Sunday, February 12, 2012

Synching a Windows AD domain with an external time source

Having your time set up correctly is of crucial importance to the well-being of your Active Directory infrastructure.  In every setup I do I ensure that my PDC Emulator FSMO holder synchs with an NTP server on the internet.  Unless there are specific customer requirements I use pool.ntp.org as my external source.  Here is how to configure your PDC Emulator to sync (all commands entered from an Administrative Command Prompt):

  1. Ensure that your firewall allows outbound NTP traffic from your PDC emulator
  2. Run w32tm /config /manualpeerlist:pool.ntp.org /syncfromflags:MANUAL /update
  3. Restart the time service: net stop w32time && net start w32time
  4. Force a synchronization with the newly added source: w32tm /resync
  5. Verify the source: w32tm /query /source

The rest of your domain clients should automatically synchronise with your PDC emulator.  If this has been changed for whatever reason you can re-instate it with the following commands:

  1. w32tm /config /update /syncfromflags:DOMHIER
  2. net stop w32time && net start w32time
  3. w32tm /query /status

The above will go a long way to giving you a proper time-setup, and should be sufficient and accurate enough for most organisations