How to Properly Configure NTP Time In Your AD Environment: Step by Step
This article will show you step-by-step how to configure your DC with an external time source and to force all your AD clients to sync with your DC.
If you’re reading this article then you probably already know that Active Directory can’t work correctly if the clock is not synchronized around domain controllers and member machines.
This article will show you how to properly setup time sync on your domain.
If your DC is VM on HyperV, then you first need to make sure that the VM is not syncing it’s time with the Hypervisor.
Log onto your HyperV server and go to the settings of your VM, then click on Integration Service. Uncheck Time synchronization.
Now Lets Make Sure the DC is Setup To Sync to External Time Server.
From your PDC, open the prompt as administrator and type:
w32tm /config /manualpeerlist:yourNTPserver,0x8 /syncfromflags:manual /reliable:yes /update
w32tm /resync /rediscover
net stop w32time && net start w32time
Where “yourNTPserver” should be the address of the external NTP source you want set up, it could be a pool in the Internet or your internal NTP server.
Note the “,0x8” is part of the command and it will set the PDC to force sending client requests to the specified NTP server, and not other different type of requests like symmetric, which could cause PDC to do not receive correct NTP answers.
Confirm that your time settings are correct:
w32tm /query /status
Force all other DCs to rediscover the new time server by configuring it to Domain Hierarchy with the commands below
w32tm /config /syncfromflags:DOMHIER /update
w32tm /resync /nowait
net stop w32time && net start w32time
Check settings after a minute, it should show your PDC/Time Server:
The correct and expected output should be the PDC/NTP with Stratum = 3 and all other DCs with Stratum = 4
w32tm /query /status
Once all DC’s have had the time commands issued, check the NTP settings for them with the command below:
w32tm /monitor
Your client computers should update automatically when the sync internal expires, but you can manually force a sync by issues a sync command.
w32tm /sync
Screwed up the configuration, don’t worry, you can restore time service to its default value:
net stop w32time
w32tm /unregister
w32tm /register
