How do I configure time in my Active Directory?
Well, it's simple! Normally it should be set correctly if we don't modify it in purpose,
Otherwise, we do provide some tools for that: w32tm.exe command-line utility and GPO. we are going to look here w32tm whihc is very easy.
- Using w32tm.exe
Run the following command on the PDC emulator:
If you have multiple domain controller and don't know which DC holds PDC role then use following command: netdom /query fsmo
w32tm /config /manualpeerlist:timeserver /syncfromflags:manual /reliable:yes /update
(where timeserver is a –space delimited– list of your time source servers)
Example for Indian NTP Servers
w32tm /config /manualpeerlist:time.windows.com,0x1 0.in.pool.ntp.org,0x1 /syncfromflags:manual /reliable:yes /update
Once done, restart W32Time service.
- Run the following command on all other DCs (that are not PDC):
w32tm /config /syncfromflags:domhier /update
Once done, restart W32Time service.
- Checking
- You can check the registry entries if the domain controller is using NTP (should be on PDC) or NT5DS (on non-PDC):
- You can check the registry entries if the domain controller is using NTP (should be on PDC) or NT5DS (on non-PDC):
Find the value of Type under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
- You can also check for time advertisement on the PDC by running this command w32tm.exe /resync /rediscover /no_wait, then check for Event ID 139
- To check the source time server: w32tm /query /status
- Force synchronizing the time Asap : w32tm /resync /nowait
- Please note that we recommend using w32tm command-line utility instead of "net time" command (why?),
- UDP port 123 must be open on firewall to allow NTP traffic in and out from this DC.
- We recommend using w32tm or GPO tools to configure time services instead of registry tool,
- The PDC should not synchronize with itself (RFC 1305),
No comments:
Post a Comment