How many times have you reviewed the contents of the system event log and discovered numerous W32Time service error...
details? All too often, this indicates that your domain controller is no longer able to access a time authority server with which to synchronize. By default, every time a server boots, it attempts to synchronize its time code with an authority in the domain. By design, the domain controller serving as the PDC emulator is the authority on time for a domain. Thus, it is important to ensure that your PDC emulator domain controller is able to access an Internet timeserver.
In order to do this, you first need to verify or locate the domain controller serving as the PDC emulator. This can be quickly accomplished by issuing the following command from a Command Prompt: dsquery server –hasfsmo pdc.
This command will produce the fully qualified name of the server that is hosting the PDC emulator FSMO role.
From the PDC emulator, you can set the Internet time authority with whom the domain controller should synchronize with on a regular basis. This is done using the command: net time /setsntp:<server>.
Replace <server> with the domain name or IP address of a trusted Internet based time authority server. The U.S. Naval Observatory is considered to be the office time source for the United States. Public access to this time server is possible using either of the following domain names: ntp2.usno.navy.mil and tock.usno.navy.mil.
To locate other timeservers, just search the Internet using keywords of "time server" or "sntp."
Keep in mind that the time synchronization utility will contact the Internet based timeserver system over UDP port 123. Make sure this port is opened for communications across your firewall or other communications border security device.
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.