As great as computers are at crunching numbers, it’s sometimes shocking just how poor they are at timekeeping. How many times have you looked at the time on your server and found that the clock has drifted several minutes or more from the actual time? On older networks, time drifts were simply annoying, but they’re not anymore.

Today’s networks are much more demanding when it comes to precise timing. Active Directory requires time to be synchronized and accurate throughout your network. It’s equally important to have consistent timing in large Windows NT 4.0 networks. And although you can have your servers synchronize with a central server on your network, how do you make sure that at least one server on your network always has the exact time?

Fortunately, you can use the Internet to ensure proper time on your network. In this Daily Feature, I’ll show you how to do so on your Windows 2000 server.
In this Daily Feature, we’ll only be discussing using the Net Time command under Windows 2000. For information about synchronizing time on your Windows NT server with the Internet, see the Daily Drill Down “Keeping time on your NT network.”
The Internet as a time source
By now you’re probably more than familiar with the HTTP and FTP protocols that fly down the Internet every day. But there’s another protocol called Network Time Protocol (NTP) that you may not be as aware of.

NTP allows you to synchronize the time on your servers or workstations with centrally located and precisely timed time servers on the Internet. These time servers are usually tied to cesium clocks, which are used as the basis for correct time by many international organizations. For more information about the NTP protocol and where you can access these time servers, see the TechRepublic article “Keeping Network Time Protocol with the Time Synchronization Server.”

You can use NTP and Internet time servers to set the clock on one of your network servers; you can then use that server as a reference server for all of the other Windows 2000 servers on your network. To do so, you can use the Net Time command and the Windows Time service.

How Windows 2000 deals with time
Windows 2000 is very dependent upon proper network time. Windows 2000 uses time for Active Directory synchronization as well as for Kerberos. All of your Windows 2000 servers must have a common time or things can get pretty messy.

Windows 2000 servers use the Windows Time service, known as W32Time, to ensure common time usage by clients and servers on the network. Windows 2000 computers use a complex hierarchy when synchronizing time. Network client desktops and member servers obtain their time from the domain controller that authenticated them on the network. Domain controllers use the domain controller with the PDC (Primary Domain Controller) emulator FSMO (Flexible Single Master Operation) role to determine the time they use. In a multiple domain forest, the PDC emulator at the root of the AD forest controls time for the entire enterprise.
Usually, Active Directory and the domain controllers determine which domain controller is going to serve as the PDC emulator when you install Windows 2000 on your network. You can change that; however, the procedure for doing so is beyond the scope of this article. To find out more about Active Directory operations masters, check the Daily Drill Down “Understanding Windows 2000 domain controller operations master roles.”
Keeping in mind how Windows 2000 computers find time sources, you can decide which computer to connect to an external source. For example, if you have a multiple domain forest, you’d use the PDC emulator at the root of the forest because everything else in the forest will ultimately key off this server. Fortunately, you can use the Net Time command to synchronize time with external NTP time servers.

The Net Time command
You can use the Net Time command to set clocks on your Windows 2000 servers and Windows 2000 Professional workstations. To view options for the Net Time command, open a command prompt, type net time /?, and press [Enter]. Switches you can use with Net Time include:

  • \\computer: You’ll use this switch to force the time on your server to match that of a specific computer on your network. Just replace computer with the name of the computer you want to use as a source.
  • /DOMAIN: You’ll use this switch to set the time on the server to match that of the PDC emulator of your domain. To use the PDC emulator on another domain as a time source, use the /DOMAIN:domainname switch.
  • /RTSDOMAIN: You’ll use this switch if you want to set time on your server to match that of a Reliable Time Server on a domain. You can have one or more domain controllers configured to be a Reliable Time Server. To use the Reliable Time Server on another domain as a time source, use the /RTSDOMAIN:domainname switch.
  • /SET: You’ll need to use this switch to set the time on your server. Otherwise, the Net Time command will only report the time, not change it.
  • /QUERYSNTP: If you’re not sure which NTP server your server is obtaining its time from, you can use this switch.
  • /SETSNTP: This switch is the one you’ll use to synchronize the time of your server with an external NTP time server.

For the purposes of this article, we’re most concerned with the /SETSNTP switch. For this command to work, you must enter the IP address or DNS name of the NTP server you want to use as a source. If you want to use multiple NTP servers, use the /SETSNTP:”server list” switch. Just replace server list with the TCP/IP or DNS names of the servers you want to reference, separating each server with a space. Make sure you include the quotation marks.

Therefore, in order to synchronize time on your Windows 2000 server with several popular government NTP servers, you would enter the following command at a command prompt, pressing [Enter] at the end:
set time /setsntp:””

One thing you should be aware of is that, unlike the other Net Time switches, when you use Net Time with the /SETSNTP switch, the command doesn’t immediately synchronize time with the NTP time servers. Instead, it sets the value of the ntpserver entry in the server’s registry. The Windows Time service will then use this value to reach the NTP server at its appointed time, which is also controlled in the registry. We’ll look at these registry entries in an upcoming Daily Feature.
The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.