Sync Windows Server date and time with NTP source
An accurate system clock plays an important role in the aspects of a computer network. Ensuring that the computer's date and time are correct will establish efficiency within your network and aid in the following instances:
- It'll prevent errors from occurring between other workstations on the network and errors when connecting to secure websites out on the Internet.
- An accurate date and time is also important when it comes to error logging. If a user reports that an error occurred at a specific time, you'll want these errors logged at the correct time across your entire network. So that you can examine any related log entries at the server that'll reflect around this same time that's being reported.
- Some software and security solutions also require an accurate date and time configuration that cannot be more than a small number of seconds off in order to operate correctly.
This guide will explain how an Active Directory domain synchronizes its time across the network and the commands that you would need to enter in the command prompt on the appropriate computer in order to setup a synchronization with an NTP server that's located in the cloud.
Step 1: Determine the network's primary domain controller (PDC)
The first step is to determine the Active Directory domain's primary domain controller or PDC. All member servers, secondary domain controllers, and workstations that are joined to the domain will synchronize their time periodically and upon startup with the network's primary domain controller.
To identify the primary domain controller on a network, we'll use the following command on any of the domain controllers that are part of the network. If your network only has one domain controller, then the single domain controller would be the network's primary domain controller.
netdom /query fsmo
The above command will give you an output similar to what is shown below. In this example, the hostname of the server that's the primary domain controller is GTDC1.
Schema master
GTDC1.GAULTECH.COM
Domain naming master
GTDC1.GAULTECH.COM
PDC
GTDC1.GAULTECH.COM
RID pool manager
GTDC1.GAULTECH.COM
Infrastructure master
GTDC1.GAULTECH.COM
It's important to mention that if your primary domain controller is running on a Hyper-V server or another virtualization technology, that you check to make sure that this guest is not set to synchronize its time with the host server. This could create a conflict that would prevent the PDC from synchronizing its time with the correct source.
Step 2: Enter the commands to synchronize the clock with the NTP server
These commands are to be entered on the primary domain controller that was determined from step one. You'll first need to open a command prompt on this server with administrative privileges to prepare for the configuration. This is best done by completing a search in Windows for, "Command Prompt" and then right clicking the command prompt shortcut to select the option for, "Run as administrator" from the context menu.
Before applying the commands that'll configure the synchronization source below, we must first enter the following command that'll stop the W32Time service. It's recommended to stop this service before making the configuration changes.
net stop w32time
Configure the external time sources using the following commands. In this example, we'll be using the time servers associated with ntp.org. The most up to date list of these servers can be found at the NTP Pool Project website. The command below adds three server pools as NTP synchronization sources.
w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org"
Set the PDC as a reliable time source for clients across the network with the following command.
w32tm /config /reliable:yes
Now that the time sources have been configured, we can issue the following command to restart the W32time service. Shortly after we restart this service, you should notice the time on the PDC is now accurate down to the second. Workstations and servers joined to the domain will then re-synchronize their clocks with the PDC over time and will then show an accurate date and time as well.
net start w32time
You can verify the NTP configuration using the following command. The output from this command should list the NTP servers that we've entered in the command above. These will appear next to the entry NtpServer in the output that's displayed.
w32tm /query /configuration