Correct time drift throughout entire Windows domain

windows domain time time-synchronization
5,770

Upping the tolerance would probably work, however you would probably want to allow more than 90 minutes. I would wait at least a day.

Here are some additional considerations:

  • Disable any hardware clock synchronization for domain controllers that are virtuals/guests.

  • Configure the PDC Emulator role domain controller to synchronize with an external time source.

  • Configure the registry values using group policy for the following settings to be 48 hours (MaxNegPhaseCorrection, MaxPosPhaseCorrection decimal: 172800, hex: 0x0002A300)

  • Configure all other domain controllers, member servers, and workstations to use the domain hierarchy for time synchronization (NT5DS).

  • If you do not use the PDC Emulator role domain controller for the external time synchronization, it should not be a domain controller with any of the other infrastructure master roles.

Configuring a time source for the forest
http://technet.microsoft.com/en-us/library/cc784800%28v=ws.10%29.aspx

How the Windows Time Service Works
http://technet.microsoft.com/en-en/library/cc773013%28v=ws.10%29.aspx

AD DS: The value of MaxPosPhaseCorrection on this domain controller should be equal to 48 hours
http://technet.microsoft.com/en-us/library/dd723684%28v=ws.10%29.aspx

Share:
5,770
Kez
Author by

Kez

I work in IT but between you and me, I hate computers with a passion. I'm not your average IT geek. Worked in IT since 1999, gained a couple of certifications with Microsoft and next up is Cisco's CCNA. Gulp.

Updated on September 18, 2022

Comments

  • Kez
    Kez almost 2 years

    I have done a lot of research but failed to find a reliable answer to our problem.

    The short story is our entire Windows domain is running 35 minutes slow. I.e. servers and workstations. I think this is due to the operations master role being assigned to a Hyper-V VM. We have since moved the role over to a physical server. Unfortunately, I have inherited this from the wonderful ex-support company.

    My plan (just an idea!):

    1. Change "Maximum tolerance for computer clock synchronization" from 5 minutes to 60 minutes for the Default Domain GPO and wait a couple of hours for it to push out to the workstations? It replicates every 90 minutes by default, right?

    2. Set an external time source on the DC with the operations master role. This should then update other servers and workstations in turn.

    To ensure I am asking a straightforward question here, what is the safest and most efficient way to correct the time drift within the entire network? Obviously, immediately changing the time on the DC will cause major issues with kerberos authentication.

    • user1364702
      user1364702 about 12 years
      I could have sworn I saw an episode of MacGuyver with a similar issue involving an alarm clock tied to a time lock. Maybe you could speed up the AC current frequency to your building for a little while, speeding up all the system clocks?
    • Zoredache
      Zoredache about 12 years
      Have you considered just manually stepping the time a couple minutes a few times a day?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

High time accuracy on Windows Servers - alternatives to w32tm?
Domain Controller time won't sync with NTP server
Time not propagating to machines on Windows domain
Redirecting time.windows.com to internal server
Windows Server unable to synchronize NTP time reliably
Windows 7 machines won't sync time
Why are my servers clock out of sync?
Stop sync windows 2008 r2 clock
C++ windows time
Synchronizing time between two Windows 7 machines connected with a LAN cable