Domain controller as time server for member computers, how?

Oddly enough this does not appear at top of list when asking Uncle G. So I'm asking you experts.

We have a domain MYDOMAIN.

Domain Controllers:
DC1 - primary dc
DC2 - secondary dc

Members of that domain are
COMPUTER1
COMPUTER2
COMPUTER3


All computers involved run Windows 2012 Server.


We want the clocks in computer 1-3 to be synced with the clock of the domain controller.

What's the most common sense approach to this?
Is there maybe a policy setting of something that can be set once and for all on the DC?
Ron DokkensirAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Radhakrishnan RSenior Technical LeadCommented:
Hi,

The PDC master must not be configured to synchronize with itself. If the PDC master is configured to synchronize with itself, you will get some error/warning in the event logs. The usual way of keeping the w32time within the domain would be a) Configure external time source on the PDC role holder b) let the domain members get the time from PDC.

The above method works bydefault unless you modified the NTD settings. To configure an external time source, refer this KB https://support.microsoft.com/en-us/kb/816042#bookmark-fixitformealways2 and section "Configuring the Windows Time service to use an external time source".

Download the msi and run it on the PDC. Follow the onscreen steps as per the KB.

Hope this helps.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ron DokkensirAuthor Commented:
Hi it do not work by default. The clocks do not sync automatically and they can manually be set differently the member computers.

All clocks should be locked to the PDC time.

How could you verify these settings?
0
Radhakrishnan RSenior Technical LeadCommented:
Hi,

Go to this location HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\ and look at the NtpServer and see which one is configured here?
1
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Ron DokkensirAuthor Commented:
Go to this location HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\ and look at the NtpServer and see which one is configured here?

On each member computer?
0
Radhakrishnan RSenior Technical LeadCommented:
On the PDC holder (DC) check the NTPServer. Also, the "Type" would be something like "NTP" if it is configured as external time source.

In the member computer, go to the same registry location and check the "Type" that should be NT5DS which means that the time source from PDC.
1
Ron DokkensirAuthor Commented:
>>The usual way of keeping the w32time within the domain would be a) Configure external time source on the PDC role holder b) let the domain members get the time from PDC.

This is a stand alone server application and we do not have an external time source, nor an internet time server. All member computers should have the PDC time, being it right or wrong.
 Any special settings for that?
0
Radhakrishnan RSenior Technical LeadCommented:
As per your initial post
"Domain Controllers:
DC1 - primary dc
DC2 - secondary dc "

If this is the case then it's applicable for you. You can either configure your ISP's time server or time.windows.com (common external time source).

""To configure an external time source, refer this KB https://support.microsoft.com/en-us/kb/816042#bookmark-fixitformealways2 and section "Configuring the Windows Time service to use an external time source".
0
Ron DokkensirAuthor Commented:
If this is the case then it's applicable for you. You can either configure your ISP's time server or time.windows.com (common external time source).

The DCs are not connected to internet either and we have no "atomic clock" or something like that.
0
Radhakrishnan RSenior Technical LeadCommented:
If the domain controller doesn't have internet connection to an outside time source, it will stop advertising as a "reliable" time server, but it will still be a time server. The clients will still synchronize their clocks against the domain controller. This will continue to happen, even if the domain controller is unsynchronized (at least by default).
The W32time client is just making periodic corrections to it. If it cannot sync with an external time server, the local clock will keep ticking, but will lose accuracy over time. The local hardware clock will drift by 1-10 seconds per day.

Is there any reason not having internet connection on the DC? how this getting windows updates then?
1
Ron DokkensirAuthor Commented:
>>Is there any reason not having internet connection on the DC?
Yes :)
0
Ron DokkensirAuthor Commented:
Good link indeed, thx!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.