3

I have 2 DC's. One is virtual, one is physical. The time on my domain is running fast. I suspect this is due to one of the DC's being virtual.

How can I set the domain to use the physical DC as the time master?

Edit: I mean the domain time is in sync, all DC's & all work stations have the exact same time. However the time is fast compared to an accutate time source for comparison (ie Cell phone), so today it's 30min fast, tomorrow it's 35min fast, the day after 40min, etc.

me2011
  • 319
  • 2
  • 3
  • 9
  • What do you mean "The time on my domain is running fast"? Time is relative. The time is fast relative to what? Do you mean that the time on domain members is out of sync? – joeqwerty Apr 23 '12 at 01:09

1 Answers1

4

You should transfer the PDC emulator FSMO role to the physical domain controller.

This is done by opening the Active Directory Users and Computers snap-in on the physical domain controller (or by specifically targeting it). Right click on the domain itself, choose operations masters, and transfer the role.

Then you should follow this: http://technet.microsoft.com/en-us/library/cc786897(v=ws.10).aspx

and point that PDC emulator DC to NIST, or Microsoft, or Apple or whoever you want as your time source.

Once this is done, all other domain controllers will sync to the time on the DC with the PDC emulator role, and workstations will sync to whichever domain controller responds to the SRV record lookups.

Other good reading (yes, you really should read it):

http://www.petri.co.il/transferring_fsmo_roles.htm

http://www.petri.co.il/understanding_fsmo_roles_in_ad.htm

SpacemanSpiff
  • 8,733
  • 1
  • 23
  • 35
  • Oh and while you're at it... point NTP on your virtualization host and any other non-domain-managed devices to your DC for time synchronization as well, that way logs line up when you troubleshoot an issue. – SpacemanSpiff Apr 23 '12 at 00:38
  • You can also reference THIS question: http://serverfault.com/questions/92617/domain-controller-time-is-7-minutes-fast – SpacemanSpiff Apr 23 '12 at 00:39
  • Good answer.. And all the time I have folks tell me the time issues with virtual DCs have been fully worked out. – Tim Brigham Apr 23 '12 at 02:14
  • Ehh... its not as bad as it used to be, but if you can have a physical one, why even deal with it? – SpacemanSpiff Apr 23 '12 at 02:16
  • I moved all the roles to the physical DC but the physical DC was still resetting it's time to that of the virtual DC. I did set the virtual DC to not sync with the host and did windows updates so with reboots maybe the time will be correct. We'll see in the morning. – me2011 Apr 26 '12 at 03:41
  • It may take a little bit for things to settle down. Did you follow the first link and configure NTP and recycle the windows time service? If you did that it shouldn't talk to anyone for time but the configured time providers. – SpacemanSpiff Apr 26 '12 at 14:00
  • Haven't setup the NTP yet. I just wanted to ensure the time was accuately pushed and not slipping badly anymore, which means it's more or less correct. It seems to be good now so I'll setup the NTP this weekend. Thanks for the help. – me2011 Apr 26 '12 at 18:57
  • It's possible that the BIOS time clock isn't good - digital watches bought from garages will probably have more accurate time crystals than some servers. – Tubs May 02 '12 at 10:08