Configure Windows Time for the domain

On the Domain Controller which has the PDC Emulator FSMO role – by default this the first installed DC in the domain – this is the time source for all domain members. All other DC’s sync with the PDC Emulator then member servers and workstations sync with an available DC, this results in the same time for all domain members.

There are different Stratum levels which apply to servers and devices, which distinguishes them from each other. Taken from this article, the following gives a brief rundown on the different levels.

Stratum 0
These are devices such as atomic clocks, GPS clocks or other radio clocks. Stratum-0 devices are traditionally not attached to a network, they are locally connected to computers.

Stratum 1
These are computers attached to Stratum 0 devices. Normally they act as servers for timing requests from Stratum 2 servers via NTP. These computers are also referred to as time servers. The PDC emulator is known as a Stratum 1 device.

Stratum 2
These are computers that send NTP requests to Stratum 1 servers (all other DC other then the PDC emulator). Normally a Stratum 2 computer will reference a number of Stratum 1 servers and use the NTP algorithm to gather the best data sample, dropping any Stratum 1 servers that seem obviously wrong. Stratum 2 computers will peer with other Stratum 2 computers to provide more stable and robust time for all devices in the peer group. Stratum 2 computers normally act as servers for Stratum 3 NTP requests.

Stratum 3
These computers employ exactly the same algorithms for peering and data sampling as Stratum 2, and can themselves act as servers for stratum 4 computers, and so on.

Configure Time

If you want to set the local Windows Time client (e.g. on the PDC) to point to two different time servers, one named tic.ntp.telstra.net and another named toc.ntp.telstra.net, type the following command at the command line, and then press ENTER:

W32tm /config /manualpeerlist:”tic.ntp.telstra.net,toc.ntp.telstra.net” /syncfromflags:manual /reliable:YES

This will do the following:

  • Sets w32time to manually sync from the NTP server you provide
  • Sets the “Reliable Time Source” flag for this machine in NETLOGON.
  • Prevents w32time from discovering any machines in the domain as a time source.

Resync

Once all checks are done, The following command will force a resync of the time:

w32tm /resync /rediscover /nowait

Here you can find more sources: http://www.pool.ntp.org/

Further information below:

Check existing time configuration

Check where Windows servers are getting time from with these commands:

w32tm /query /configuration

w32tm /query /status

image

Have a look at the diagram above, Source is VM IC Time Synchronization Provider. This means that the Virtual Machine is set to get it’s time from the host. So disable this.

w32tm /stripchart /packetinfo /computer:<DNS name or host name of time source>

Time sources

Get existing sources, run the following command and look for NtpServer:

Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

To set the NtpServer e.g. tic.ntp.telstra.net, run the following command:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters" NtpServer -Value tic.ntp.telstra.net –Force

Server Type

Get existing type, run the following command and look for Type:

Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

Change the server type to NTP:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters" Type -Value NTP –Force

Announce Flags

Get existing announce flags, run the following command and look for Announce Flags:

Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Config

Whilst in the registry ensure that the registry key below has a value of 5

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Config" AnnounceFlags -Value 5 –Force

NTP server

Get existing NTP server status, run the following command and look for Enabled:

Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer"

Enable NTP if not already enabled:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer" Enabled -Value 1 –Force

Time Synchronization in Active Directory Hierarchy

By default all domain members will update in this hierarchy. If not run: W32tm /config /syncfromflags:DOMHIER, then restart the Windows Time service, alternatively the Windows Time service can be restarted via the command prompt > net stop w32time > net start w32time.

More info can be found here:

Categories: Computers and Internet · Uncategorized

4 Comments

  1. honest Author
    January 28, 2014 at 10:09 pm

    I am really thankful to the holder of this website who has shared this great article
    at at this time.

    Reply
  2. Wildstar Online Author
    August 5, 2014 at 1:29 am

    Wildstar Online

    Configure Windows Time for the domain | Marc Kean

    Reply
  3. schmerzen beim analverkehr Author
    September 1, 2014 at 4:12 am

    schmerzen beim analverkehr

    Configure Windows Time for the domain | Marc Kean

    Reply
  4. was ist anal verkehr Author
    September 1, 2014 at 4:21 am

    was ist anal verkehr

    Configure Windows Time for the domain | Marc Kean

    Reply

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s