net time

[David Brennan]

I am running a Windows 2003 domain and seek clarification
as to the operation of the net time command. When issued
from any client I would have thought that the domain
controller emulating the PDC would be the one that the
time is retrieved from but the time always comes from a
secondary domain controller. Can anyone shed some light
on this as I am concerned that it is perhaps a symptom of
a configuration problem.

 

[SaltPeter]

I am running a Windows 2003 domain and seek clarification
as to the operation of the net time command. When issued
from any client I would have thought that the domain
controller emulating the PDC would be the one that the
time is retrieved from but the time always comes from a
secondary domain controller. Can anyone shed some light
on this as I am concerned that it is perhaps a symptom of
a configuration problem.

That's not a configuration problem, it's by design.

The PDC emulator is the authoritative time keeper for the domain but the
clients will synchronize with whatever DC they logged on with (note: DCs are
themselves synced with PDC emulator). In other words, The PDC emulator
should be the only server synchronizing from an outside source with set
sntp.

The logic behind this time hierarchy is better understood when a sequence
number is assigned to a change on the domain database at any DC. Suppose
that an admin changes some parameter on the domain simultaneously at 2 ends
of the domain. Both changes might result in identical change sequence
numbers (example: 53). Time stamps are used to identify which change to
apply last and whether the "conflicting" sequence numbers should be modified
(53 and 54) so that no changes get dropped.

While this might sound like just a detail, it's critical in that without the
time hierarchy, you wouldn't be able to support a DC architecture where
modifications of a domain can be achieved from any DC.

 

[David Brennan]

-----Original Message-----


That's not a configuration problem, it's by design.

The PDC emulator is the authoritative time keeper for the domain but the
clients will synchronize with whatever DC they logged on with (note: DCs are
themselves synced with PDC emulator). In other words, The PDC emulator
should be the only server synchronizing from an outside source with set
sntp.

The logic behind this time hierarchy is better understood when a sequence
number is assigned to a change on the domain database at any DC. Suppose
that an admin changes some parameter on the domain simultaneously at 2 ends
of the domain. Both changes might result in identical change sequence
numbers (example: 53). Time stamps are used to identify which change to
apply last and whether the "conflicting" sequence numbers should be modified
(53 and 54) so that no changes get dropped.

While this might sound like just a detail, it's critical in that without the
time hierarchy, you wouldn't be able to support a DC architecture where
modifications of a domain can be achieved from any DC.


.
Thanks for your response but it doesn't properly answer

my question. My further research today reveals than when
you issue a "net time" command, the client requests a
browse list and then selects one of the servers
advertising itself as a time source. While I am not
certain, it would appear that it always picks the first
time source in alphabetical order of server names. It
certainly does not always select the server specified by
the environment variable %LOGONSERVER% as I have seen
erroneously mentioned in other posts. The knowledge base
article 193825 gives an interesting insight into the
operation of the "net time" command. I am now satisifed
with my understanding of the command.