We have an interesting scenario at my workplace. Our primary domain controller started to fail, so we installed a secondary domain controller to allow people to login when the primary would fail. Eventually the primary died completely (motherboard). I replaced the motherboard with the same model, and the operating system works 99%. However, when I plug the original primary domain controller back into the network, some users experience strange behaviors, such as randomly having no domain permissions, etc.
Anyway, we currently have the primary domain controller off of the network, and the backup is working fine for the most part. I have been noticing that the time isn't synchronizing though. Now when I try to force it by running from a client machine:
>w32tm /resync
I get the following message:
Sending resync command to local computer
The computer did not resync because no time data was available.
From what I have read, it seems that by default in a domain configuration, the time server is set to the primary domain controller. Is there a way that I can set the secondary/backup domain controller to function as a time server so that the client machines will be able to sync with the domain?
If that is not possible, is there an easy way (either command-line, or through GPO) to configure the clients to just use a global time server such as time.windows.com to synchronize?
Best Answer
There is no primary or secondary domain controller, these are old, old, concepts that no longer exist, and a lot of people will get a bit huffy if you carry on referring to a primary and secondary domain controller.
In a Windows domain the domain hierarchy time sync has the PDC Emulator domain controller syncing from an internet time source (eg. pool.ntp.org, time.windows.com). Other DCs sync from the PDC emulator, and the clients sync from any DC.
Is the DC that you have removed holding FSMO roles including PDC Emulator? If so you have borked it. Either re-introduce the DC you have removed, or seize the FSMO roles to the new DC you have created.
It's not good practice to set domain clients to sync from an internet time source, so I'll not provide instructions for that. 10 seconds with Google would get you that anyway.
Refer to this technet document for information about the windows time service: https://technet.microsoft.com/en-us/library/cc773013(v=ws.10).aspx