[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Windows Time Service

Posted on 2010-09-23
10
Medium Priority
?
806 Views
Last Modified: 2012-05-10
It was brought to my attention yesterday that most computers in our office's clocks are out of sync.  Even our domain controller was 2 minutes off.

After some internet research, from the DC, I ran:
W32tm /config /manualpeerlist:time.windows.com /syncfromflags:manual
Net stop w32time
Net start w32time


After I did this, the DC time was perfect, however I didn't see any changes across the network, unless they specifically ran the command
net time \\<our domain controller FQDN> /set /y

I've been reading that these changes should happen automatically.
I even set up a group policy for all the desktops and servers at our company, and ran:
gpupdate /force

No change.

What gives?  Am I doing something wrong?
0
Comment
Question by:jamorlando
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 5

Expert Comment

by:Swapnil Prajapati
ID: 33745539
have you checked your Domain server's Name in time server at below Registry Key

A computer can be configured to be a domain time source server by adding the TIMESOURCE value (Reg_DWord) under the following registry key and setting the value to 1:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LANManServer\Parameters
0
 
LVL 8

Expert Comment

by:Camy
ID: 33745558
What are the service settings in the registry of the client also?
http://technet.microsoft.com/en-us/library/cc773263(WS.10).aspx

Type
Registry path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

This entry Indicates which peers to accept synchronization from:

- NoSync. The time service does not synchronize with other sources.
- NTP. The time service synchronizes from the servers specified in the NtpServer. registry entry.
- NT5DS. The time service synchronizes from the domain hierarchy.
- AllSync. The time service uses all the available synchronization mechanisms.

The default value on domain members is NT5DS. The default value on stand-alone clients and servers is NTP.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 33745606
What you want to do is set the PDC Emulator to sync with a reliable time source and then let the windows time hiearchy do the rest.  Two really goog blogs
from Matt (tigetMatt on this site)
http://tigermatt.wordpress.com/2009/08/01/windows-time-for-active-directory/
Sander's time entry
http://blogs.dirteam.com/blogs/sanderberkouwer/archive/2010/09/10/active-directory-time-sync-broken-by-default.aspx
Thanks
Mike
 
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 4

Accepted Solution

by:
Software_onbekend earned 1000 total points
ID: 33747307
When your users logon to your domain you can run an batch file .
When you put the foolowing data into the batch file

:TIME
net time \\<our domain controller FQDN> /set /yes

Then the office computer sync everytime with your DC when they login...
0
 

Author Comment

by:jamorlando
ID: 33747360
Yeah that actually was another question I was going to ask.
When I run the command:
net time \\<our domain controller FQDN> /set /yes

Does that just sync it that one time, or does it keep it always in sync?
0
 

Author Comment

by:jamorlando
ID: 33747850
I've tried all your suggestions, and they're not syncing.  I am going to delete the group policy I created and just use @Software_onbekend's method of adding it to the login script.
Thanks!
0
 
LVL 4

Expert Comment

by:Software_onbekend
ID: 33747868
As fat as I know is this 1 time..
The scrip run only when the user logs on to the domain...
Normaly a user at least 1 times a day in.
This should be enough :)

If this isn't enough, perhaps you can install the batch files on your computer and use scheduled task to run the batch file as often as you wish...
But that is more like a work around solution...
0
 

Author Comment

by:jamorlando
ID: 33747959
Yes, I don't like workarounds, but the more articles I read about how poorly Microsoft implemented this isn't giving me much confidence.  I think the logon script will do.

I just implemented and it works like a charm.  Just need to be careful NOT to have the script apply to logging into the domain controller.  Not sure what kind of havoc that could cause, syncing the time with itself.
0
 
LVL 4

Expert Comment

by:Software_onbekend
ID: 33748813
I Don't know what will happen if you try to run the script on the Domain controller..
But normaly the normal user won't login on the domaincontroller itself..
Perhaps you can use GPO policies to exclude the server to run that script when there is a logon on a server...
0
 

Author Comment

by:jamorlando
ID: 33748831
Thats ok ... I have 3 containers set up in AD.  One for desktops, one for servers and one for DCs.  I have the time sync group policy linked to both the desktops and servers container.

We have one other DC that isn't PDC master.  I set up a scheduled task on that machine to run every 15 minutes:
net time \\<our domain controller FQDN> /set /yes

I think we should be good.  Thanks!
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Let's recap what we learned from yesterday's Skyport Systems webinar.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question