samba - Jan 2024 - Joining Windows 10 Domain Member to Samba AD/DC

After trying all the suggestions in the below listed excerpts from this thread,
I've taken
time since my last posting on January 6th to continue this issue with the
Microsoft forum:

https://learn.microsoft.com/en-us/answers/questions/1480474/unable-to-time-sync-with-domain-controller?page=1&orderby=helpful&comment=answer-1411748#newest-answer-comment

I likewise had no solution there.

So, I image-restored my Windows computer back to before I joined it to the
domain.  I verified that when connected to the old domain the w32tm /query
/source was "mail.hprs.local". 

I then unjoined that domain and joined to the new domain: hprs.locl.  After
rebooting and logging in as the domain admin, and without doing anything, the
/source was time.windows.com,0x9 whereas I expected (hoped) it would be
dc1.hprs.locl as a default per the comments below.

I have no time source GPO configured, and did not create one per the advice
shown below.  However, my Windows computer clearly does NOT default to the DC as
the time source as the comments below indicate it should.

I am now using chrony as the time server on the DC, also per advice, but I
don't
think chrony vs. ntpd is the problem. On Windows I get:

C:\Users\Administrator.HPRS>w32tm /query /status
Leap Indicator: 3(not synchronized)
Stratum: 0 (unspecified)
Precision: -23 (119.209ns per tick)
Root Delay: 0.0000000s
Root Dispersion: 0.0000000s
ReferenceId: 0x00000000 (unspecified)
Last Successful Sync Time: unspecified
Source: Local CMOS Clock
Poll Interval: 10 (1024s)

As I've mentioned, this time synchromization worked perfectly well when this
same Windows domain member was connected to the Samba 4.8.2 domain.

Does anyone have any idea how I can specify my DC as the time source? Even if I
have to hard code this somehow? I have an image backup of the Windows dom.
member, so I can try an infinity of things.

Thanks --Mark

Some snippets from past thread messages for reference:

On Thu Jan  4 22:42:38 2024 Sonic <sonicsmith at gmail.com>
wrote:
>
> On Thu, Jan 4, 2024 at 7:46?PM Mark Foley via samb<samba at
lists.samba.org> wrote:
> >
> > I've added a Windows 10 domain member to my Domain. I'm now
following the
> > procedure in
https://wiki.samba.org/index.php/Time_Synchronisation#Configuring_Time_Synchronisation_on_a_Windows_Domain_Member.
> > What's going wrong here?
> Is there some reason you need a GPO for this? By default the system
> should get its time from the DC.
> From the page you refer to:
> "Windows AD domain members will use any DC as their default time
> source. If you have set up ntp on the DC as described on this page,
> you usually do not need to reconfigure the clients. Alternative
> configuration options for the clients are described below."
> 
> I've only used a GPO to point to a different time server when the DC
> is incapable of providing the time service (older DC running in a
> container).
> Chris
On Fri Jan  5 01:52:25 2024 Luis Peromarta <lperoma at icloud.com> wrote:
> You should not need no GPOa for this. What NTP software are you using ?
On Fri Jan  5 03:23:48 2024 Peter Milesson via samba <samba at
lists.samba.org> wrote:
>
> Hi Mark,
> 
> Also, no need to use a GPO for this. The domain members get their time 
> from a DC anyway.
> 
> HTH,
> 
> Peter
On Fri Jan  5 14:31:40 2024 Peter Milesson via samba <samba at
lists.samba.org> wrote:
>
> On Fri, Jan 5, 2024 at 2:32?PM Mark Foley via sam <samba at
lists.samba.org> wrote:
> > <snip> I would think the wikis would mention the GPO not being
> > needed.
> 
> Did you see the section titles "Default Time Source" in the page
you
> link to that I quoted previously? The wiki clearly spells it out that
> using a GPO is usually unnecessary.
> > How do you know you're syncing with the DC?
> 'w32tm /query /status' will show you.
> > What does your 'w32tm /query /source' give you?
> My Windows domain members point to the DC.
Chris

What?s the output of timedatectl status ?

Regards,
On Jan 16, 2024 at 20:31 +0100, Mark Foley <mfoley at novatec-inc.com>,
wrote:
>
> I am now using chrony as the time server on the DC, also per advice, but I
don't
> think chrony vs. ntpd is the problem.

I have the impression your DC?s ntp server is not working properly for whatever
reason. Your windows machines try to grab time for them, can?t, and then default
to local coms clock or some other time source.

From a windows member machine, can you try :

w32tm /stripchart /computer:us.pool.ntp.org /dataonly /samples:5

That should work. Then try:

w32tm /stripchart /computer:your.dc.address /dataonly /samples:5

And see if you get a similar response.
On Jan 16, 2024 at 20:31 +0100, Mark Foley <mfoley at novatec-inc.com>,
wrote:
>
> As I've mentioned, this time synchromization worked perfectly well when
this
> same Windows domain member was connected to the Samba 4.8.2 domain.

Mandi! Mark Foley via samba
  In chel di` si favelave...
> Does anyone have any idea how I can specify my DC as the time source? Even
if I
Some years ago i've mass-migrated clients from an old domain to the new
samba ad domain.

Roughly half of the machine lost NTP configuration; i was forced to do:

	w32tm /register
	sc start w32time
	w32tm /config /syncfromflags:domhier /update


Never understood why. FYI.

-- 
  Dicono che la mafia ricicla i soldi sporchi in titoli di Stato. Ma ?
  naturale: volete che la mafia affidi i suoi soldi a gente sconosciuta?
							(Beppe Grillo)