Ramblings From The Litter Tray of Life

How to set an SNTP server by command line

Posted by graycat on 22 July 2008

Ok, I know this one won’t interest most people but it’s something I’ve had to do twice this month so I thought I’d throw it out there.

First you might be asking yourself “why is it important to set a time server? The clock looks about right to me!”

Well, my well meaning friend, the authentication protocol that windows uses within domains (kerberos) uses time as part of it’s calculations and it’s a bit picky about how far out you get. I’ve seen one server that just would not let a senior admin logon no matter what he did …. until he spotted the clock was right but the date was out by a month! Once that was corrected, he was off and running!

Normally within a domain you will be assigning IP addresses using DHCP and you can add the time server in there as one of the options. However, if you get into the situation where you need to check it is synchronising with the right box you can use this command:

Net time /querysntp

This will then spit out where it’s getting its time from. If nothing is being syncronised with then it will also report this too.

To add a server you’ve need the  /setsntp: switch so something like this would do the job:

Net time /setsntp: timeserver.mydomain.com

If you run the querysntp again, it should report the current SNTP server you’ve just set.

A bit of advice though – it doesn’t matter if you set the clock 45 minutes out of whack with the rest of the world …. as long as all you’re machines are set like that!

2 Responses to “How to set an SNTP server by command line”

  1. Adam Vero said

    I thought doing this with the “net time” command was just a one-off correction, similar to using “net time \\SomeServer /set” but without choosing a server explicitly (to allow for more flexibility when used in scripts. (I could of course be totally wrong here).

    This makes sense on Windows 9x and older systems which had no native NTP client built in, but for 2000 onwards, setting the time service (w32time) to use the domain hierarchy for it’s time synch makes more sense.
    command line:
    w32tm /config /syncfromflags:domhier
    w32tm /config /update

    w32tm /resync /rediscover

    As you say, as long as time is consistent in the domain, the ‘real’ time may be irrelevant, but if it is important then at least one DC (usually PDC em.) should be pointing at an atomic clock source on your network or an external internet NTP server.

  2. graycat said

    as far as I have been able to find out, net time /setsntp:xxx last after the reboot for Windows 2000 onwards but cheers for the pointer.

    Yep, the PDC must be pointed at an atomic clock IMO

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: