Archive for November 2012

Active Directory Time Synchronisation

What is Time Synchronisation?

Time synchronization is an important feature for all computers on the network. By default, the clients computers get their time from a Domain Controller and the Domain Controller gets his time from the domain’s PDC Operation Master. The PDC must synchronize their time from a reliable external time source.

Windows Server includes W32Time, the Time Service tool that is required by the Kerberos authentication protocol. The Windows Time service makes sure that all computers in an organization that are running the Microsoft Windows Server operating system or later versions use a common time.

Basic Operation of the Windows Time Service

http://support.microsoft.com/kb/224799

Pre Requisites

You will need to open the default UDP 123 port (inbound and outbound) on your corporate firewall to allow time synchronisation

What external time servers can I use?

http://www.pool.ntp.org/en/use.html

Instructions

  • First you need to find your PDC Server. Open the Command Prompt and type netdom /query fsmo. Our servers have been blanked out below but you will see your servers listed

  • Log on to your PDC and stop the W32Time Service. Type net stop w32time
  • Configure the external time source

  • Make your PDC a reliable time source for the clients. Type w32tm /config /reliable:yes
  • Type w32tm /config update
  • Type w32tm /config resync
  • Type net start w32time
  • The Windows Time Service should begin synchronizing the time. You can check the external NTP servers in the time configuration by typing the following commands

w32tm /query /configuration

w32tm /query /peers

w32tm /query /status

  • Check the Event Viewer for any errors.