none
AD PDC time service RRS feed

  • Question

  • Good afternoon,
    I am working at a secured environment that is disconnected from the internet.
    We run 2 domain controller and 1 of them is the PDC.
    The workstations are not synchronising with the PDC. When telling them specific to use PDC as time source they fall back to local cmos
    We entered the correct time manually in the PDC and are working on a valid time source but at this time we don't have access to one.
    On the PDC we entered w32tm /config /reliable:yes
    Clients do not sync from this PDC.
    Can the PDC be a reliable time source if the PDC is not syncing with a valid NTP source?
    Server is 2012 R2
    Let me know if you need more information

    Tuesday, September 17, 2019 1:43 PM

All replies

  • All domain members should use NT5DS domain time. Desktops and member servers sync with any domain controller. Domain controllers sync with PDC emulator, PDCe syncs with either a hardware clock or possibly an external source.
    https://blogs.technet.microsoft.com/nepapfe/2013/03/01/its-simple-time-configuration-in-active-directory/

    Domain members would follow the time from PDCe regardless of whether its correct or not. 

    on desktops, member servers, and domain controllers other than PDC emulator you can reset;

    w32tm /unregister
    net stop w32time
    w32tm /register
    net start w32time
    w32tm /config /syncfromflags:domhier /update
    net stop w32time
    net start w32time

    then check

    w32tm /query /source
    w32tm /query /configuration

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.


    Tuesday, September 17, 2019 1:57 PM
  • Hello,
    Thank you for posting in our technet forum.

    >>Can the PDC be a reliable time source if the PDC is not syncing with a valid NTP source?

    Yes, we can. But if the PDC has hardware problem or can not running, the time on other workstations may be not correct. So we recommend that we configure an external NTP time server for PDC.


    To ensure the time on the workstations can sync with the PDC. We can check if we configure the time on workstations with PDC.

    1. GPO configuration:

    Other domain controllers, member servers and workstation:

    We need to create a Group Policy in which you will enable and configure the following parameters:

    Computer Configuration\Policies\Administration Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client should be enabled with “NT5DS” as Type

    NT5DS is domain hierarchy based time synchronization.

    The group policy needs to be linked to the domain level of all domains existing in the Active Directory forest. Please note here that for the group policy that will be linked to the Forest Root domain the PDC Emulator in this domain should be excluded from the appliance. This could be done by forcing a deny of Apply group policy permission in the advanced delegation tab of the group policy.


    2. Or registry configuration:

    ===other DC & Client===
    Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
    Key Name: Type
    Type: REG_SZ(String Value)
    Data: NT5DS
     
    Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
    Key Name: AnnounceFlags
    Type: REG_DWORD (DWORD Value )
    Data: 0xa


    After that, restart time server with command net stop w32time && net start w32time.


    Reference:
    Time Synchronization in Active Directory Forests
    https://social.technet.microsoft.com/wiki/contents/articles/18573.time-synchronization-in-active-directory-forests.aspx



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, September 18, 2019 7:53 AM
    Moderator
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 20, 2019 1:59 AM
    Moderator

  • Hi,
    I am just writing to see if this question has any update. If anything is unclear, please feel free to let us know.

    Thanks for your time and have a nice day!


    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, September 23, 2019 10:13 AM
    Moderator