Time Service Configuration on DC with PDC Emulator FSMO Role

Consider situation where the Domain controller that is holding the PDC Emulator role crashed and you need to seize the FSMO role to another Domain controller?
Pay attention to the "Time Service Configuration on PDC Emulator".

---

Scenario

Let's take below scenario:

1. You have transffered PDC Emulator FSMO roles from Old domain controllers to new domain controller

2.Domain controller holding the PDC Emulator Role got crashed and you have seized the role to another domain controller.

Do you think transffereing or seizing the PDC Emulator is Enough? Answer is NO. This is Because , Once the PDC Emulator is moved to new Domain controller server, by default there is not time services enabled to sync the time with either internally or externally ( Internet).

Let me explain.

By Default all client systems / Workstations or Domain controllers will sync the time with Domain controller holding PDC Emulator. PDC Emulator DC get the time either internally or Externally. So,

External Time source----> DC with PDC Emulator ------>Other Domain controllers--------->All client computers.
or
Internal Time source---->DC with PDC Emulator ------>Other Domain controllers--------->All client computers.

Above Diagram explains how time gets synced between workstations and domain controllers.

How to configure Time service on DC with PDC Emulator

There are two options.
**
*1. Make DC with PDC Emulator to follow its own CMOS Time settings.
2. Configure External Time service on DC with PDC emulator

---

Make DC with PDC Emulator to follow its own CMOS Time settings.

To configure the PDC master without using an external time source, change the announce flag on the PDC master. The PDC master is the server that holds the forest root PDC master role for the domain. This configuration forces the PDC master to announce itself as a reliable time source and uses the built-in complementary metal oxide semiconductor (CMOS) clock. To configure the PDC master by using an internal hardware clock, follow these steps:

1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
3. In the right pane, right-click AnnounceFlags, and then click Modify.
4. In Edit DWORD Value, type A in the Value data box, and then click OK.
5. Quit Registry Editor.
6. At the command prompt, type the following command to restart the Windows Time service, and then press ENTER: net stop w32time && net start w32time

Once this is done , Your PDC Emulator will follow the internal clock for time synchronization across the domain.

Configure External Time service on DC holding PDC emulator role

Here we will have to make use of External Time Source ( Internet). To Accomplish this follow below steps.

1. Open a Command Prompt.

2. Type the following command to display the time difference between the local computer and a target computer, and then press ENTER:

   w32tm /stripchart /computer: target /samples: n /dataonly

   Value	Definition
   target	Specifies the Domain Name System (DNS) name or IP address of the NTP server that you are comparing the local computer's time against, for example, time.windows.com.
   n	Specifies the number of time samples that will be returned from the target computer to test basic NTP communication.

3. Open User Datagram Protocol (UDP) port 123 for outgoing traffic if needed.

4. Open UDP port 123 (or a different port that you have selected) for incoming NTP traffic.

5. Type the following command to configure the PDC emulator, and then press ENTER:

   w32tm /config /manualpeerlist: peers /syncfromflags:manual /reliable:yes /update

   where peers specifies the list of DNS names or IP addresses of the NTP time source that the PDC emulator synchronizes from. For example, you can specify time.windows.com. When specifying multiple peers, use a space as the delimiter and enclose them in quotation marks. For more information about the NTP servers that you can use, see Microsoft Knowledge Base article 262680 (http://go.microsoft.com/fwlink/?LinkID=60401).

   For example, to configure your PDC emulator to use the following list of fictional time servers:

   1. ntp1.fabrikam.com

   2. ntp.contoso.com

   3. time.fineartschool.net

   Run the following command:

   w32tm /config /manualpeerlist:”ntp1.fabrikam.com ntp.contoso.com time.fineartschool.net” /reliable:yes /update

Changing the time service configuration on previous DC holding PDC Emulator. ( So that it will Sync with new PDC Emulator time)

Once Time service has been transffered to new domain controller , you need to **Make previous PDC Emulator holding DC to follow the new PDC emulator for time/strong> synchronization.
**
To change the Windows Time service configuration on the previous PDC emulator

1. Open a Command Prompt on Previous PDC Emulator Domain controller.

2. Type the following command and then press ENTER:

   w32tm /config /syncfromflags:domhier /reliable:no /update

3. Type the following command and then press ENTER:

   net stop w32time

4. Type the following command and then press ENTER:

   net start w32time

Additional Information.

1. UDP Port 123 is used for Time service on all client systems and on servers
2. All client systems/servers/domain controllers(which are not holding PDC) sync their time with PDC using NT5DS Protocol.
3. PDC holding DC uses NTP Protocol to sync the time with External time source.

*4. To force time synchronization, run w32tm */resync /rediscover /nowait

References

• http://technet.microsoft.com/en-us/library/cc784800(v=ws.10).aspx
• http://www.windowsnetworking.com/articles_tutorials/configuring-windows-time-service.html
• http://technet.microsoft.com/en-us/library/cc784882(v=ws.10).aspx
• http://technet.microsoft.com/en-us/library/cc738042(v=ws.10).aspx