Setting up Time Server in AD

Hi all,

I have to setup a time server on our PDC holding DC. I have seen how to set it up but our HQ is in one city and some of the branches are 1 hour behind, some are 2 and some are 3. All branches are in the same country though. So When setting up the time server, if I add, will that work fine for all branches ?
Exchange UserSystems AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Gauresh_sakhalkarSenior Server AdministratorCommented:

I will suggest you to configure PDC as NTP server and to sync it's time with external time source '' for more accuracy. Please check if any of your domain controllers are virtual servers. If the DC is hosted on any virtual servers then please make sure you have disabled the time sync between host and guest. Also, On the additional domain controllers you can set the value of 'NtpServer' as ',0x1' to sync time

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Bob McCoyCommented:
I do not recommend changing the individual time settings on DCs.  You really need to know how time is used in an AD domain.
All workstations and member servers get their time from their authenticating DC.
All DCs get their time from the DC that holds the PDC emulator role.
The PDCe gets its time from an external time source, one of the pool servers, GPS, core router, etc.
All DCs are already time servers, evidences by the fact that netstat shows port 123 active.
You are much more likely seeing time zone issues that real time skew.  Active Directory uses Kerberos authentication and is set to allow for a maximum five minute skew, otherwise it considers those requests as replay attacks.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.