Configure time in my Active Directory
-
How to set the PDC ROLE server as the source of time zone on the network
-
How to move PDC role and Time service to another server
How to set the PDC ROLE server as the source of time zone on the Domain
How to set a time source in my domain
First, you must locate the PDC role on your Domain
PDC must be the source of time on your network
And the PDC server can use an external or internal time source
There are 2 ways to do that
w32tm.exe command-line utility and GPO
We will use the command line utility
To locate your roles
Run the following Query
netdom Query FSMO
List of time external zones.
http://www.pool.ntp.org/en/
The choose your nearest country
I used Egypt as I m living there
http://www.pool.ntp.org/zone/eg
In most cases, it’s best to use pool.ntp.org to find an NTP server (or 0.pool.ntp.org, 1.pool.ntp.org, etc if you need multiple server names). The system will try finding the closest available servers for you. If you distribute software or equipment that uses NTP,
Ok let’s start
ON PDC
Run the following command on your PDC to make sure of your source
w32tm /query /source
By default, the server uses it is local BIOS as the source of time
Now lets set an external source
w32tm /config /manualpeerlist:timeserver, 0x1 /syncfromflags:manual /reliable:yes /update
Remove the TimeServer and add your external one
EX
w32tm /config /manualpeerlist: manualpeerlist:pool.ntp.org,0x1 /syncfromflags:manual /reliable:yes /update
Note: don’t forget to add the 0x1 flag will take later about it
Then again on the PDC
w32tm /query /source
The flags are used as
-
0 Not a time server
-
1 Always a time server
-
2 Automatic time server, meaning the role is decided by Windows Time Service
-
4 Always a reliable time server
-
8 Automatic reliable time server, meaning the role is decided by Windows Time Service
The default is 10, meaning that Windows Time Service decides the role.
Ref: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-xp/bb490845(v=technet.10)
On NON-PDC server
Now
Run this to make sure it is working fine
On other servers (non-PDC) we need to make sure they are using the PDC as the source of time
On non-PDC
w32tm /config /syncfromflags:domhier /update
net stop w32time
net start w32time
w32tm /query /source
W32tm /resync
net stop w32time
net start w32time
w32tm /query /source
now you shall see the PDC as the source of time
after running the following
w32tm /resync
To Resynchronize the Client Time with a Time Server
W32tm /resync /rediscover
let us talk about the power shell command how it works
first on the PDC
w32tm /config /manualpeerlist:timeserver, 0x1 /syncfromflags:manual /reliable:yes /update
second on non-PDC
w32tm /config /syncfromflags:domhier /update
/syncfromflags tells the time service where it should sync time from. You can specify two entries for this – either DOMHIER
or MANUAL. The former causes the time service to synchronize with the Domain Hierarchy
(sets NT5DS in the Type key in the registry) whereas the latter tells the time service to sync with the server(s) you specified in the Manual Peer List. MANUAL sets Type to NTP.
DOMHIER uses the NT5DS Protocol
NT5DS: The time service synchronizes from the domain hierarchy.
Manual users the NTP Protocol
NTP: The time service synchronizes from the servers specified in the NtpServer registry entry.
So to make it easier
| PDC server | MANUAL | NTP | time.windows.com, 0x1 |
| Non PDC server | DOMHIER | NT5DS | PDC server as the source |
Microsoft Systems, Cloud and azure professionals 