Net Time comes back with time on Remote Domain Controller

When I type "net time" at a workstation, it comes back with:

Current time at \\CITY2_DC is 11/4/2008 7:48 PM

Trouble is, CITY2_DC is a remote domain controller.  No matter WHERE I type this command (on our local DC or on any local workstation, it comes back with the same response.  How do I get our local workstations and local servers (including the Primary Domain Controller) to get time from CITY1_DC or the local PDC?
LVL 2
lmkandiaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian PringleSystems Analyst II, SCM, ERPCommented:
Read this article about how to configure an authoritative time server.  By default, this role is assigned to the first domain controller in the domain/forest.

http://support.microsoft.com/kb/816042
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
oBdACommented:
"net time" dates back to NT4, it will only return any DC from the NetBIOS browse list; it knows exactly *nothing* about AD and its time synchronisation hierarchy. It's deprecated and can only be used to configure the external time source on the PDC emulator.
*By* *default*, DCs will sync their time with the PDC emulator, domain members will sync with the authenticating DC.
You have to check the event log for time sync events to find out which DC a machine is currently syncing with.
To configure the PDC emulator to sync with an external time source, all you have to do is open a command prompt and enter

net time /setsntp:1.2.3.4
net stopw32time & net start w32time

Obviously replace 1.2.3.4 with the IP address of the time server of your choice.
0
lmkandiaAuthor Commented:
BTP: Do you do the authoritative time server stuff on ONLY the PDC?  Cuz I did exactly that last week before I saw this issue come up.  This is all in trying to solve another open question that I have running that seems unsolvable.  Or do I have to do all these changes on EVERY DC in the AD?
0
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

lmkandiaAuthor Commented:
obDa:
Did what BTPringle suggested a week before.  But just on the PDC.  Any other reason why a "net time" command would get its time from a remote DC?  In fact ALL workstations and DCs and servers come back with the same response.  Shouldn't they be getting their time from the PDC?
0
oBdACommented:
I'm afraid I have to repeat myself, simply because I have no idea how to say it any clearer: "net time dates back to NT4, it will only return any DC from the NetBIOS browse list; it knows exactly nothing about AD and its time synchronisation hierarchy. It's deprecated and can only be used to configure the external time source on the PDC emulator. [...] You have to check the event log for time sync events to find out which DC a machine is currently syncing with."
0
Brian PringleSystems Analyst II, SCM, ERPCommented:
These are FSMO roles.  Take a look at this article and it explains what they are.  The server that is showing the time is probably acting as the "PDC Emulator"
0
lmkandiaAuthor Commented:
so what you're saying is that me punching in "net time" at a local workstation, is a totally irrelevant command.  In essence I will find out what the "time" is on the FIRST DC listed in the NetBIOS browse list (because CITY2_DC is actually alphabetically listed before CITY1_DC - not their real names).  And that's it?
0
Brian PringleSystems Analyst II, SCM, ERPCommented:
oBdA,

Without getting into a feud over this, you are correct that it is no longer needed and is deprecated.  But, lmkandia was simply asking "why", not what replaced it.

There are some batch files that still rely on this feature, so even though this feature is outdated, it may still be used/needed.
0
oBdACommented:
lmkandia,
that's it exactly; "irrelevant" hits it right on the head. I wouldn't even rely on the browse list being alphabetically sorted.
And to answer your related question: if you have your Sites and Services configured correctly, the machines should sync with their local DC (the one that should authenticate them).
The according events are in the System event log, source W32Time, event ID 35 for a successful sync, 29 for a failure, 14 if it can't find a DC.

btpringle,
sorry, I can't quite follow you. I think I've explained the "why" about as clearly as possible.
0
Brian PringleSystems Analyst II, SCM, ERPCommented:
What's hard to follow?  The question was why does it return the name of that server if the command is issued.  

I work with banks and routinely find batch files that were created back when they used Windows NT that will set the date/time on the workstations based on this command.  They have other batch files that do other functions based on this, too.  I'm not sure why, but it is still used -- and still works for its intended purpose.
0
oBdACommented:
It's hard to follow because I'm still under the (maybe delusional) impression that I actually gave the answer ("Do you ever have deja vu, Mrs. Lancaster? --  I don't think so, but I could check with the kitchen." [Groundhog Day]): "'net time' dates back to NT4, it will only return any DC from the NetBIOS browse list; it knows exactly *nothing* about AD and its time synchronisation hierarchy."

And, frankly, a bank administrator using "net time /set" in a logon script, even for NT, didn't do his homework. It requires (at least) giving regular users the "Change time" permissions, and it will obviously only work if/while users log on. Microsoft offered a Time Service for NT (as part of the Resource Kit) as early as NT 3.5, and in 1999 provided an NT4 version of the W32Time service found in Windows 2000.
0
lmkandiaAuthor Commented:
thanks guys!
0
lmkandiaAuthor Commented:
Thanks guys!  One of my favorite movies, GHD.  Personally I would have drove as far as I could just to see how far I could drive in one day :)  Both your answers answered my original question which was actually two questions rolled unwittingly into one.  Had NO idea what the term deprecation meant, btw, until this question was fleshed out.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.