I'm assuming that you're looking for the server used by the W32Time service to perform time sync on domain-member computers.
In a stock Active Directory deployment the only computer configured with a time server explicitly will be computer holding the PDC Emulator FSMO role in the forest root domain. All domain controllers in the forest root domain synchronize time with the PDC Emulator FSMO role-holder. All PDC Emulator FSMO role-holders in child domains synchronize their time with domain controllers in their parent domain (including, potentially, the PDF Emulator FSMO role-holder in the forest root domain). All domain member computers synchronize time with domain controller computers in their respective domains.
To determine if a domain member is configured for domain time sync, examine the REG_SZ value at HKLM\System\CurrentControlSet\Services\W32Time\Parameters\Type. If it is set to "Nt5DS" then the computer is synchronizing time with the Active Directory time hierarchy. If it's configured with the value "NTP" then the comptuer is synchronizing time with the NTP server specified in the NtpServer REG_SZ value in the same registry key.
The low-level details of the time synchronization protocol are available in this article: How Windows Time Service Works
Beware that not every domain controller (the KDC's, as James directs you in finding via DNS in his post) may be running a time service. In a stock AD deployment every domain controller will be, but some deployments may use virtualized domain controllers that have the W32Time service disabled (to facilitate hypervisor-based time synchronization) and, as such, you would probably do well to implement functionality as described by the "How Windows Time Service Works" article if you're developing a piece of software that needs to synchronize time in the same manner that a domain member computer would.
some useful commnds
net time
Re-sync: w32tm /resync /nowait
Re-sync to computer: w32tm /resync /nowait /computer:computername
Double check if its working: w32tm /monitor /domain:mydomain.com
See settings: w32tm /dumpreg /subkey:parameters
Then look at the Type:
NoSync: The client does not synchronize time.
NTP: The client synchronizes time from an external time source. Review the values in the NtpServer line in the output to see the name of the server or servers that the client uses for time synchronization.
NT5DS: The client is configured to use the domain hierarchy for its time synchronization.
AllSync: The client synchronizes time from any available time source, including domain hierarchy and external time sources.
Registry settings found here: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters] "NtpServer"="" "Type"="NT5DS"
In a stock Active Directory deployment the only computer configured with a time server explicitly will be computer holding the PDC Emulator FSMO role in the forest root domain. All domain controllers in the forest root domain synchronize time with the PDC Emulator FSMO role-holder. All PDC Emulator FSMO role-holders in child domains synchronize their time with domain controllers in their parent domain (including, potentially, the PDF Emulator FSMO role-holder in the forest root domain). All domain member computers synchronize time with domain controller computers in their respective domains.
To determine if a domain member is configured for domain time sync, examine the REG_SZ value at HKLM\System\CurrentControlSet\Services\W32Time\Parameters\Type. If it is set to "Nt5DS" then the computer is synchronizing time with the Active Directory time hierarchy. If it's configured with the value "NTP" then the comptuer is synchronizing time with the NTP server specified in the NtpServer REG_SZ value in the same registry key.
The low-level details of the time synchronization protocol are available in this article: How Windows Time Service Works
Beware that not every domain controller (the KDC's, as James directs you in finding via DNS in his post) may be running a time service. In a stock AD deployment every domain controller will be, but some deployments may use virtualized domain controllers that have the W32Time service disabled (to facilitate hypervisor-based time synchronization) and, as such, you would probably do well to implement functionality as described by the "How Windows Time Service Works" article if you're developing a piece of software that needs to synchronize time in the same manner that a domain member computer would.
some useful commnds
net time
Re-sync: w32tm /resync /nowait
Re-sync to computer: w32tm /resync /nowait /computer:computername
Double check if its working: w32tm /monitor /domain:mydomain.com
See settings: w32tm /dumpreg /subkey:parameters
Then look at the Type:
NoSync: The client does not synchronize time.
NTP: The client synchronizes time from an external time source. Review the values in the NtpServer line in the output to see the name of the server or servers that the client uses for time synchronization.
NT5DS: The client is configured to use the domain hierarchy for its time synchronization.
AllSync: The client synchronizes time from any available time source, including domain hierarchy and external time sources.
Registry settings found here: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters] "NtpServer"="" "Type"="NT5DS"
No comments:
Post a Comment