Sign in to vote. Please advice. Friday, May 4, AM. In order to make the new Windows server to get time from the internet and serve as a time server, do I just simply run these on the new PDC: Assuming you have already transferred the PDC emulator role then yes Do I need to go to all the other DCs including the old Windows PDC and run the below commands? Hi, Was your issue resolved?
Best Regards, William Please remember to mark the replies as answers if they help and unmark them if they provide no help. Friday, May 11, AM. Monday, May 14, AM. Please note here that for the group policy that will be linked to the Forest Root domain the PDC Emulator in this domain should be excluded from the appliance. This could be done by forcing a deny of Apply group policy permission in the advanced delegation tab of the group policy.
Office Office Exchange Server. Not an IT pro? United States English. Post an article. Subscribe to Article RSS. Click Sign In to add the tip, solution, correction or comment that will help other users. Report inappropriate content using these instructions. The time service in Windows NT Server 4. For example, if your domain is configured to synchronize time by using the domain hierarchy-based method of synchronization and you want computers in the domain hierarchy to synchronize time with a Windows NT 4.
Windows NT 4. Therefore, to ensure accurate time synchronization across your network, it is recommended that you upgrade any Windows NT 4. The Windows Time service is designed to synchronize the clocks of computers on a network. The network time synchronization process, also called time convergence, occurs throughout a network as each computer accesses time from a more accurate time server.
Time convergence involves a process by which an authoritative server provides the current time to client computers in the form of NTP packets. The information provided within a packet indicates whether an adjustment needs to be made to the computer's current clock time so that it is synchronized with the more accurate server.
As part of the time convergence process, domain members attempt to synchronize time with any domain controller located in the same domain. If the computer is a domain controller, it attempts to synchronize with a more authoritative domain controller. Computers running Windows XP Home Edition or computers that are not joined to a domain do not attempt to synchronize with the domain hierarchy, but are configured by default to obtain time from time. To establish a computer running Windows Server as authoritative, the computer must be configured to be a reliable time source.
By default, the first domain controller that is installed on a Windows Server domain is automatically configured to be a reliable time source. Because it is the authoritative computer for the domain, it must be configured to synchronize with an external time source rather than with the domain hierarchy.
Also by default, all other Windows Server domain members are configured to synchronize with the domain hierarchy. After you have established a Windows Server network, you can configure the Windows Time service to use one of the following options for synchronization:.
Synchronization that is based on a domain hierarchy uses the AD DS domain hierarchy to find a reliable source with which to synchronize time. Based on domain hierarchy, the Windows Time service determines the accuracy of each time server.
In a Windows Server forest, the computer that holds the primary domain controller PDC emulator operations master role, located in the forest root domain, holds the position of best time source, unless another reliable time source has been configured.
The following figure illustrates a path of time synchronization between computers in a domain hierarchy. A computer that is configured to be a reliable time source is identified as the root of the time service.
The root of the time service is the authoritative server for the domain and typically is configured to retrieve time from an external NTP server or hardware device. A time server can be configured as a reliable time source to optimize how time is transferred throughout the domain hierarchy.
If a domain controller is configured to be a reliable time source, Net Logon service announces that domain controller as a reliable time source when it logs on to the network. When other domain controllers look for a time source to synchronize with, they choose a reliable source first if one is available. A cycle in the synchronization network occurs when time remains consistent between a group of domain controllers and the same time is shared between them continuously without a resynchronization with another reliable time source.
The Windows Time service's time source selection algorithm is designed to protect against these types of problems. If the computer is not a member of a domain, it must be configured to synchronize with a specified time source.
If the computer is a member server or workstation within a domain, by default, it follows the AD DS hierarchy and synchronizes its time with a domain controller in its local domain that is currently running the Windows Time service. If the computer is a domain controller, it makes up to six queries to locate another domain controller to synchronize with. Each query is designed to identify a time source with certain attributes, such as a type of domain controller, a particular location, and whether or not it is a reliable time source.
The time source must also adhere to the following constraints:. A PDC emulator can synchronize with a reliable time source in its own domain or any domain controller in the parent domain. If the domain controller is not able to synchronize with the type of domain controller that it is querying, the query is not made. The domain controller knows which type of computer it can obtain time from before it makes the query. For example, a local PDC emulator does not attempt to query numbers three or six because a domain controller does not attempt to synchronize with itself.
The following table lists the queries that a domain controller makes to find a time source and the order in which the queries are made.
A domain controller does not attempt to synchronize with itself. Each query returns a list of domain controllers that can be used as a time source. Windows Time assigns each domain controller that is queried a score based on the reliability and location of the domain controller. The following table lists the scores assigned by Windows Time to each type of domain controller. When the Windows Time service determines that it has identified the domain controller with the best possible score, no more queries are made.
The scores assigned by the time service are cumulative, which means that a PDC emulator located in the same site receives a score of nine. If the root of the time service is not configured to synchronize with an external source, the internal hardware clock of the computer governs the time. Manually-specified synchronization enables you to designate a single peer or list of peers from which a computer obtains time.
In the pane on the right, right-click NtpServer , and then select Modify. Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0x1 to the end of each DNS name.
If you do not append ,0x1 to the end of each DNS name, the changes that you make in step 5 will not take effect. TimeInSeconds is a placeholder for a reasonable value, such as 1 hour or 30 minutes The value that you select will depend on the poll interval, network condition, and external time source.
At the command prompt, type the following command to restart the Windows Time service, and then press Enter:. For the Windows Time service to function correctly, the networking infrastructure must function correctly. The most common problems that affect the Windows Time service include the following:. We recommend that you use the Netdiag.
0コメント