Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Push server time down to workstations in Windows domain

Posted on 2013-06-26
8
Medium Priority
?
54,530 Views
2 Endorsements
Last Modified: 2016-04-13
Is there a way from our domain controller to push time synchronization down to all our domain client machines?  I have the NET TIME command in our login script, but I find that many of our clients rarely log on or off.  They just keep their computers logged in pretty much all the time and just "lock" it when they leave for the day.  It would be nice to update everyone from the server if possible.
2
Comment
Question by:jbobst
8 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 1200 total points
ID: 39278897
Yes, there is: remove the "net time" from your logon script and just do nothing; let Windows do it for you.
Any domain member will by default sync its time with the DC authenticating it, and DCs will sync with the PDC emulator.
On clients not syncing correctly, run the following commands:
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /resync /rediscover

Open in new window

The only machine in your network that normally needs to be told manually how to sync is the DC with the PDC emulator role. You can do that with these commands:
w32tm /config /manualpeerlist:<1.2.3.4>,0x8 /update
w32tm /resync

Open in new window

Time servers are here (I wouldn't use the default "time.windows.com"; I've found it to be unreliable); pick a time server geographically close to you, for example one of these:
A list of the Simple Network Time Protocol (SNTP) time servers that are available on the Internet
http://support.microsoft.com/kb/262680
The pool.ntp.org project
http://www.pool.ntp.org/
2
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 400 total points
ID: 39278952
You should only need to point your pdc emulator in the forest root to an authoritative server and let the windows time hierarchy take over from there.   Two of my favorite blogs on time

http://blogs.technet.com/b/nepapfe/archive/2013/03/01/it-s-simple-time-configuration-in-active-directory.aspx

http://tigermatt.wordpress.com/2009/08/01/windows-time-for-active-directory/

Thanks

Mike
1
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39279556
Make sure if you have a firewall in place you open udp port 123 for ntp traffic
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 1

Author Comment

by:jbobst
ID: 39279638
I already have a setup where my server sync's with an external time source.  I am trying to find out if there is a way to push down some command to the workstations to update their system clocks and sync with my active directory server (which already has the correct time).  I have it setup so that it sync's when the users login via a login script, but they often don't ever log out or back in very often.  I was just hoping there was a way to manually push the information from my server out to the clients.
0
 
LVL 85

Expert Comment

by:oBdA
ID: 39280386
Again: Take the "net time" command out of your logon script. "net time" is a remnant of Windows NT and deprecated, and unless the user is local Administrator, he has no permission to change the time anyway.
Since Windows 2000 and Active Directory, Windows by default takes care that all domain members automatically sync their times with the DC's time, because a common time is vital for AD to function.
There is no need to "push" out the time, there is no need to set the time in the logon script; the W32Time service takes care of this.
If clients don't have the correct time (more than 5 minutes difference to the DC), see my former comment in http:#a39278897 on how to reset the time service. If the time is still incorrect, make sure the time zone is set correctly and that the latest DST fixes are applied.
How the Windows Time Service Works
http://technet.microsoft.com/en-us/library/cc773013(v=ws.10).aspx
0
 
LVL 9

Assisted Solution

by:VirastaR
VirastaR earned 400 total points
ID: 39280990
Hi,

As oBdA reffered the answer you are looking for is hidden in this Technet Article.

How the Windows Time Service Works
http://technet.microsoft.com/en-us/library/cc773013(v=ws.10).aspx 

Let me hightlight for your convinience.

A computer uses one of the following methods to identify a time source to synchronize with:

•If the computer is not a member of a domain, it must be configured to synchronize with a specified time source.

•If the computer is a member server or workstation within a domain, by default, it follows the AD DS hierarchy and synchronizes its time with a domain controller in its local domain that is currently running the Windows Time service.


So, I hope that explains and answers your question that there is no PUSH Mechanism for Time Service in AD Environment.

Hope that helps :)
1
 
LVL 1

Author Comment

by:jbobst
ID: 39281724
I apologize...I completely missed what you guys were telling me.  My workstation WAS sync'd up with the server this morning, and I never ran the login script, where as yesterday, it was out of sync after I manually sync'd the server time with an outside time source.  I see what you are saying now, that the workstations sync automatically do it with active directory.  Sorry about being a bonehead.  

Now, my real problem then would seem to be how to do I keep my server time sync'd with an outside time source AUTOMATICALLY instead of manually.  I didn't want to confuse this question any more when I first asked it, but I have tried and tried with MS articles, other online articles, registry settings, etc. to get my Domain controller to automatically sync with an external time source, but it simply won't do it, even though I've followed a bunch of instructions online on how to do it.  I finally ended up downloading this application called Atomic Clock Service that was "free", but the free version only lets you manually sync up.  If you spend the $15 and buy the application, it's supposed to sync automatically at set intervals, but I've been cheap and haven't spent the $15.  I know this question isn't part of this thread, but I typically just manually sync my server every few weeks, but then of course I notice my workstations aren't in sync.  I usually just have everyone run the login script to fix it, but you guys have pointed out that it doesn't need to be run any more...just give it some time and it will do it automatically.  Thanks again...sorry for not getting the first answers!
0
 

Expert Comment

by:medium_grade
ID: 41549517
Here's a good tool for keeping your PDC emulator in sync.  It will sync the system time against any NTP server you point it to (has a few setup by default) and can act as a basic NTP server too (be sure to open the NTP port on your firewall).

http://www.timesynctool.com/

Also good if you have other non-windows devices you want to keep in sync. Not the cleanest solution, but effective.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question