Windows Time Service: What if the PDC-role is moved? jeutix 11.07.2007 13:12:05 Hi! I'read that normally the first DC in the domain which holds the PDC-role is also the authoritive time server. So this one should catch the time from the internet and serve it to the clients in the domain. What is, if the PDC role is moved from the first DC in the domain to another DC? Will the first server be still the time server or will the new server be the one? Thanks for help in advance! -- Greetings Udo MCSE / CCA

Re: Windows Time Service: What if the PDC-role is moved? "Florian Frommherz [MVP]" <florian[ at ]PLEASELEAVETHISOUT.frickelsoft.net> 11.07.2007 13:40:45 Howdie! jeutix schrieb: [Quoted Text] > I'read that normally the first DC in the domain which holds the PDC-role is > also the authoritive time server. So this one should catch the time from the > internet and serve it to the clients in the domain. > > What is, if the PDC role is moved from the first DC in the domain to another > DC? Will the first server be still the time server or will the new server be > the one? As of my knowledge, if you move the PDC-emulator-role to another DC, the new PDC will be the authoritive time source for all other domain controllers - and they will propagate the time to all authenticating clients. So if you move the PDC role be sure to have the new-to-be-PDC configured to sync the time with a reliable source. cheers, Florian -- Microsoft MVP - Windows Server - Group Policy. eMail: prename [at] frickelsoft [dot] net. blog: http://www.frickelsoft.net/blog.

Re: Windows Time Service: What if the PDC-role is moved? jeutix 11.07.2007 16:16:01 We've done this and configured the new server with an IP-address of a Internet-time-server. But if I execute "net time" on a client, then the old PDC is shown in the result line. But the old one doesn't have this config any longer, so I ask myself why the client still shows the older one? -- Greetings Udo MCSE / CCA "Florian Frommherz [MVP]" wrote: [Quoted Text] > Howdie! > > jeutix schrieb: > > I'read that normally the first DC in the domain which holds the PDC-role is > > also the authoritive time server. So this one should catch the time from the > > internet and serve it to the clients in the domain. > > > > What is, if the PDC role is moved from the first DC in the domain to another > > DC? Will the first server be still the time server or will the new server be > > the one? > > As of my knowledge, if you move the PDC-emulator-role to another DC, the > new PDC will be the authoritive time source for all other domain > controllers - and they will propagate the time to all authenticating > clients. > > So if you move the PDC role be sure to have the new-to-be-PDC configured > to sync the time with a reliable source. > > cheers, > > Florian > -- > Microsoft MVP - Windows Server - Group Policy. > eMail: prename [at] frickelsoft [dot] net. > blog: http://www.frickelsoft.net/blog. >

Re: Windows Time Service: What if the PDC-role is moved? "Roger Abell [MVP]" <mvpNoSpam[ at ]asu.edu> 12.07.2007 04:25:07 Behaviors depend on whether you have left things at default or not. The is an SRV resource record in DNS for the domain that any machine with access to that DNS zone may query (the PDC record). Left at default settings a domain member will locate its timeserver by use of query to DNS for this record. If you client is not following the move of the PDC FSMO to a different DC then a) the client is configured to use a specific timeserver, b) DNS is not getting updated to reflect the PDC move, or c) the wrong DNS server(s) is(are) being used - or perhaps something else. Also, in your post you mentioned configuring the new PDC FSMO holding DC to use an external time source. One should not be doing that unless the DC is in the forestroot domain. Other domains' PDC FSMO holder will locate and use the PDC FSMO of the forestroot domain if you leave things at install defaults (so keeping the whole forest in sync). Roger "jeutix" <jeutix[ at ]discussions.microsoft.com> wrote in message news:F0DD3626-4CC9-413E-9BCB-E98FC9D33C49[ at ]microsoft.com... [Quoted Text] > We've done this and configured the new server with an IP-address of a > Internet-time-server. > > But if I execute "net time" on a client, then the old PDC is shown in the > result line. > > But the old one doesn't have this config any longer, so I ask myself why > the > client still shows the older one? > > -- > Greetings > Udo > MCSE / CCA > > > "Florian Frommherz [MVP]" wrote: > >> Howdie! >> >> jeutix schrieb: >> > I'read that normally the first DC in the domain which holds the >> > PDC-role is >> > also the authoritive time server. So this one should catch the time >> > from the >> > internet and serve it to the clients in the domain. >> > >> > What is, if the PDC role is moved from the first DC in the domain to >> > another >> > DC? Will the first server be still the time server or will the new >> > server be >> > the one? >> >> As of my knowledge, if you move the PDC-emulator-role to another DC, the >> new PDC will be the authoritive time source for all other domain >> controllers - and they will propagate the time to all authenticating >> clients. >> >> So if you move the PDC role be sure to have the new-to-be-PDC configured >> to sync the time with a reliable source. >> >> cheers, >> >> Florian >> -- >> Microsoft MVP - Windows Server - Group Policy. >> eMail: prename [at] frickelsoft [dot] net. >> blog: http://www.frickelsoft.net/blog. >>

