How to Properly Configure NTP Time In Your AD Environment: Step by Step

This article will show you step-by-step how to configure your DC with an external time source and to force all your AD clients to sync with your DC.

If you’re reading this article then you probably already know that Active Directory can’t work correctly if the clock is not synchronized around domain controllers and member machines.

This article will show you how to properly setup time sync on your domain.

If your DC is VM on HyperV, then you first need to make sure that the VM is not syncing it’s time with the Hypervisor.

Log onto your HyperV server and go to the settings of your VM, then click on Integration Service. Uncheck Time synchronization.

HyperV Time Settings

Now Lets Make Sure the DC is Setup To Sync to External Time Server.

From your PDC, open the prompt as administrator and type:

				
					w32tm /config /manualpeerlist:yourNTPserver,0x8 /syncfromflags:manual /reliable:yes /update

w32tm /resync /rediscover

net stop w32time && net start w32time
				
			

Where “yourNTPserver” should be the address of the external NTP source you want set up, it could be a pool in the Internet or your internal NTP server.

Note the “,0x8” is part of the command and it will set the PDC to force sending client requests to the specified NTP server, and not other different type of requests like symmetric, which could cause PDC to do not receive correct NTP answers.

Confirm that your time settings are correct:

				
					w32tm /query /status
				
			

Force all other DCs to rediscover the new time server by configuring it to Domain Hierarchy with the commands below

				
					w32tm /config /syncfromflags:DOMHIER /update
w32tm /resync /nowait
net stop w32time && net start w32time
				
			

Check settings after a minute, it should show your PDC/Time Server:

The correct and expected output should be the PDC/NTP with Stratum = 3 and all other DCs with Stratum = 4

				
					w32tm /query /status
				
			

Once all DC’s have had the time commands issued, check the NTP settings for them with the command below:

				
					w32tm /monitor
				
			

Your client computers should update automatically when the sync internal expires, but you can manually force a sync by issues a sync command.

				
					w32tm /sync
				
			

Screwed up the configuration, don’t worry, you can restore time service to its default value:

				
					net stop w32time
w32tm /unregister
w32tm /register
				
			
Facebook
Twitter
LinkedIn
Reddit
Email
Print

Leave a Reply

Your email address will not be published.

Leave a Reply

Your email address will not be published.