Configuring an Authoritative Time Server

When properly configured, the Win32 Time Service (W32Time) provides time services to Windows 2000 clients and servers on your network. These clients and servers synchronize time with the domain controller (DC), which serves as the operations master. Time synchronization among servers and clients is extremely important for networks that use Active Directory (AD) replication, Microsoft Application Center 2000 synchronization, and other synchronization and replication technologies. If you aren't using synchronization or replication technologies, you probably haven't configured W32Time. I recommend that you configure W32Time because you'll receive the obvious benefits of having a consistent time on all the computers on your network. If you haven't configured your W32Time yet, the error message "This Machine is a PDC of the domain at the root of the forest. Configure to sync from External time source using the net command, 'net time /setsntp:<server name>'" appears in the system log.

Win2K is much more dependant than other Microsoft OSs like NT on time synchronization because workstation time is part of the Kerberos authentication ticket-generation process. Therefore, Win2K includes the W32Time service that the Kerberos authentication protocol requires.

Win2k uses the NET TIME command line utility to configure the W32Time service. The system uses the NET TIME utility to synchronize the server's clock with that of another domain (e.g., a network time server on the Internet). You can also use the NET TIME command to display time from another server or domain.

The U.S. Naval Observatory (USNO) Web site contains a comprehensive list of USNO Network Time Protocol (NTP) time servers. (See the first URL at the end of this article.) For accuracy reasons (e.g., to avoid internet latency), configure W32Time to "talk" to the network time server that's closest to your network. The USNO Web site breaks out all the available time servers by region.

I went to the USNO Web site and found that the nearest network time server to me is at the University of California, Los Angeles (UCLA). The server's Fully Qualified Domain Name (FQDN) is I used the NET TIME command


on my lab server. (Use the command


to see all the available parameters.) When you examine the /SETSNTP parameter in supporting documentation, you'll see that you can specify several time servers in case any one time server becomes unavailable. The list might contain IP addresses or DNS names separated by spaces. If you use multiple time servers, you must surround the list with quotation marks (" "). I issued the NET TIME command


to provide a back-up time server located in Washington. Simple Network Time Protocol (SNTP) defaults to User Datagram Protocol (UDP) port 123. If your firewall folks are holding back UDP or if port 123 isn't open to the Internet, you won't be able to synchronize your server to Internet SNTP time servers such as those USNO publishes.

For more information about configuring the authoritative time server, see Microsoft article Q216734. You'll also find information about the NET TIME command in the Win2K product documentation. Another good reference for Win2K Time technical details is an article by Robert McIntosh that's available on the Windows 2000 Magazine Web site.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.