DC a machine is currently syncing with."

These are FSMO roles.  Take a look at this article and it explains what they are.  The server that is showing the time is probably acting as the "PDC Emulator"

so what you're saying is that me punching in "net time" at a local workstation, is a totally irrelevant command.  In essence I will find out what the "time" is on the FIRST DC listed in the NetBIOS browse list (because CITY2_DC is actually alphabetically listed before CITY1_DC - not their real names).  And that's it?

oBdA,

Without getting into a feud over this, you are correct that it is no longer needed and is deprecated.  But, lmkandia was simply asking "why", not what replaced it.

There are some batch files that still rely on this feature, so even though this feature is outdated, it may still be used/needed.

lmkandia,
that's it exactly; "irrelevant" hits it right on the head. I wouldn't even rely on the browse list being alphabetically sorted.
And to answer your related question: if you have your Sites and Services configured correctly, the machines should sync with their local DC (the one that should authenticate them).
The according events are in the System event log, source W32Time, event ID 35 for a successful sync, 29 for a failure, 14 if it can't find a DC.

btpringle,
sorry, I can't quite follow you. I think I've explained the "why" about as clearly as possible.

What's hard to follow?  The question was why does it return the name of that server if the command is issued.  

I work with banks and routinely find batch files that were created back when they used Windows NT that will set the date/time on the workstations based on this command.  They have other batch files that do other functions based on this, too.  I'm not sure why, but it is still used -- and still works for its intended purpose.

It's hard to follow because I'm still under the (maybe delusional) impression that I actually gave the answer ("Do you ever have deja vu, Mrs. Lancaster? --  I don't think so, but I could check with the kitchen." [Groundhog Day]): "'net time' dates back to NT4, it will only return any DC from the NetBIOS browse list; it knows exactly *nothing* about AD and its time synchronisation hierarchy."

And, frankly, a bank administrator using "net time /set" in a logon script, even for NT, didn't do his homework. It requires (at least) giving regular users the "Change time" permissions, and it will obviously only work if/while users log on. Microsoft offered a Time Service for NT (as part of the Resource Kit) as early as NT 3.5, and in 1999 provided an NT4 version of the W32Time service found in Windows 2000.

thanks guys!

Thanks guys!  One of my favorite movies, GHD.  Personally I would have drove as far as I could just to see how far I could drive in one day :)  Both your answers answered my original question which was actually two questions rolled unwittingly into one.  Had NO idea what the term deprecation meant, btw, until this question was fleshed out.