Skip to main content

Make time to set (NTP) time

·401 words·2 mins
system-administration tech ntp sysadmin technology windows
James Pettigrove
Author
James Pettigrove
Cloud Engineer with a focus on Microsoft Azure
Table of Contents

Any any Windows domain environment one of the most overlooked but ultimately crippling when things are wrong component is time. If your Domain Controllers, other servers and clients are not in sync with one and another you’re going to have a bad time.

Yes I just went there, internet memes and all…

So what are the best methods for keeping things in sync. Windows does a good job of keeping everyone in sync with your nearest Domain Controllers but if your Domain Controllers are getting their time from different sources or are muddled up possibly due to virtualization that is when you will start to get grief.

I recommend doing two things:

Set an external network time source
#

Go to your Primary Domain Controller and type the following at an elevated command prompt:

w32tm /config /manualpeerlist:"timeserveraddress.com" /syncfromflags:manual /reliable:yes /update

Where timeserveraddress.com is replace with your favourite reliable NTP server. If you don’t have one in mind a good place to start is pool.ntp.org and pick a server that is closest to you geographically.

Once set, let’s confirm our command has worked by typing the following at an elevated command prompt:

w32tm /query /peers

You should receive an output similar to the following:

Once you have confirmed the external time source is set the next move is to get the rest of your ducks (Domain Controllers) in a row.

Set your Primary Domain Controller as the time source for the other Domain Controllers
#

Do the following at an elevated command prompt on the rest of your Domain Controllers:

net time \\primarydomaincontroller /set

Where \\primarydomaincontroller is replace with the NETBIOS name of your Primary Domain Controller that was just setup with an external network time source.

That’s it, all done. Your clients will look to their nearest Domain Controller for their time and those Domain Controllers will get their time from the Primary Domain Controller which will get the time from your choice of external time source.

This setup is just a recommendation. You can switch things up to increase redundancy as the current setup has two single point of failures (external time source and Primary Domain Controller). To increase redundancy simply point your additional Domain Controllers to the same external time source (or different ones if you want SUPER redundancy but I don’t recommend this as it could introduce error rather than prevent it) rather than your Primary Domain Controller

Related

Certified Part 1
·605 words·3 mins
system-administration tech certification learning mcp mcts microsoft sysadmin technology windows windows-7
As of yesterday I am now a Microsoft Certified Professional (Technology Specialist: Windows 7, Configuration for those keeping score at home).
"svchost.exe is using a lot of my CPU. Is this a virus?"
·321 words·2 mins
system-administration tech svchost-exe sysadmin technology windows
A common occurrence I find is that svchost.
VM migration from Server 2008 R2 to Server 2012
·811 words·4 mins
system-administration tech hyper-v sysadmin technology virtual-machines windows-server-2008-r2 windows-server-2012
There will certainly be a few people out there who are either doing it already or investigating upgrading their Virtual Machine host from 2008 R2 with Hyper V (or Hyper V Server R2) to Server 2012 with Hyper V (or Hyper V Server 2012).