We help IT Professionals succeed at work.

Correct setup time sync domain

janhoedt
janhoedt asked
on
790 Views
Last Modified: 2012-03-02
Hi,

I have a small domain lab, now I wonder how the time sync works.
Every server syncs to domain time = dc, right?
How do I set this dc to sync with an external timeserver, f.e. ntp.pool.org?
Comment
Watch Question

One 1 DC (the one that holds the PDCe role) should be synchronised to an external time source.

All other DCs will sync with the PDCe role holder, and all domain members with their 'closest' DC.

Have a look at this: http://www.windowsnetworking.com/articles_tutorials/Configuring-Windows-Time-Service.html

Which explains the whole thing and how to configure it.

HTH

Pete
Hi Janhoedt,

1.Open the command prompt
2.Stop the W32Time service: C:\>net stop w32time
3.Configure the external time sources, type: C:\> w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org”
4.Make your PDC a reliable time source for the clients. Type: C:\>w32tm /config /reliable:yes
5.Start the w32time service: C:\>net start w32time
6.The windows time service should begin synchronizing the time. You can check the external NTP servers in the time configuration by typing: C:\>w32tm /query /configuration
7.Check the Event Viewer for any errors.
CERTIFIED EXPERT
Top Expert 2012

Commented:
Read over this article explains everything in great detail so, you understand how and why.
tigermatt.wordpress.com/2009/08/01/windows-time-for-active-directory/
Brad GrouxSenior Manager (Wintel Engineering)

Commented:
Microsoft best practice calls for the following:

The Primary Domain Controller (PDC) should be set to NTP, and directed to a reliable time service. NOT time.windows.com, as billions of PCs point to that.

The remaining domain controllers should all be set to NT5DS time, which points to the Primary Domain Controller. I've attached a simple whiteboard drawing I show clients.

The key with time management, is that all of the servers times are consistent, not accurate. If the times are off by too much from DC to DC, kerberos tickets and user tokens can do some strange things.

If you are running Windows 2003 or earlier, you need to ensure that the Update Phase Correction has been remedied, which is defined here -
http://support.microsoft.com/kb/884776
Time.jpg

Author

Commented:
Ok, my lab is behind a ddwrt Linksys router which has an ntp client.
Can I sync to that router as I don't want to open Internet for any server?
CERTIFIED EXPERT
Top Expert 2012

Commented:
Yes you can sync to the router but make sure router is setup with a valid ntp server

Author

Commented:
Ok, that's a bummer. Will just set all servers to sync to dc, then make sure dc-time is pretty ok. It's a lab so not that important.
CERTIFIED EXPERT
Top Expert 2012

Commented:
The other servers will sync with DC automatically if they are part of the domain

http://tigermatt.wordpress.com/2009/08/01/windows-time-for-active-directory/
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.