Thanks to Windows Time Service, Win2K's time synchronization is much better than NT's

Clocks and calendars have been an annoyance on PCs since PCs appeared on the scene. On computers that ran early versions of DOS, you needed to type the time and date every time you started the system. That requirement got old very quickly and led to one of the earliest market opportunities for PC add-ons: the battery-powered clock and calendar. In 1984, manufacturers started producing PC motherboards that had onboard clocks and calendars, and clock and calendar circuits have been built in to PCs ever since.

But those built-in circuits aren't very accurate. A survey of a few dozen PCs in any office would probably reveal that the time on some PCs' clocks might be more than an hour different from the time that other PCs' clocks show, and all the computers' clocks might differ from the actual time. So, PC designers looked for more accurate and centralized time sources.

Network servers are an obvious place to keep a central time source. For years, Novell NetWare servers have automatically synchronized the time on all client computers that logged on to the server, but Microsoft products haven't done anything like that—at least, not by default. If you know a few tricks (which I discuss later), you can make Windows NT workstations synchronize their clocks with an NT server's clock, but the technique isn't well known. Furthermore, you can't synchronize an NT workstation's time to a server's time without modifying the user's default rights on the workstation.

Modern Times
Windows 2000 fixes NT's lack of time synchronization by implementing a new built-in system called Windows Time Service. This system requires almost no administration. Workstations that run Win2K Professional and member servers that run some version of Win2K Server set their system time and date to a time and date that the domain controller (DC) that authenticates the workstation or member server provides. But the workstation or server doesn't synchronize its clock to the DC's clock only at authentication time; the workstation or server resynchronizes its clock approximately every 8 hours or whenever someone logs on.

For their part, the domain's DCs synchronize their time to one particular DC in the domain that uses the Flexible Single-Master Operation (FSMO, aka Operations Master) PDC emulator role. By default, the PDC emulator FSMO is the first DC that you install in a domain. But what does each domain's PDC emulator FSMO synchronize its time with? It synchronizes with the PDC emulator FSMO of the first domain that you created in the forest (i.e., the DC that acts as a PDC emulator FSMO in the forest root domain). That forest root machine thus acts as the master clock and calendar for your entire Active Directory (AD) forest. (For those who are wondering, yes, that master timekeeper does understand time zones.)

Your question now probably is, How do I keep the top-dog master-clock computer, the forest root's PDC emulator FSMO, in sync with time in the real world? The answer is that you type in the command

net time /setsntp:
<servername>

Net Time's /setsntp option reveals that the command uses the Simple Network Time Protocol (SNTP), a standard Internet protocol. (Internet Engineering Task Force—IETF—Request for Comments—RFC—2030, dated October 1996, defines SNTP.) You can point your forest root's PDC emulator FSMO to any SNTP time server on the Internet and force the FSMO to keep its time in lockstep with that time server. Many firewall products include a time server, so your FSMO might not need to leave your intranet to synchronize with the SNTP time server. But if you do need to adjust your firewall, you might find it helpful to know that SNTP uses UDP port 123.

Finding the Time
Where do you find an SNTP server? In the United States, the navy is the official national timekeeper and runs a set of time servers, including the aptly named tick.usno.navy.mil and tock.usno.navy .mil. In my experience, most ISPs' DNS servers also seem to be SNTP servers. So, if one of your ISP's DNS servers were named ns2.bigisp.com, you could type the command

net time /setsntp:ns2.bigisp.com

to cause your FSMO to sync with that DNS server.

The Microsoft documentation about the Net Time /setsntp command says that you can specify a list of servers in the command. And you can, but with a trick: Enclose the list in quotation marks, and separate server names with a space. For example, to tell your server to look for the time first at www.acme.com and then, if necessary, at www.apex.com, you'd type

net time /setsntp:"www.acme.com www.apex.com"

If you want to use an external time source, you might like to first check that a time server exists where you expect it to. The Microsoft documentation says that you need only type Net Time to see the time on your SNTP server, but that method hasn't worked for me. To actually see what Windows Time Service does on your system, you can use the W32tm command-line tool. But first, you need to type the command

net stop w32time

to stop Windows Time Service. You can then try out your time source by typing

w32tm -once

to set the time from the time source just once (W32tm's default is to update the time regularly). The command spits out about a page of cryptic output; when the command succeeds, one of the lines will read Recv'ed from server 48 Bytes.... When you're finished, don't forget to type

net start w32time

to restart the time service.

After your computer initially synchronizes with a time server, the computer checks the time server again in 45 minutes. If the second synchronization shows that the time server's clock and the PC's system clock remain close—the Microsoft documentation says within 2 seconds—the PC doubles the time that it waits to check back with the time server. If the PC remains within 2 seconds of the correct time an hour and a half later, the PC continues to double the interval, resynchronize, and check the accuracy of the time, finally settling on resynchronizing approximately every 8 hours.

Time and Again
If you forget what SNTP server your system is synchronizing with, you can find out by typing

net time /querysntp

This command works only on the forest root PDC emulator FSMO; I haven't found a way to query the other computers in the network to determine the source of their time. So, even though the other PDC emulator FSMOs in the forest look to the forest root's PDC emulator FSMO, apparently you can't query a computer that isn't in the forest root to find out where that computer gets its time synchronization information.

Windows Time Service is useful for those of you who are using Win2K but haven't yet gone to AD. As I've said, you can tell a forest root's PDC emulator FSMO to set its clock with an SNTP server, but you can also use the Net Time /setsntp command to tell any computer to get its time from an SNTP source. If you use the Set Time command on a computer that isn't a member of a Win2K domain, however, you'll probably find, as I did, that Windows Time Service doesn't set the workstation's time. In my experience, Windows Time Service is set to start manually for systems that aren't a member of a domain. So, if you have a lone-wolf computer and you want it to automatically synchronize its system time and date from an SNTP source, you need to set the computer's Windows Time Service to start automatically.

Keeping Time on NT Clients
What about setting time on NT 4.0 and Windows 9x clients? To use an SNTP server to set one of these systems' time, all you need is a piece of SNTP client software to play the role that Windows Time Service fulfills in Win2K. You can find several SNTP clients in the Windows world—simply search any freeware or shareware site for SNTP or Tardis (Tardis is a popular UNIX SNTP client tool). The Microsoft Windows NT Resource Kit offers a W32time client for NT that supports SNTP; you can download this client from ftp://ftp.microsoft.com/reskit/y2kfix.

You can change a registry entry to make one of your Win2K systems into an SNTP server. In HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services\W32 Time\Parameters, find the REG_DWORD subkey called LocalNTP. Change the subkey value from 0 to 1. After you restart Windows Time Service, your Win2K system will function as an SNTP server.

Thus, if your organization has a workgroup of Win2K, NT, and Win9x boxes, you can set up one of the Win2K boxes to synchronize its time from an Internet site and serve the time to the rest of the machines in the workgroup. Simply install SNTP client software on all the other clients and point them to the Win2K box as their SNTP server. That way, all your machines can keep time even if you don't use AD. To find out more about Win2K time synchronization, see "Related Articles in Previous Issues."

Related Articles in Previous Issues
You can obtain the following articles from Windows 2000 Magazine's Web site at http://www.win2000mag.com.

ZUBAIR AHMAD
"Windows Time Synchronization Service," March 2000 Web Exclusive, InstantDoc ID 8383
TAO ZHOU
"Windows 2000 vs. Windows NT Time Synchronization," May 2000, InstantDoc ID 8456