How to Configure an Authoritative Time Server in Windows 2000

ID: Q216734

The information in this article applies to:
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server

SUMMARY

Windows 2000 includes the W32Time (Windows Time) time service that is required by the Kerberos authentication protocol. The purpose of the time service is to ensure that all Windows 2000-based computers within an enterprise use a common time. The Windows Time service uses a hierarchical relationship that controls authority and does not permit loops to ensure appropriate common time usage.


MORE INFORMATION

Windows 2000 computers use the following hierarchy by default:

  • All client desktops nominate as their in-bound time partner the authenticating domain controller.


  • All member servers follow the same process as client desktops.


  • All domain controllers in a domain nominate the primary domain controller (PDC) Flexible Single Master Operation (FSMO) as their in-bound time partner.


  • All PDC FSMOs follow the hierarchy of domains in the selection of their in-bound time partner.


Following this hierarchy, the PDC FSMO at the root of the forest becomes authoritative for the enterprise, and should be configured to gather the time from an external source. This fact is logged in the System log on the computer itself as Event ID 62. Administrators can configure the Windows Time service on the PDC FSMO at the root of the forest to recognize an external Simple Network Time Protocol (SNTP) time server as authoritative, using the following NET TIME command:
net time /setsntp:server list
There are several SNTP time servers run by the U.S. Naval Observatory that are satisfactory for this function. For example:
  • ntp2.usno.navy.mil at 192.5.41.209
  • tick.usno.navy.mil at 192.4.41.40
  • tock.usno.navy.mil at 192.5.41.41
NOTE: SNTP defaults to using UDP port 123. If this port is not open to the Internet, you cannot synchronize your server to Internet SNTP servers.

Additional query words:

Keywords : ntsecurity
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbhowto


Last Reviewed: December 29, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.