• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 57782
  • Last Modified:

Push server time down to workstations in Windows domain

Is there a way from our domain controller to push time synchronization down to all our domain client machines?  I have the NET TIME command in our login script, but I find that many of our clients rarely log on or off.  They just keep their computers logged in pretty much all the time and just "lock" it when they leave for the day.  It would be nice to update everyone from the server if possible.
3 Solutions
Yes, there is: remove the "net time" from your logon script and just do nothing; let Windows do it for you.
Any domain member will by default sync its time with the DC authenticating it, and DCs will sync with the PDC emulator.
On clients not syncing correctly, run the following commands:
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /resync /rediscover

Open in new window

The only machine in your network that normally needs to be told manually how to sync is the DC with the PDC emulator role. You can do that with these commands:
w32tm /config /manualpeerlist:<>,0x8 /update
w32tm /resync

Open in new window

Time servers are here (I wouldn't use the default "time.windows.com"; I've found it to be unreliable); pick a time server geographically close to you, for example one of these:
A list of the Simple Network Time Protocol (SNTP) time servers that are available on the Internet
The pool.ntp.org project
Mike KlineCommented:
You should only need to point your pdc emulator in the forest root to an authoritative server and let the windows time hierarchy take over from there.   Two of my favorite blogs on time




Mike RoeCommented:
Make sure if you have a firewall in place you open udp port 123 for ntp traffic
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

jbobstAuthor Commented:
I already have a setup where my server sync's with an external time source.  I am trying to find out if there is a way to push down some command to the workstations to update their system clocks and sync with my active directory server (which already has the correct time).  I have it setup so that it sync's when the users login via a login script, but they often don't ever log out or back in very often.  I was just hoping there was a way to manually push the information from my server out to the clients.
Again: Take the "net time" command out of your logon script. "net time" is a remnant of Windows NT and deprecated, and unless the user is local Administrator, he has no permission to change the time anyway.
Since Windows 2000 and Active Directory, Windows by default takes care that all domain members automatically sync their times with the DC's time, because a common time is vital for AD to function.
There is no need to "push" out the time, there is no need to set the time in the logon script; the W32Time service takes care of this.
If clients don't have the correct time (more than 5 minutes difference to the DC), see my former comment in http:#a39278897 on how to reset the time service. If the time is still incorrect, make sure the time zone is set correctly and that the latest DST fixes are applied.
How the Windows Time Service Works
VirastaRUC Tech Consultant Commented:

As oBdA reffered the answer you are looking for is hidden in this Technet Article.

How the Windows Time Service Works

Let me hightlight for your convinience.

A computer uses one of the following methods to identify a time source to synchronize with:

•If the computer is not a member of a domain, it must be configured to synchronize with a specified time source.

•If the computer is a member server or workstation within a domain, by default, it follows the AD DS hierarchy and synchronizes its time with a domain controller in its local domain that is currently running the Windows Time service.

So, I hope that explains and answers your question that there is no PUSH Mechanism for Time Service in AD Environment.

Hope that helps :)
jbobstAuthor Commented:
I apologize...I completely missed what you guys were telling me.  My workstation WAS sync'd up with the server this morning, and I never ran the login script, where as yesterday, it was out of sync after I manually sync'd the server time with an outside time source.  I see what you are saying now, that the workstations sync automatically do it with active directory.  Sorry about being a bonehead.  

Now, my real problem then would seem to be how to do I keep my server time sync'd with an outside time source AUTOMATICALLY instead of manually.  I didn't want to confuse this question any more when I first asked it, but I have tried and tried with MS articles, other online articles, registry settings, etc. to get my Domain controller to automatically sync with an external time source, but it simply won't do it, even though I've followed a bunch of instructions online on how to do it.  I finally ended up downloading this application called Atomic Clock Service that was "free", but the free version only lets you manually sync up.  If you spend the $15 and buy the application, it's supposed to sync automatically at set intervals, but I've been cheap and haven't spent the $15.  I know this question isn't part of this thread, but I typically just manually sync my server every few weeks, but then of course I notice my workstations aren't in sync.  I usually just have everyone run the login script to fix it, but you guys have pointed out that it doesn't need to be run any more...just give it some time and it will do it automatically.  Thanks again...sorry for not getting the first answers!
Here's a good tool for keeping your PDC emulator in sync.  It will sync the system time against any NTP server you point it to (has a few setup by default) and can act as a basic NTP server too (be sure to open the NTP port on your firewall).


Also good if you have other non-windows devices you want to keep in sync. Not the cleanest solution, but effective.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now