Windows Authoritative Time Server

Posted on 2011-10-21
Last Modified: 2012-05-12
I'm having a problem "I think" with an authoritative windows time server. Let me run down what I've done.

First I needed to verify that my PDC was in fact my PDC (It's a 2008 Server.)
I ran the following command from a workstation:

C:\>netdom /query fsmo
Schema owner                DC1.
Domain role owner           DC1.
PDC role                    DC1.
RID pool manager            DC1.
Infrastructure owner        DC1.

So, clearly DC1 is my PDC. Then I stopped the w32time service on the PDC, and ran the following command:

C:\>w32tm /config /syncfromflags:manual /manualpeerlist:",,"
C:\>Type: w32tm /config /reliable:yes

And restarted the w32time service.

Now it's my understanding that workstations in the domain are supposed to, "by default", get their time from the PDC. So next I rebooted a few workstations, and at first it looked like all was fine, until yesterday when I noticed one of my sites was consistently 3 minutes off from both the PDC, and the other 4 networks. So I started doing a little checking.

I again ran the "netdom /query fsmo" from a couple of machines on the problem network and got the correct results.

Here is the part I'm not sure is right. When I run "net time /querysntp" from the domain controller I get:
The current SNTP value is:,,

But when I run the same command from "any" workstation I get:
The current SNTP value is:,0x1

Shouldn't I be getting the same as the PDC value, if it is in fact defaulting to it? Could this be my problem, and does anybody no how to fix it if it is indeed a problem?

Question by:bwask
    LVL 59

    Accepted Solution

    Don't run the on the clients.

    Run w32tm /monitor

    On clients having issue run through this link as well
    LVL 24

    Assisted Solution

    You can use w32tm /monitor /computers:localhost to check the same.

    In below example it sync to DC plot29dcserver1 which is acting as PDC whcih is configured as authorative time server.
    Z:\>w32tm /monitor /computers:localhost
    localhost []:
        ICMP: 0ms delay.
        NTP: +0.0000000s offset from local clock
            RefID: []

    Look at your System event logs. Event source is W32Time.The description should tell you which time server your workstation uses.

    The net time /querysntp command merely tells you which time source would be used if the computer was configured to use a specific time source instead of the Domain's time source hierarchy. I consider the net time command "deprecated" - not sure if Microsoft has said this officially or not.

    Unless someone does something deliberately, all domain computers, including Domain Controllers, will use the Domain's time source hierarchy.

    If "Type" is "NT5DS", the computer is configured to use the domain time source hierarchy - the value returned by net time /querysntp is meaningless.

    If the "Type" is "NTP", the computer is configured to use the specific time source specified by the "NtpServer"

    All Domain Controllers, except one, should be configured to use the Domain's time sync hierarchy.
    One of the Domain Controllers (often the one with the PDC Emulator FSMO role, should be configured to be a "reliable" time source using the commands:

    w32tm /config /syncfromflags:manual
    /manualpeerlist:-your-favorite-time-source /reliable:yes /update
    w32tm /resync rediscover


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Too many email signature updates to deal with?

    Are you constantly visiting users’ desks making changes to email signatures? Feel like it’s taking up all of your time? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

    Communication between departments might not happen in two different languages, but they do exist in two different worlds. With different targets and performance goals the same phrase often means something completely different to each party. Learn ho…
    Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
    This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now