Scroll Top
Evotec Services sp. z o.o., ul. Drozdów 6, Mikołów, 43-190, Poland

Synchronizing Active Directory with External Time Source

Active Directory

One of the crucial parts in modern IT world is proper time and date. While it may seem that 30 seconds or even 5 minutes is not a big deal it actually matters. Modern certificates, systems and many security features require proper time verification. In Active Directory based environment all computers, servers are by default to sync time from main domain controller. While this is great it also means main domain controller actually has to to have proper time. And this is where you need to make sure it's always up to date. Solution to this is synchronizing active directory with external time source.

Solution

To make sure your Primary Domain Controller (PDC) is always up to date when it comes to time you have to:

Find your PDC (I assume you know one, but just in case…) 

[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().RootDomain.PdcRoleOwner.Name

Find out your current configuration

# Get current time settings
w32tm /query /status

Change your time settings to multiple trusted NTP servers:

# Set time settings 
w32tm.exe /config /manualpeerlist:"0.europe.pool.ntp.org 1.europe.pool.ntp.org 2.europe.pool.ntp.org 3.europe.pool.ntp.org" /syncfromflags:manual /reliable:YES /update

# Update configuration
w32tm.exe /config /update

# Restart Time service
Restart-Service w32time

Verify if the settings were updated properly. If the answer is incorrect try multiple times. It may take a moment or two to process things.

# Get current time settings
w32tm /query /status

Finally confirm output

PS C:\Windows\system32> w32tm /query /status
Leap Indicator: 0(no warning)
Stratum: 3 (secondary reference - syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0418354s
Root Dispersion: 7.8054506s
ReferenceId: 0x8AC9876C (source IP:  138.201.135.108)
Last Successful Sync Time: 1/24/2018 5:10:56 PM
Source: 2.europe.pool.ntp.org 
Poll Interval: 6 (64s)

If you're located elsewhere it's quite easy to find multiple other NTP sources such as US based: “0.us.pool.ntp.org 1.us.pool.ntp.org 2.us.pool.ntp.org 3.us.pool.ntp.org”

Related Posts

Leave a comment

You must be logged in to post a comment.