Resynchronise the time on a Domain Controller

Posted by robd on January 15, 2012
Domain Controller

All servers on the domain will get their time from a Domain Controller, specifically the domain that holds the PDC Emulator FSMO role. Without the correct time on the PDC Emulator amongst other things authentication could fail as time sync would be out between the Kerberos authentication protocol on client and DC.

If you do find any servers or a DC out of sync then the first thing to do would be to find the main PDC Emulator for the Domain or you could check the following registry key to see if the DC your on is getting its time from another DC or the internet:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\W32time\Parameters

Then Look at the Type Key

If it’s set as NTP then its going out to the internet to get its time and the website it’s going to will be set above under the key NtpServer.

If it’s set as NT5DS – The time service synchronizes from the domain hierarchy (so the PDC Emulator).

Once you’ve found the correct DC, you’ll need to force it to resync with the Internet:

Log on as an Administrator

Open up Command prompt in Admin mode

Type: w32tm /resync /rediscover

Then check the time.

Then go to the other DC’s and check the time, if its not caught up with the new time then run the following:

w32tm /resync

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Copy Protected by Chetan's WP-Copyprotect.