Solved

Why would "net time /set" target a DC that does not hold the PDC emulator role?

Posted on 2009-04-06
3
323 Views
Last Modified: 2012-05-06
Greetings -

I'm seeing what I perceive to be strange behaviors of the "net time" command in my domain.  Perhaps I need to be educated so I know what's going on.

I have almost 20 DCs in my domain.  One of those holds all five (5) FSMO roles.  It is my understanding that the DC holding the PDC Emulator role is the only one in the Domain responsible for time synchronization.  Am I wrong?

My workstations and servers *are* syncing time correctly.  However, when I run "net time /set", the DC that the command attempts to target is not the DC holding the PDC emulator role and most surprising to me, the DC is out of site.  Why might this be the case?

Also, when I run "net time /querysntp", should I see the PDC DC listed?  When I run that command, all I see is time.windows.com.

Any help is appreciated, thanks.  If you have questions, fire away.
0
Comment
Question by:amendala
  • 2
3 Comments
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 24079177
"net time" is a deprecated command; it dates back to NT and will only return any DC from the browser list. it knows exactly *nothing* about AD and its time hierarchy.
Domain members will sync with the DC authenticating them, DCs will sync with the PDC emulator, and the only machine that needs to sync with an external source is the PDCe.
Domain members are configured to use the domain hierarchy to sync, a manually configured time server will not be used (unless the domain sync is explicitly disabled).
0
 
LVL 7

Expert Comment

by:tplaya07
ID: 24079322
I have a login script that runs whenever a client logs into the domain that maps drives and uses the following command to sync time:
net time \\PRIMARYDOMAINCONTROLLER /set /yes
0
 
LVL 83

Expert Comment

by:oBdA
ID: 24079404
tplaya07,
you can remove that form your script, because
1) it's unnecessary: any NT based Windows since 2000 has the time service running and will *by* *default* sync with the domain hierarchy I explained above if it's a domain member (and can be manually configured if not), and
2) regular users don't have permissions to change the time anyway.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Resolve DNS query failed errors for Exchange
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now