Problem with domain time

plantep used Ask the Experts™
My all domain is 3 minutes off time... Even if i change my dc to the good time, the all domain will go back 3 minutes off. How can i know where does my domain take is time and how can i chge my config so i will keep the good time.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
PANkaj KumarSoftware Developer


check your time zone,


I check and it's good
How does your DC get it's time? Internal clock, internet time server, connected atomic radio clock?

Does the clock on the DC go back 3 mins as well? Is the DC you are setting it on the authoritative time server (i.e. has the PDC operations master role?)
Try this,

on your clients open command prompt type:     net time \\servername /set /yes   (/domain if you prefer)

good luck

To ensure that all domain controllers have same time, you just need to identify the PDC Emulator role hoder server and make it as a auhtorative time server. Once it is done PDC server will sync with external time and point other DC to PDC server name/IP in NTPserver list to sync with it.

Configuring Windows Time for Active Directory:
you need to modify the registry keys listed in the below KB article for whichever DC is configured as your PDC Emulator in your forest root domain.

- How to configure an authoritative time server in Windows Server:

- Configuring the Windows Time Service:


Don't configure an authoritative time server. That requires group policies that only messes up the default configuration of the time services.

By default, the domain controller will broadcast time to all clients. It has a phase offset of +/- five minutes, that you can see within the authoritative time server article, above. This phase offset means, if clients are more than or less than 5 minutes off the domain controller time, they will synchronize their time with the server, you can reduce that phase offset on the domain server. That will help your clients keep a little more accurate time.

THEN, you need your domain server to synchronize with an outside server, It's expecting a broadcast on port 123. But, from where, and is that port open through the router/firewall.. The problem that most have with broadcasted time is they don't set the domain server to update to an outside server, or their firewall blocks port 123. So, what you end up with is a server that looses track of time, and so do the clients that synchronize with the server.

To overcome the server having problems, there is an application that will set the system clock for you, AND communicates with a number of outside time servers on PORT 80, instead of 123 to syncrhonize with that outside server. Port 80 is the HTTP port, for internet access. So, if you have internet, you will be able to synch with any number of outside time servers.

The application to synch your domain server to an outside server is called Symmtime. It's a free utility, and is very easy to set to any number of outside time servers, including NIST... Symtime was created by Symetricom, a time server manufacturer.

Symetricom will ask some information from you, to be able to download Symtime. BUT, they don't share that info. Instead they make you aware of some time servers as well as updates to software.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial