Windows Server NTP Network Time
Correct time synchronization in an AD domain environment is a prerequisite for stable operation. This article describes how NTP (w32tm) is configured on a Windows Server 2012 (FSMO). As a rule, the PDC operations master is the NTP service server in a forest. A PDC emulator in a domain is synchronized with an external time source. In order for a domain controller to be regarded as a reliable time source, this must be specified explicitly.
In order to make the PDC emulator a reliable time source that regularly synchronizes with time servers on the Internet, the following commands from PowerShell are executed as administrator:
net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist:"0.ch.pool.ntp.org 1.ch.pool.ntp.org"
w32tm /config /reliable:yes
net start w32time
Show which time server is currently in use.
w32tm /query /source
Execute the time synchronization immediately.
w32tm.exe /resync /rediscover /nowait
The clients and servers in domain forest as well as shared storages can now synchronize the time with the PDC emulator.
The firewall permit UDP port 123 inbound, e.g. allow outgoing.
The NTP configuration can also be done via GPO by calling gpmc.msc.
Following Test Displays a graph of the offset between synchronizing computers.
w32tm /stripchart /computer:pdc.domain.local /samples:1 /dataonly
The configuration can also be checked in the registry.