This is a quick post showing how you can sync your domain controllers with an external time source like time.windows.com or ntp.pool.org. By default, all machines in the domain will sync time from the domain controller which is the internal time server. If you have more than one DC then time will sync from the DC that holds the PDC emulator FSMO role. To check which DC is the PDC emulator in your domain you need to run:
1 |
Get-ADDomain | select PDCEmulator |
command in PowerShell like so:
Once the PDC emulator role is established there are a few commands we need to run in order for time to sync. These are (run on the PDC emulator in PowerShell):
1 2 3 |
w32tm /config /syncfromflags:manual /manualpeerlist:"time.windows.com,0x8" /reliable:yes /update w32tm /config /update restart-service w32time |
If you need to add more than one NTP server then the peer list entries are space delimited like so:
1 |
"0.ntp.pool.org,0x1 1.ntp.pool.org,0x1 2.ntp.pool.org,0x1" |
Once completed, the Windows time service should begin synchronizing time on the domain controller(s) with an external source. To view the time configuration you can use:
1 |
w32tm /query /configuration |
command. In my case, my time was not synced with the external time server on the left screenshot and after I made the changes on the right screenshot:
all was set to sync from time.windows.com. From a workstation point of view to configure a client computer for automatic domain time synchronisation:
1 |
w32tm /config /syncfromflags:domhier /update |
and to check if it’s syncing:
1 |
w32tm /monitor |
and to re-sync:
1 |
w32tm /resync |
NTP port 123 needs to be open between clients and the PDC emulator as well as the PDC emulator and the internet. /stripchart switch of w32tm command is very handy for connectivity tests:
1 |
w32tm /stripchart /computer:time.windows.com |
If there’re any errors then these will be written to Event Viewer – please check if you’re having issues.
Comments, questions and concerns? Please leave them below!
So i did this – and time is syncing perfectly.
Annnnnd – it broke my server with a slew of errors from : Schanel, DNS, hell, even the IP’s changed on my LACP group. It appears the PDC Emulator demoted everything.
Any idea how to reverse this?