Windows Time Service | Windows .NET Server 2003 Domains & Active Directory

Windows Time service provides computer clock synchronization for domain clients and domain controllers. This is especially important on client computers running Windows/XP/.NET and domain controllers since all of them rely on authentication procedure that use Kerberos V5 protocol, which by default requires clock synchronization with a delta of 5 minutes. The service operation is defined by registry settings located in the HKLM\SYSTEM\CurrentControlSet\Services\W32Time key. (This key will be the reference for all registry values mentioned in this section.)

Domain clients running Windows XP/.NET will automatically synchronize their clocks with the PDC Emulator time upon their startup and authentication in the domain. A domain's PDC Emulator, in turn, synchronizes its clock with the clock of the PDC Emulator of a parent or forest root domain. The forest root domain's PDC Emulator should synchronize its clock with an external timeserver(s) or you can leave it "as is".

To specify an external timeserver, use the net time /SETSNTP: timeSrvName command. On Windows .NET DCs, you can also use the command

    C:\>w32tm /config /manualpeerlist: timeSrvName /update

By default, all computers running Windows XP/.NET use the time.windows.com site as the timeserver.

On a Windows .NET DC, to disable synchronization with an external timeserver, you may set the registry value Parameters\Type to Nosync, clear the Parameters\NtpServer value, and stop the NTP Client by setting the TimeProviders\NtpClient\Enabled value to zero). On a Windows 2000 DC, you may use the following command:

    C:\>net time /SETSNTP:w2kdc2.w2k.dom,

where w2kdc2.w2k.dom is the PDC Emulator name.

Note

Each time you change the settings of the Windows Time service, restart it by using the Service snap-in or from the command prompt (with the net stop w32time and net start w32time commands).

When a client running Windows XP/.NET joins a domain, the Parameters\Type value is automatically changed from default NTP to NT5DS. The same change is performed on Windows .NET servers when they are promoted to domain controllers. On clients and domain controllers running Windows 2000, you may either manually set the Parameters\Type value or use the net time /SETSNTP command.

On computers running Windows XP/.NET, the following sample command allows you to view the timeserver (marked as PDC) as well as the time offsets for computers in the net.dom domain (if this parameter is omitted, the current domain is tested):

     C:\>w32tm /monitor /domain:net.dom     netdc1.net.dom *** PDC *** [192.168.1.2]:         ICMP: 0ms delay.         NTP: +0.0000000s offset from netdc1.net.dom             RefID: 'LOCL' [76.79.67.76]     netdc4.net.dom [192.168.1.103]:         ICMP: 0ms delay.         NTP: -0.0100835s offset from netdc1.net.dom             RefID: netdc1.net.dom [192.168.1.2]