[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1591
  • Last Modified:

Domain Time

I have 3 offices on my domain. The FSMO roles are split between two servers. Server 1 holds the PDC Emulator role. I've checked all my servers to make sure they are looking to this server that operations master & they are. I looked in the registry on this server in the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
and below are my settings:

(default)                                 REG_SZ                        (value not set)
NtpServer                              REG_SZ                        time.windows.com,0x9
ServiceDll                               REG_EXPAND_SZ          %systemroot%\system32\w32time.dll
ServiceDllUnloadOnStop         REG_DWORD                0x0000000001(1)
ServiceMain                            REG_SZ                         SvchostEntry_W32Time
Type                                       REG_SZ                         NT5DS

I want to set this server to get its time from time.nist.gov
I am assuming this is the same time as we see on www.time.gov isn't it? If so, how do I set server 1 to point to time.nist.gov without causing any issues on my domain? I've read online several places but I'm confused as to if I need to change the NT5DS to something else.
1 Solution
Darius GhassemCommented:
Import this reg file on this post it will configure all settings for you automatically.

Mike ThomasConsultantCommented:
This should do it for you

w32time /config /manualpeerlist: "time.nist.gov", 0x1" /syncfromflags:manual /reliable:yes /update

Then type

Net Stop w32time && Net Start w32time
Run the following command to verify which machine is your PDC Emulator:
netdom query fsmo

Then on the PDCe ONLY, open a command prompt and enter (the ,0x9 at the end will tell the time service to run in ntp client mode and to use the SpecialPollInterval):

w32tm /config /manualpeerlist:time.nist.gov,0x9 /syncfromflags:MANUAL /update
w32tm /resync

On all other DCs, the Type entry should be NT5DS; if it is not, run the following commands:
w32tm /config /syncfromflags:DOMHIER /update
w32tm /resync

Other time servers are here; pick a time server geographically close to you::

A list of the Simple Network Time Protocol (SNTP) time servers that are available on the Internet

The pool.ntp.org project
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

wantabe2Author Commented:
Okay, now I have the PDC changed to use a different external time source. The time on the PDC server changed on it's own like it should. I logged into a server at one of the remote sites & restarted the time service & also forced replication to the PDC server & the time has not changed at any of the other domain controllers either in the same site as the PDC or at any other remote DC...how long should it take. These servers have all the default settings as far as replication & stuff.
As I said: first verify on the other DCs (and other machines that don't seem to sync their time) whether the Type entry is NT5DS (and run the command I listed above to set it back, if necessary).
Then be aware that the time isn't always synced in one big step; IIRC, if the difference is less than 5 minutes the clock is slightly accelerated/slowed down until the time matches again.
Check the system event log on the machine for events with source W32Time; they will tell you whether the time service is syncing correctly (you can ignore the occasional error if there are successes as well; NTP is UDP, after all).
wantabe2Author Commented:
The PDC is now NTP...the DC in that bldg is set to NT5DS & I restarted the time service on that server & it now matches the PDC. All the other DCs in the domain are also set to NT5DS but are all 3 - 4 minutes off.
Wait for at least another 30 minutes for the other DCs; if they haven't synced (or come closer to the PDCe's time).
Check the event logs on these machines as well.
If this doesn't help, you can try to reset the time service on these machines; open a command prompt and enter

net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /resync /rediscover
wantabe2Author Commented:
I've done that already...noting has changed yet...they are still about 3 -4 minutes off from the PDC...I'll sit back & wait about another hour....I even rebooted a remote server to see if that would help but still no change. I am getting this warning int he event viewer on one of the remote DCs:

NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)


Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now