Recipe 3.13 Configuring a Domain Controller to Use an External Time Source

3.13.1 Problem

You want to set the reliable time source for a domain controller.

3.13.2 Solution

3.13.2.1 Using a command-line interface

Run the following commands from the command line on a domain controller:

> net time /setsntp:<TimeServerNameOrIP> > net stop w32time > net start w32time
3.13.2.2 Using VBScript
' This codes configures a reliable time source on a domain controller ' ------ SCRIPT CONFIGURATION ------ strPDC = "<DomainControllerName>"       ' e.g. dc01.rallencorp.com strTimeServer = "<TimeServerNameOrIP>"  ' e.g. ntp01.rallencorp.com ' ------ END CONFIGURATION --------- strTimeServerReg = "SYSTEM\CurrentControlSet\Services\W32Time\Parameters" const HKLM = &H80000002 set objReg = GetObject("winmgmts:\\" & strPDC & "\root\default:StdRegProv") objReg.GetStringValue HKLM, strTimeServerReg, "ntpserver", strCurrentServer WScript.Echo "Current Value: " & strCurrentServer objReg.SetStringValue HKLM, strTimeServerReg, "ntpserver", strTimeServer objReg.SetStringValue HKLM, strTimeServerReg, "type", "NTP" strCurrentServer = "" objReg.GetStringValue HKLM, strTimeServerReg, "ntpserver", strCurrentServer WScript.Echo "New Value: " & strCurrentServer ' Restart Time Service set objService = GetObject("winmgmts://" & strPDC & _                            "/root/cimv2:Win32_Service='W32Time'") WScript.Echo "Stopping " & objService.Name objService.StopService( ) Wscript.Sleep 2000  ' Sleep for 2 seconds to give service time to stop WScript.Echo "Starting " & objService.Name objService.StartService( )

3.13.3 Discussion

You need to set a reliable time source on the PDC Emulator FSMO for only the forest root domain. All other domain controllers sync their time either from that server or from a PDC (or designated time server) within their own domain. The list of external time servers is stored in the registry under the W32Time Service registry key in the following location: HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\ntpserver.

If you want a domain controller, such as the PDC, to use an external time source, you have to set the ntpserver registry value along with the type value. The default value for type on a domain controller is Nt5DS, which means that the domain controller will use the Active Directory domain hierarchy to find a time source. You can override this behavior and have a domain controller contact a non-DC time source by setting type to NTP. In the CLI example, the /setsntp switch automatically sets the type value to NTP. In the VBScript solution, I had to set it in the code.

After setting the time server, the W32Time service should be restarted for the change to take effect. You can check that the server was set properly by running the following command:

> net time /querysntp

Since the PDC Emulator is the time source for the other domain controllers, you should also make sure that it is advertising the time service, which you can do with the following command:

> nltest /server:<DomainControllerName> /dsgetdc:<DomainDNSName> /TIMESERV

3.13.4 See Also

MS KB 216734 (How to Configure an Authoritative Time Server in Windows 2000), MS KB 223184 (Registry Entries for the W32Time Service), MS KB 224799 (Basic Operation of the Windows Time Service), MSDN: StdRegProv, and MSDN: Win32_Service



Active Directory Cookbook
Active Directory Cookbook, 3rd Edition
ISBN: 0596521103
EAN: 2147483647
Year: 2006
Pages: 456

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net