• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 807
  • Last Modified:

Windows Time Service

It was brought to my attention yesterday that most computers in our office's clocks are out of sync.  Even our domain controller was 2 minutes off.

After some internet research, from the DC, I ran:
W32tm /config /manualpeerlist:time.windows.com /syncfromflags:manual
Net stop w32time
Net start w32time


After I did this, the DC time was perfect, however I didn't see any changes across the network, unless they specifically ran the command
net time \\<our domain controller FQDN> /set /y

I've been reading that these changes should happen automatically.
I even set up a group policy for all the desktops and servers at our company, and ran:
gpupdate /force

No change.

What gives?  Am I doing something wrong?
0
jamorlando
Asked:
jamorlando
1 Solution
 
Swapnil PrajapatiSr. System AdministratorCommented:
have you checked your Domain server's Name in time server at below Registry Key

A computer can be configured to be a domain time source server by adding the TIMESOURCE value (Reg_DWord) under the following registry key and setting the value to 1:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LANManServer\Parameters
0
 
CamyCommented:
What are the service settings in the registry of the client also?
http://technet.microsoft.com/en-us/library/cc773263(WS.10).aspx

Type
Registry path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

This entry Indicates which peers to accept synchronization from:

- NoSync. The time service does not synchronize with other sources.
- NTP. The time service synchronizes from the servers specified in the NtpServer. registry entry.
- NT5DS. The time service synchronizes from the domain hierarchy.
- AllSync. The time service uses all the available synchronization mechanisms.

The default value on domain members is NT5DS. The default value on stand-alone clients and servers is NTP.
0
 
Mike KlineCommented:
What you want to do is set the PDC Emulator to sync with a reliable time source and then let the windows time hiearchy do the rest.  Two really goog blogs
from Matt (tigetMatt on this site)
http://tigermatt.wordpress.com/2009/08/01/windows-time-for-active-directory/
Sander's time entry
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2010/09/10/active-directory-time-sync-broken-by-default.aspx
Thanks
Mike
 
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Software_onbekendCommented:
When your users logon to your domain you can run an batch file .
When you put the foolowing data into the batch file

:TIME
net time \\<our domain controller FQDN> /set /yes

Then the office computer sync everytime with your DC when they login...
0
 
jamorlandoAuthor Commented:
Yeah that actually was another question I was going to ask.
When I run the command:
net time \\<our domain controller FQDN> /set /yes

Does that just sync it that one time, or does it keep it always in sync?
0
 
jamorlandoAuthor Commented:
I've tried all your suggestions, and they're not syncing.  I am going to delete the group policy I created and just use @Software_onbekend's method of adding it to the login script.
Thanks!
0
 
Software_onbekendCommented:
As fat as I know is this 1 time..
The scrip run only when the user logs on to the domain...
Normaly a user at least 1 times a day in.
This should be enough :)

If this isn't enough, perhaps you can install the batch files on your computer and use scheduled task to run the batch file as often as you wish...
But that is more like a work around solution...
0
 
jamorlandoAuthor Commented:
Yes, I don't like workarounds, but the more articles I read about how poorly Microsoft implemented this isn't giving me much confidence.  I think the logon script will do.

I just implemented and it works like a charm.  Just need to be careful NOT to have the script apply to logging into the domain controller.  Not sure what kind of havoc that could cause, syncing the time with itself.
0
 
Software_onbekendCommented:
I Don't know what will happen if you try to run the script on the Domain controller..
But normaly the normal user won't login on the domaincontroller itself..
Perhaps you can use GPO policies to exclude the server to run that script when there is a logon on a server...
0
 
jamorlandoAuthor Commented:
Thats ok ... I have 3 containers set up in AD.  One for desktops, one for servers and one for DCs.  I have the time sync group policy linked to both the desktops and servers container.

We have one other DC that isn't PDC master.  I set up a scheduled task on that machine to run every 15 minutes:
net time \\<our domain controller FQDN> /set /yes

I think we should be good.  Thanks!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now