Configure Windows Time Service in Active Directory

As Active Directory heavily depends on kerberos authentication, it is important to be sure the time in the domain is synchronised to all servers and workstations. If this is not the case different problems can occur, like not being able to logon to the domain.

In Windows 2003 the clients automatically sync the time with the Domain Controller which holds the PDC Emulator role. This server needs to be configured to get the time from a internet time server or with an external Reference Clock.

If your server needs to sync with a internet time server, be sure to allow traffic through UDP port 123 (NTP).

Change the following registry keys on your DC (PDC Emulator).

1. The value (REG_SZ) needs to be : NTP (not NT5DS)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type

2. The value (REG_DWORD) needs to be : 5 (not 10)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags

3. The value (REG_SZ) needs to have the IP-address of the internet time server or external Reference Clock.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NtpServer

Restart the Time Service through the MMC or start a command prompt and type the following:

net stop w32time
net start w32time

If the time service is not synchronizing, you can log more information about the service by creating a debug file, as shown in KB 816043 (How to turn on debug logging in the Windows Time Service)

Comments

• Search for:

• Categories

  • General
  • Blackberry Enterprise Server (BES)
  • Exchange
  • Exchange 2000
  • Exchange 2003
  • Exchange 2007
  • Exchange 2010
  • Exchange 5.5
  • IIS
  • ISA
  • OCS 2007 R2
  • OCS 2010
  • Office Communition Server
  • Scripting
  • Windows
  • Wordpress Plugins

• Tags

  attachment BES certificate certification Client Access Commands communicator client Core Server DAG database availability group dcom error event id Exchange 2003 Exchange 2007 Exchange 2010 Google Apps hosted IIS imdb tag installation live communications server mailbox mcse OCS OCS 2007 R2 office communications server outlook outlook add-in OWA plugin private key receive connector rollup selfsigned Service Pack 1 Social Media SP1 ssldiag Unified Messaging upgrade windows 2008 Windows Server wordpress Wordpress Plugins

• Archives

  • April 2010
  • March 2010
  • February 2010
  • December 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • January 2009
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • December 2006
  • November 2006
  • October 2006
  • August 2006
  • May 2006
  • March 2006
  • February 2006
  • January 2006

   
 

• Wordpress Plugins

  
  IMDB Tag plugin: Download
  
  

• Pages

  • About
  • Admin Tools
  • Contact Me
  • Disclaimer
  • Geo Tag
  • How to ….
  • IMDB Tag
  • Privacy Policy
  • Scripts
  • SMTP Reply Codes
  • Tags
  • Send Mail from script, no smtp client required

• Other Sites

  • Astrid Willems
  • BKR lenen
  • File Information
  • Foxite.COM
  • How Much Does Internet Cost
  • Internet Speedometer
  • Musicopy
  • Owners Manual
  • Route 66 e-office

• Recent Comments

  • Roger Goodell on How to convert Linked Mailbox to User Mailbox
  • Leon on Winload.exe Windows 2008 – missing or corrupt
  • farhan on Microsoft Error Codes
  • Peter Zimmermann on Winload.exe Windows 2008 – missing or corrupt
  • Change Default Search Values on Active Directory « win sysadmin ideas on Set the MaxPageSize in Active Directory

• Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org