Solved

Why would "net time /set" target a DC that does not hold the PDC emulator role?

Posted on 2009-04-06
3
339 Views
Last Modified: 2012-05-06
Greetings -

I'm seeing what I perceive to be strange behaviors of the "net time" command in my domain.  Perhaps I need to be educated so I know what's going on.

I have almost 20 DCs in my domain.  One of those holds all five (5) FSMO roles.  It is my understanding that the DC holding the PDC Emulator role is the only one in the Domain responsible for time synchronization.  Am I wrong?

My workstations and servers *are* syncing time correctly.  However, when I run "net time /set", the DC that the command attempts to target is not the DC holding the PDC emulator role and most surprising to me, the DC is out of site.  Why might this be the case?

Also, when I run "net time /querysntp", should I see the PDC DC listed?  When I run that command, all I see is time.windows.com.

Any help is appreciated, thanks.  If you have questions, fire away.
0
Comment
Question by:amendala
  • 2
3 Comments
 
LVL 84

Accepted Solution

by:
oBdA earned 500 total points
ID: 24079177
"net time" is a deprecated command; it dates back to NT and will only return any DC from the browser list. it knows exactly *nothing* about AD and its time hierarchy.
Domain members will sync with the DC authenticating them, DCs will sync with the PDC emulator, and the only machine that needs to sync with an external source is the PDCe.
Domain members are configured to use the domain hierarchy to sync, a manually configured time server will not be used (unless the domain sync is explicitly disabled).
0
 
LVL 7

Expert Comment

by:tplaya07
ID: 24079322
I have a login script that runs whenever a client logs into the domain that maps drives and uses the following command to sync time:
net time \\PRIMARYDOMAINCONTROLLER /set /yes
0
 
LVL 84

Expert Comment

by:oBdA
ID: 24079404
tplaya07,
you can remove that form your script, because
1) it's unnecessary: any NT based Windows since 2000 has the time service running and will *by* *default* sync with the domain hierarchy I explained above if it's a domain member (and can be manually configured if not), and
2) regular users don't have permissions to change the time anyway.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question