The Windows Time service (also known as W32time) synchronizes the date and time for computers running on a Windows Server 2008 R2 network. The Windows Time service is essential to the successful operation of Kerberos authentication and, therefore, to Active Directory–based authentication. Any Kerberos-aware application, including most security services, relies on time synchronization between the computers that are participating in the authentication request. Active Directory domain controllers must also have synchronized clocks to help ensure accurate data replication.

Configuring time synchronization

The following table lists the steps that you can take to configure time synchronization for computers in your organization.

  Step Reference
Check box

When you deploy the first domain in your forest, configure the primary domain controller (PDC) emulator operations master in that domain to synchronize from a valid Network Time Protocol (NTP) source.

Configure the Windows Time Service (http://go.microsoft.com/fwlink/?LinkId=93177)

Check box

Some Windows-based client computers do not automatically synchronize their time with the Active Directory domain. You can configure these computers to request time from a particular source, such as a domain controller in the domain. If you do not specify a source that is synchronized with the domain, each computer’s internal hardware clock governs its time.

Configuring Windows-Based Clients to Synchronize Time (http://go.microsoft.com/fwlink/?LinkId=93178)

Check box

If the local Windows Time service settings are not configured correctly, you may prefer to simply restore the Windows Time service to its default settings rather than spending time troubleshooting the problem.

Restoring the Windows Time Service to Default Settings (http://go.microsoft.com/fwlink/?LinkId=93179)