Re: Windows Time Service: What if the PDC-role is moved? jeutix 13.07.2007 08:36:09 And it has nothing to mean that the client still has "time.windows.com,0x1" in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters regkey? Doesn't he has to have the PDC DNS-name or IP-address in it? -- Greetings Udo MCSE / CCA "Roger Abell [MVP]" wrote: [Quoted Text] > Behaviors depend on whether you have left things at default or not. > > The is an SRV resource record in DNS for the domain that any > machine with access to that DNS zone may query (the PDC record). > Left at default settings a domain member will locate its timeserver > by use of query to DNS for this record. > > If you client is not following the move of the PDC FSMO to a > different DC then a) the client is configured to use a specific > timeserver, b) DNS is not getting updated to reflect the PDC > move, or c) the wrong DNS server(s) is(are) being used > - or perhaps something else. > > Also, in your post you mentioned configuring the new PDC > FSMO holding DC to use an external time source. One should > not be doing that unless the DC is in the forestroot domain. > Other domains' PDC FSMO holder will locate and use the PDC > FSMO of the forestroot domain if you leave things at install > defaults (so keeping the whole forest in sync). > > Roger > > "jeutix" <jeutix[ at ]discussions.microsoft.com> wrote in message > news:F0DD3626-4CC9-413E-9BCB-E98FC9D33C49[ at ]microsoft.com... > > We've done this and configured the new server with an IP-address of a > > Internet-time-server. > > > > But if I execute "net time" on a client, then the old PDC is shown in the > > result line. > > > > But the old one doesn't have this config any longer, so I ask myself why > > the > > client still shows the older one? > > > > -- > > Greetings > > Udo > > MCSE / CCA > > > > > > "Florian Frommherz [MVP]" wrote: > > > >> Howdie! > >> > >> jeutix schrieb: > >> > I'read that normally the first DC in the domain which holds the > >> > PDC-role is > >> > also the authoritive time server. So this one should catch the time > >> > from the > >> > internet and serve it to the clients in the domain. > >> > > >> > What is, if the PDC role is moved from the first DC in the domain to > >> > another > >> > DC? Will the first server be still the time server or will the new > >> > server be > >> > the one? > >> > >> As of my knowledge, if you move the PDC-emulator-role to another DC, the > >> new PDC will be the authoritive time source for all other domain > >> controllers - and they will propagate the time to all authenticating > >> clients. > >> > >> So if you move the PDC role be sure to have the new-to-be-PDC configured > >> to sync the time with a reliable source. > >> > >> cheers, > >> > >> Florian > >> -- > >> Microsoft MVP - Windows Server - Group Policy. > >> eMail: prename [at] frickelsoft [dot] net. > >> blog: http://www.frickelsoft.net/blog. > >> > > >