Advertising new time server in domain environment

 

I can see on different forums that people are asking what happens when they transfer PDC Emulator Operation Master role to another Domain Controller. This is really important question as PDC Emulator is responsible for time management in domain environment. When you do not advertise new time server you might notice some time differences between your domain controllers and domain member servers.

This article shows the procedure on Windows Server 2012 R2 how to accomplish that properly but is also suitable for all earlier operating systems.

All the time when you transfer PDC Emulator role to another Domain Controller, you need to change configuration on both servers:

  • on previous PDC Emulator role holder
  • on the new PDC Emulator role holder

this will advertise new time server in your domain environment and you will prevent future issues because of that. The most often scenario of transferring PDC Emulator FSMO role to another DC is when you are promoting new Domain Controller based on newer operating system i.e:

  • promoting new Windows Server 2008/2008R2 DC in Windows Server 2003/2008 DC environment
  • promoting new Windows Server 2012/2012R2 DC in Windows Server 2003/2008/2008R2/2012 environment

in this particular case you need to do following things:

Log on directly or over Remote Desktop connection to the new PDC Emulator FSMO role holder and run elevated command prompt

Running elevated command prompt

Running elevated command prompt

Now, you need to configure external time server source from which you will synchronize time settings. This may be another device in your network (like Cisco ACS server) or any reliable external NTP server. The list of reliable NTP servers you may find on NTP Pool website

In this example I will use external NTP pool server for my region (Poland)

You need to use IP address or DNS name of NTP server during Domain Controller configuration, so if you want to use IP address then the first step is to ping DNS name and write down an IP address of the server

  • 95.158.95.123

this is the IP address resolved from pl.pool.ntp.org

Important! Before you start reconfiguring servers, please ensure if UDP/123 port is allowed on your router/firewall because NTP is using this particular port to synchronize time settings!

Now, in elevated command-line you need to run this command

w32tm.exe /config /manualpeerlist:95.158.95.123 /syncfromflags:manual /reliable:yes /update
Configuring NTP source on new PDC Emulator FSMO role holder

Configuring NTP source on new PDC Emulator FSMO role holder

or

w32tm.exe /config /manualpeerlist:pl.pool.ntp.org /syncfromflags:manual /reliable:yes /update
Configuring NTP source on new PDC Emulator FSMO role holder

Configuring NTP source on new PDC Emulator FSMO role holder

where /manualpeerlist:IPAddress or /manualpeerlist:DNSServerName is an NTP server to use in your environment

and restart Windows Time service

net stop w32time
net start w32time
Restarting Windows Time service

Restarting Windows Time service

Now, your new PDC Emulator FSMO role holder will synchronize time with specified NTP time source.

The last step is to reconfigure the old PDC Emulator Operation Master role holder to not advertise it as time server and pull time information from new PDC Emulator. To do that log on directly or over Remote Desktop connection to the server and type in command prompt (2003)/elevated command prompt (all newer OSes)

w32tm.exe /config /syncfromflags:domhier /reliable:no /update
Reconfiguring old PDC Emulator FSMO role holder

Reconfiguring old PDC Emulator FSMO role holder

and you need to also restart Windows Time service to complete whole operation

net stop w32time
net start w32time
Restarting Windows Time service

Restarting Windows Time service

That’s all! You have reconfigured your environment and advertised new time server in a domain.

Author: Krzysztof Pytko

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *