Synchronizing your Windows 2003 Domain
The Best Way
Now I know there are many ways to do this and I have tried them all. Seriously! In my experience this is the best way to get your domain synchronized and stay synchronized.
You need the PDCE Role
- To check the PDCE role, open Active Directory Users and Computers, use this link:http://support.microsoft.com/kb/324801
- It’s best to let the PDCE role continue to provide the timesource for the domain. Since it is standard, you won’t have to go looking for it later; plus it’s easier to setup. If you want the Exchange server to perform the function, you’ll have to point it at a timesource, then point the PDCE at the Exchange server.
- You’ll only need to perform the steps on servers/PCs that don’t have the right time.
All machines in your domain need to be within 5 minutes of one another – otherwise you’ll get authentication errors.
Change Group Policy
In the Default Domain Controller policy GPO you’ll find a “Windows Time Service” located under the Computer Configuration > Administrative Templates > System. In there, click on “Time Providers” and configure “Enable Windows NTP Server”.
Then create a GPO for the rest of your domain. In the same place, configure the NTP client options.
Add this to a log-on batch file to make sure the time syncs when you log-on. The second line will change the time zone.
net time /set /y
RunDLL32 shell32.dll,Control_RunDLL %SystemRoot%\system32\TIMEDATE.cpl,,/Z GMT Standard TimeFinally, for those computers that are out of sync
From a command prompt window
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /sync /rediscover /nowait
That’s it. I hope this helps…
Related Posts
- Microsoft combating Apple with new stores
- An Open Letter to Protesters
- Synchronizing your Windows 2003 Domain
- OpenDNS, the Safe way to Browse the Internet
- Extend your partition in Windows Server 2003
Hey Jim, thanks for checking out the site and commenting :)