Solved

Why would "net time /set" target a DC that does not hold the PDC emulator role?

Posted on 2009-04-06
3
333 Views
Last Modified: 2012-05-06
Greetings -

I'm seeing what I perceive to be strange behaviors of the "net time" command in my domain.  Perhaps I need to be educated so I know what's going on.

I have almost 20 DCs in my domain.  One of those holds all five (5) FSMO roles.  It is my understanding that the DC holding the PDC Emulator role is the only one in the Domain responsible for time synchronization.  Am I wrong?

My workstations and servers *are* syncing time correctly.  However, when I run "net time /set", the DC that the command attempts to target is not the DC holding the PDC emulator role and most surprising to me, the DC is out of site.  Why might this be the case?

Also, when I run "net time /querysntp", should I see the PDC DC listed?  When I run that command, all I see is time.windows.com.

Any help is appreciated, thanks.  If you have questions, fire away.
0
Comment
Question by:amendala
  • 2
3 Comments
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 24079177
"net time" is a deprecated command; it dates back to NT and will only return any DC from the browser list. it knows exactly *nothing* about AD and its time hierarchy.
Domain members will sync with the DC authenticating them, DCs will sync with the PDC emulator, and the only machine that needs to sync with an external source is the PDCe.
Domain members are configured to use the domain hierarchy to sync, a manually configured time server will not be used (unless the domain sync is explicitly disabled).
0
 
LVL 7

Expert Comment

by:tplaya07
ID: 24079322
I have a login script that runs whenever a client logs into the domain that maps drives and uses the following command to sync time:
net time \\PRIMARYDOMAINCONTROLLER /set /yes
0
 
LVL 83

Expert Comment

by:oBdA
ID: 24079404
tplaya07,
you can remove that form your script, because
1) it's unnecessary: any NT based Windows since 2000 has the time service running and will *by* *default* sync with the domain hierarchy I explained above if it's a domain member (and can be manually configured if not), and
2) regular users don't have permissions to change the time anyway.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AD backup 6 56
Map drive based on local server 5 36
windows 7 login times take 30 minutes with AD 8 51
powershell question need assistance 10 31
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question