If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.
Portion of domain no longer in sync with PDC
computers are no longer getting time from DC. We had a PDC DC fail. I cleaned up AD and built a new DC. Transferred all the FSMO roles. Both DC's are Windows 2016
Some of the servers are syncing with the PDC others are 1 minute off.
What is the best way to correct this and get the entire domain in sync
Some of the servers are syncing with the PDC others are 1 minute off.
What is the best way to correct this and get the entire domain in sync
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
I read through the article but saw nothing that explained why computers were no longer syncing with the PDC. It mostly discussed registry settings.
Did I miss something?
Did I miss something?
Some of the servers are syncing with the PDC others are 1 minute off.That is expected. DC is SNTP not NTP. If you want it to be more accurate you need to use NTP.
the PDC is NTP. The other DC is NT5DS. They are in sync. Also, we have 3 locations and at the other 2, all servers are in sync. So I do not want to disagree with you, but the location with the sync issue used to be in sync until the PDC failed
However, to be clear the bigger issue is the computers. They are not getting their time from the PDC. They are getting it from the local CMOS.
True on boot the computers will look at CMOS for time but once they login to the domain the computers should do a time sync with a DC.
If the CMOS time is incorrect (due to a failed CMOS battery causing it to get BIOS time) the time maybe to far out for the sync.
Other reasons are highlighted in this doc from MS:
https://docs.microsoft.com/en-us/windows-server/networking/windows-time-service/how-the-windows-time-service-works
The other link was windows time settings.
As noted above windows uses SNTP but MS calls it NTP and the PDCe can configured to receive NTP and all domain members to use NT5DS.
If the CMOS time is incorrect (due to a failed CMOS battery causing it to get BIOS time) the time maybe to far out for the sync.
Other reasons are highlighted in this doc from MS:
https://docs.microsoft.com/en-us/windows-server/networking/windows-time-service/how-the-windows-time-service-works
The other link was windows time settings.
As noted above windows uses SNTP but MS calls it NTP and the PDCe can configured to receive NTP and all domain members to use NT5DS.
I understand that the computers "should" be getting their time from the domain, however, they are not. They are getting it from the local CMOS. That is what I am trying to solve.
most computers are off by 45 seconds. One is off by 3 minutes. When I tried to adjust it, I got the message it was being controlled by the Administrator. It is a Win 10 machine.
I did try to change the time on 2 other computers that are using the local CMOS and I was able to.
In addition, the Win 10 computer when I do a Network search it only displays the Domain servers. Do not know if this is related?
I did try to change the time on 2 other computers that are using the local CMOS and I was able to.
In addition, the Win 10 computer when I do a Network search it only displays the Domain servers. Do not know if this is related?
below are some w32tm queries
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\g.wilson>w32tm /query /source
Local CMOS Clock
C:\Users\g.wilson>w32tm /query /status
Leap Indicator: 3(last minute has 61 seconds)
Stratum: 0 (unspecified)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0000000s
Root Dispersion: 0.0000000s
ReferenceId: 0x00000000 (unspecified)
Last Successful Sync Time: unspecified
Source: Local CMOS Clock
Poll Interval: 10 (1024s)
C:\Users\g.wilson>w32tm /query /peers
#Peers: 1
Peer: DCServer_2016.laspca.corp
State: Active
Time Remaining: 184.3378742s
Mode: 3 (Client)
Stratum: 0 (unspecified)
PeerPoll Interval: 0 (unspecified)
HostPoll Interval: 10 (1024s)
C:\Users\g.wilson>w32tm /query /source
Local CMOS Clock
C:\Users\g.wilson>w32tm /query /status
Leap Indicator: 3(last minute has 61 seconds)
Stratum: 0 (unspecified)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0000000s
Root Dispersion: 0.0000000s
ReferenceId: 0x00000000 (unspecified)
Last Successful Sync Time: unspecified
Source: Local CMOS Clock
Poll Interval: 10 (1024s)
C:\Users\g.wilson>
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\g.wilson>w32tm /query /source
Local CMOS Clock
C:\Users\g.wilson>w32tm /query /status
Leap Indicator: 3(last minute has 61 seconds)
Stratum: 0 (unspecified)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0000000s
Root Dispersion: 0.0000000s
ReferenceId: 0x00000000 (unspecified)
Last Successful Sync Time: unspecified
Source: Local CMOS Clock
Poll Interval: 10 (1024s)
C:\Users\g.wilson>w32tm /query /peers
#Peers: 1
Peer: DCServer_2016.laspca.corp
State: Active
Time Remaining: 184.3378742s
Mode: 3 (Client)
Stratum: 0 (unspecified)
PeerPoll Interval: 0 (unspecified)
HostPoll Interval: 10 (1024s)
C:\Users\g.wilson>w32tm /query /source
Local CMOS Clock
C:\Users\g.wilson>w32tm /query /status
Leap Indicator: 3(last minute has 61 seconds)
Stratum: 0 (unspecified)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0000000s
Root Dispersion: 0.0000000s
ReferenceId: 0x00000000 (unspecified)
Last Successful Sync Time: unspecified
Source: Local CMOS Clock
Poll Interval: 10 (1024s)
C:\Users\g.wilson>
From the machines with Local CMOS Clock, can you telnet to the time source (port udp 123)?
Also have a look at this link:
https://www.bluecompute.co.uk/blogposts/configuring-troubleshooting-windows-time-service/
Also have a look at this link:
https://www.bluecompute.co.uk/blogposts/configuring-troubleshooting-windows-time-service/
I could not telnet to time.windows.com or pool.ntp.org. I also could not ping time.windows.com, however, I could ping pool.ntp.org
The problem was I could not ping time.windows.com. I changed the registry to ntp.pool.org and that solved the problem.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
The solution posted by 65td was not the correct one, however, it pointed me in the right direction. See my post
Thanks to all
Thanks to all
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Excel 2007 Adva… 188 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Outlook 2007 Inte… 188 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
W32tm documentaion link:
https://docs.microsoft.com/en-us/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings