Correct time synchronization in an AD domain environment is a prerequisite for stable operation. This article describes how NTP (w32tm) is configured on a Windows Server 2012 (FSMO). As a rule, the PDC operations master is the NTP service server in a forest. A PDC emulator in a domain is synchronized with an external time source. In order for a domain controller to be regarded as a reliable time source, this must be specified explicitly.

In order to make the PDC emulator a reliable time source that regularly synchronizes with time servers on the Internet, the following commands from PowerShell are executed as administrator:

Show which time server is currently in use.

Execute the time synchronization immediately.

The clients and servers in domain forest as well as shared storages can now synchronize the time with the PDC emulator.

The firewall permit UDP port 123 inbound, e.g. allow outgoing.

The NTP configuration can also be done via GPO by calling gpmc.msc.

Computerkonfiguration/Administrative Templates/System/Windows-Timeservice/Timeserver
Group Policy Management Console

Following Test Displays a graph of the offset between synchronizing computers.

W32tm stripchart

The configuration can also be checked in the registry.


