Push server time down to workstations in Windows domain

Posted on 2013-06-26
Medium Priority
2 Endorsements
Last Modified: 2016-04-13
Is there a way from our domain controller to push time synchronization down to all our domain client machines?  I have the NET TIME command in our login script, but I find that many of our clients rarely log on or off.  They just keep their computers logged in pretty much all the time and just "lock" it when they leave for the day.  It would be nice to update everyone from the server if possible.
Question by:jbobst
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 85

Accepted Solution

oBdA earned 1200 total points
ID: 39278897
Yes, there is: remove the "net time" from your logon script and just do nothing; let Windows do it for you.
Any domain member will by default sync its time with the DC authenticating it, and DCs will sync with the PDC emulator.
On clients not syncing correctly, run the following commands:
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /resync /rediscover

Open in new window

The only machine in your network that normally needs to be told manually how to sync is the DC with the PDC emulator role. You can do that with these commands:
w32tm /config /manualpeerlist:<>,0x8 /update
w32tm /resync

Open in new window

Time servers are here (I wouldn't use the default "time.windows.com"; I've found it to be unreliable); pick a time server geographically close to you, for example one of these:
A list of the Simple Network Time Protocol (SNTP) time servers that are available on the Internet
The pool.ntp.org project
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 400 total points
ID: 39278952
You should only need to point your pdc emulator in the forest root to an authoritative server and let the windows time hierarchy take over from there.   Two of my favorite blogs on time





Expert Comment

by:Mike Roe
ID: 39279556
Make sure if you have a firewall in place you open udp port 123 for ntp traffic
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.


Author Comment

ID: 39279638
I already have a setup where my server sync's with an external time source.  I am trying to find out if there is a way to push down some command to the workstations to update their system clocks and sync with my active directory server (which already has the correct time).  I have it setup so that it sync's when the users login via a login script, but they often don't ever log out or back in very often.  I was just hoping there was a way to manually push the information from my server out to the clients.
LVL 85

Expert Comment

ID: 39280386
Again: Take the "net time" command out of your logon script. "net time" is a remnant of Windows NT and deprecated, and unless the user is local Administrator, he has no permission to change the time anyway.
Since Windows 2000 and Active Directory, Windows by default takes care that all domain members automatically sync their times with the DC's time, because a common time is vital for AD to function.
There is no need to "push" out the time, there is no need to set the time in the logon script; the W32Time service takes care of this.
If clients don't have the correct time (more than 5 minutes difference to the DC), see my former comment in http:#a39278897 on how to reset the time service. If the time is still incorrect, make sure the time zone is set correctly and that the latest DST fixes are applied.
How the Windows Time Service Works

Assisted Solution

VirastaR earned 400 total points
ID: 39280990

As oBdA reffered the answer you are looking for is hidden in this Technet Article.

How the Windows Time Service Works

Let me hightlight for your convinience.

A computer uses one of the following methods to identify a time source to synchronize with:

•If the computer is not a member of a domain, it must be configured to synchronize with a specified time source.

•If the computer is a member server or workstation within a domain, by default, it follows the AD DS hierarchy and synchronizes its time with a domain controller in its local domain that is currently running the Windows Time service.

So, I hope that explains and answers your question that there is no PUSH Mechanism for Time Service in AD Environment.

Hope that helps :)

Author Comment

ID: 39281724
I apologize...I completely missed what you guys were telling me.  My workstation WAS sync'd up with the server this morning, and I never ran the login script, where as yesterday, it was out of sync after I manually sync'd the server time with an outside time source.  I see what you are saying now, that the workstations sync automatically do it with active directory.  Sorry about being a bonehead.  

Now, my real problem then would seem to be how to do I keep my server time sync'd with an outside time source AUTOMATICALLY instead of manually.  I didn't want to confuse this question any more when I first asked it, but I have tried and tried with MS articles, other online articles, registry settings, etc. to get my Domain controller to automatically sync with an external time source, but it simply won't do it, even though I've followed a bunch of instructions online on how to do it.  I finally ended up downloading this application called Atomic Clock Service that was "free", but the free version only lets you manually sync up.  If you spend the $15 and buy the application, it's supposed to sync automatically at set intervals, but I've been cheap and haven't spent the $15.  I know this question isn't part of this thread, but I typically just manually sync my server every few weeks, but then of course I notice my workstations aren't in sync.  I usually just have everyone run the login script to fix it, but you guys have pointed out that it doesn't need to be run any more...just give it some time and it will do it automatically.  Thanks again...sorry for not getting the first answers!

Expert Comment

ID: 41549517
Here's a good tool for keeping your PDC emulator in sync.  It will sync the system time against any NTP server you point it to (has a few setup by default) and can act as a basic NTP server too (be sure to open the NTP port on your firewall).


Also good if you have other non-windows devices you want to keep in sync. Not the cleanest solution, but effective.

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Course of the Month10 days, 14 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question