Push server time down to workstations in Windows domain

Is there a way from our domain controller to push time synchronization down to all our domain client machines?  I have the NET TIME command in our login script, but I find that many of our clients rarely log on or off.  They just keep their computers logged in pretty much all the time and just "lock" it when they leave for the day.  It would be nice to update everyone from the server if possible.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Yes, there is: remove the "net time" from your logon script and just do nothing; let Windows do it for you.
Any domain member will by default sync its time with the DC authenticating it, and DCs will sync with the PDC emulator.
On clients not syncing correctly, run the following commands:
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /resync /rediscover

Open in new window

The only machine in your network that normally needs to be told manually how to sync is the DC with the PDC emulator role. You can do that with these commands:
w32tm /config /manualpeerlist:<>,0x8 /update
w32tm /resync

Open in new window

Time servers are here (I wouldn't use the default "time.windows.com"; I've found it to be unreliable); pick a time server geographically close to you, for example one of these:
A list of the Simple Network Time Protocol (SNTP) time servers that are available on the Internet
The pool.ntp.org project

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mike KlineCommented:
You should only need to point your pdc emulator in the forest root to an authoritative server and let the windows time hierarchy take over from there.   Two of my favorite blogs on time




Mike RoeCommented:
Make sure if you have a firewall in place you open udp port 123 for ntp traffic
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

jbobstAuthor Commented:
I already have a setup where my server sync's with an external time source.  I am trying to find out if there is a way to push down some command to the workstations to update their system clocks and sync with my active directory server (which already has the correct time).  I have it setup so that it sync's when the users login via a login script, but they often don't ever log out or back in very often.  I was just hoping there was a way to manually push the information from my server out to the clients.
Again: Take the "net time" command out of your logon script. "net time" is a remnant of Windows NT and deprecated, and unless the user is local Administrator, he has no permission to change the time anyway.
Since Windows 2000 and Active Directory, Windows by default takes care that all domain members automatically sync their times with the DC's time, because a common time is vital for AD to function.
There is no need to "push" out the time, there is no need to set the time in the logon script; the W32Time service takes care of this.
If clients don't have the correct time (more than 5 minutes difference to the DC), see my former comment in http:#a39278897 on how to reset the time service. If the time is still incorrect, make sure the time zone is set correctly and that the latest DST fixes are applied.
How the Windows Time Service Works
VirastaRUC Tech Consultant Commented:

As oBdA reffered the answer you are looking for is hidden in this Technet Article.

How the Windows Time Service Works

Let me hightlight for your convinience.

A computer uses one of the following methods to identify a time source to synchronize with:

•If the computer is not a member of a domain, it must be configured to synchronize with a specified time source.

•If the computer is a member server or workstation within a domain, by default, it follows the AD DS hierarchy and synchronizes its time with a domain controller in its local domain that is currently running the Windows Time service.

So, I hope that explains and answers your question that there is no PUSH Mechanism for Time Service in AD Environment.

Hope that helps :)
jbobstAuthor Commented:
I apologize...I completely missed what you guys were telling me.  My workstation WAS sync'd up with the server this morning, and I never ran the login script, where as yesterday, it was out of sync after I manually sync'd the server time with an outside time source.  I see what you are saying now, that the workstations sync automatically do it with active directory.  Sorry about being a bonehead.  

Now, my real problem then would seem to be how to do I keep my server time sync'd with an outside time source AUTOMATICALLY instead of manually.  I didn't want to confuse this question any more when I first asked it, but I have tried and tried with MS articles, other online articles, registry settings, etc. to get my Domain controller to automatically sync with an external time source, but it simply won't do it, even though I've followed a bunch of instructions online on how to do it.  I finally ended up downloading this application called Atomic Clock Service that was "free", but the free version only lets you manually sync up.  If you spend the $15 and buy the application, it's supposed to sync automatically at set intervals, but I've been cheap and haven't spent the $15.  I know this question isn't part of this thread, but I typically just manually sync my server every few weeks, but then of course I notice my workstations aren't in sync.  I usually just have everyone run the login script to fix it, but you guys have pointed out that it doesn't need to be run any more...just give it some time and it will do it automatically.  Thanks again...sorry for not getting the first answers!
Here's a good tool for keeping your PDC emulator in sync.  It will sync the system time against any NTP server you point it to (has a few setup by default) and can act as a basic NTP server too (be sure to open the NTP port on your firewall).


Also good if you have other non-windows devices you want to keep in sync. Not the cleanest solution, but effective.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.