Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Push server time down to workstations in Windows domain

Posted on 2013-06-26
8
Medium Priority
?
52,378 Views
2 Endorsements
Last Modified: 2016-04-13
Is there a way from our domain controller to push time synchronization down to all our domain client machines?  I have the NET TIME command in our login script, but I find that many of our clients rarely log on or off.  They just keep their computers logged in pretty much all the time and just "lock" it when they leave for the day.  It would be nice to update everyone from the server if possible.
2
Comment
Question by:jbobst
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 1200 total points
ID: 39278897
Yes, there is: remove the "net time" from your logon script and just do nothing; let Windows do it for you.
Any domain member will by default sync its time with the DC authenticating it, and DCs will sync with the PDC emulator.
On clients not syncing correctly, run the following commands:
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /resync /rediscover

Open in new window

The only machine in your network that normally needs to be told manually how to sync is the DC with the PDC emulator role. You can do that with these commands:
w32tm /config /manualpeerlist:<1.2.3.4>,0x8 /update
w32tm /resync

Open in new window

Time servers are here (I wouldn't use the default "time.windows.com"; I've found it to be unreliable); pick a time server geographically close to you, for example one of these:
A list of the Simple Network Time Protocol (SNTP) time servers that are available on the Internet
http://support.microsoft.com/kb/262680
The pool.ntp.org project
http://www.pool.ntp.org/
2
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 400 total points
ID: 39278952
You should only need to point your pdc emulator in the forest root to an authoritative server and let the windows time hierarchy take over from there.   Two of my favorite blogs on time

http://blogs.technet.com/b/nepapfe/archive/2013/03/01/it-s-simple-time-configuration-in-active-directory.aspx

http://tigermatt.wordpress.com/2009/08/01/windows-time-for-active-directory/

Thanks

Mike
1
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39279556
Make sure if you have a firewall in place you open udp port 123 for ntp traffic
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:jbobst
ID: 39279638
I already have a setup where my server sync's with an external time source.  I am trying to find out if there is a way to push down some command to the workstations to update their system clocks and sync with my active directory server (which already has the correct time).  I have it setup so that it sync's when the users login via a login script, but they often don't ever log out or back in very often.  I was just hoping there was a way to manually push the information from my server out to the clients.
0
 
LVL 85

Expert Comment

by:oBdA
ID: 39280386
Again: Take the "net time" command out of your logon script. "net time" is a remnant of Windows NT and deprecated, and unless the user is local Administrator, he has no permission to change the time anyway.
Since Windows 2000 and Active Directory, Windows by default takes care that all domain members automatically sync their times with the DC's time, because a common time is vital for AD to function.
There is no need to "push" out the time, there is no need to set the time in the logon script; the W32Time service takes care of this.
If clients don't have the correct time (more than 5 minutes difference to the DC), see my former comment in http:#a39278897 on how to reset the time service. If the time is still incorrect, make sure the time zone is set correctly and that the latest DST fixes are applied.
How the Windows Time Service Works
http://technet.microsoft.com/en-us/library/cc773013(v=ws.10).aspx
0
 
LVL 9

Assisted Solution

by:VirastaR
VirastaR earned 400 total points
ID: 39280990
Hi,

As oBdA reffered the answer you are looking for is hidden in this Technet Article.

How the Windows Time Service Works
http://technet.microsoft.com/en-us/library/cc773013(v=ws.10).aspx 

Let me hightlight for your convinience.

A computer uses one of the following methods to identify a time source to synchronize with:

•If the computer is not a member of a domain, it must be configured to synchronize with a specified time source.

•If the computer is a member server or workstation within a domain, by default, it follows the AD DS hierarchy and synchronizes its time with a domain controller in its local domain that is currently running the Windows Time service.


So, I hope that explains and answers your question that there is no PUSH Mechanism for Time Service in AD Environment.

Hope that helps :)
1
 
LVL 1

Author Comment

by:jbobst
ID: 39281724
I apologize...I completely missed what you guys were telling me.  My workstation WAS sync'd up with the server this morning, and I never ran the login script, where as yesterday, it was out of sync after I manually sync'd the server time with an outside time source.  I see what you are saying now, that the workstations sync automatically do it with active directory.  Sorry about being a bonehead.  

Now, my real problem then would seem to be how to do I keep my server time sync'd with an outside time source AUTOMATICALLY instead of manually.  I didn't want to confuse this question any more when I first asked it, but I have tried and tried with MS articles, other online articles, registry settings, etc. to get my Domain controller to automatically sync with an external time source, but it simply won't do it, even though I've followed a bunch of instructions online on how to do it.  I finally ended up downloading this application called Atomic Clock Service that was "free", but the free version only lets you manually sync up.  If you spend the $15 and buy the application, it's supposed to sync automatically at set intervals, but I've been cheap and haven't spent the $15.  I know this question isn't part of this thread, but I typically just manually sync my server every few weeks, but then of course I notice my workstations aren't in sync.  I usually just have everyone run the login script to fix it, but you guys have pointed out that it doesn't need to be run any more...just give it some time and it will do it automatically.  Thanks again...sorry for not getting the first answers!
0
 

Expert Comment

by:medium_grade
ID: 41549517
Here's a good tool for keeping your PDC emulator in sync.  It will sync the system time against any NTP server you point it to (has a few setup by default) and can act as a basic NTP server too (be sure to open the NTP port on your firewall).

http://www.timesynctool.com/

Also good if you have other non-windows devices you want to keep in sync. Not the cleanest solution, but effective.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question