Managing Windows Time
Hello my friends
I got in Canada this morning at 6:00AM and around 8AM I had a time issue because the freaking atomic clock that I was using was down (Can you believe it? Well if you are using from USA, you can check the list of their status on this site http://tf.nist.gov/tf-cgi/servers.cgi).
So, the topic of Today is going to be Time! (when I say that I keep hearing Morgan Freeman initial speech on Through the Wormhole series. If you haven’t seen it, please do!).
There are several ways to implement time on your environment and Microsoft has great documents and KBs for that, but here are Andy’s two cents of advice:
- Active Directory is sensitive about time discrepancies, so be consitente
- I would recommend to create a sub-Organization Unit under Domain Controllers called PDC and move the main Domain Controller of your forest/domain to that OU and assign a GPO to synchronize with an atomic clock for that server
- All other DCs should synchronize for this special DC
- If you are using Virtualization make sure that your hosts are synchronizing from the DCs
- Disable the Time Sync with your virtualization product and let the Active Directory control that, in case you forget or miss that configuration in a machine the previous step will keep consistency
- Learn how to use the w32tm to help you out during the troubleshoot phase
Okay, now that you have it configured you can use these following cmdlets to help you to troubleshoot any time issues.
How do I know which NTP server my server is using?
w32tm /query /source
How do I start the refresh process?
w32tm /resync /nowait
Bear in mind that the difference is not going to drop 5 minutes in a single shot. It going to be a slow process.
How far are we from the atomic clock?
That is a piece of cake, just run w32tm /stripchart /computer:time.nrc.ca
By the way, if you have a server too much ahead and you want to make sure that the server is using your local DC, you can restart the Windows Time Service to refresh settings and it will bring the time to the local NTP/DC server.