(Created page with ''''Stop the W32Time service:''' net stop w32time '''Configure the external time sources:''' w32tm /config /syncfromflags:manual /manualpeerlist:â0.pool.ntp.org, 1.pool.ntp.or...') |
|||
| (11 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | == Windows 2003 & XP == | ||
| + | |||
| + | '''Stop the Windows Time service''' | ||
| + | net stop w32time | ||
| + | |||
| + | '''Force a resync''' | ||
| + | w32tm /resync | ||
| + | |||
| + | '''Set the time source''' | ||
| + | net time /setsntp:<Time_Source> | ||
| + | |||
| + | '''View the current time source''' | ||
| + | net time /querysntp | ||
| + | |||
| + | |||
| + | Note: In most cases you dont need to stop the w32time service anymore. | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | == Windows 2008 & 2012 Server == | ||
| + | |||
'''Stop the W32Time service:''' | '''Stop the W32Time service:''' | ||
net stop w32time | net stop w32time | ||
'''Configure the external time sources:''' | '''Configure the external time sources:''' | ||
| − | w32tm /config /syncfromflags:manual /manualpeerlist: | + | w32tm /config /syncfromflags:manual /manualpeerlist:'0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org' |
'''Make your PDC a reliable time source for the clients:''' | '''Make your PDC a reliable time source for the clients:''' | ||
w32tm /config /reliable:yes | w32tm /config /reliable:yes | ||
| Line 12: | Line 34: | ||
w32tm /query /configuration | w32tm /query /configuration | ||
| + | |||
| + | |||
| + | == External Time Source GPO == | ||
| + | The PDC Emulator FSMO role is critical because it is the time source for the rest of the devices on the domain. | ||
| + | In the event that your PDC goes down, you will likely transfer or seize the role onto another Domain Controller. | ||
| + | The problem with this is the new DC was most likely never configured for an external time source. The solution is to create a Group Policy object that sets the external NTP settings, and create a WMI filter that applies this GPO to only the PDCs within the domain. | ||
| + | |||
| + | === WMI Filter === | ||
| + | SELECT * FROM Win32_ComputerSystem WHERE DomainRole = 5 | ||
| + | |||
| + | === GPO === | ||
| + | Link the following GPO to the Domain Controllers OU. | ||
| + | |||
| + | Computer Configuration\Policies\Administrative Templates\System\Windows Time Service\Time Providers | ||
| + | *Configure Windows NTP Client | ||
| + | **NTP Server: us.pool.ntp.org,0x1 | ||
| + | **Type: NTP | ||
| + | **EventLogFlags: 3 | ||
| + | *Enable Windows NTP Server = Enabled | ||
| + | |||
| + | ''ServerFlags you may have noticed the ,0x1 at the end of the NTP Server setting. This is a bitmask flag with the following options:''<br> | ||
| + | ''0x01 = SpecialInterval (Use a predefined interval)''<br> | ||
| + | ''0x02 = UseAsFallbackOnly (Try all other servers first)''<br> | ||
| + | ''0x04 = SymmatricActive''<br> | ||
| + | ''0x08 = Client''<br> | ||
| + | |||
| + | ''EventLogFlags is a bitmask, which means you can take the various values and add them together to implement multiple settings.''<br> | ||
| + | ''For example:''<br> | ||
| + | ''0 = Disabled''<br> | ||
| + | ''1 = Log when ever a time jump is detected''<br> | ||
| + | ''2 = Log when ever a time source change is made''<br> | ||
| + | ''3 = 1+2 (Log time jumps and time source changes)''<br> | ||
| + | |||
| + | |||
| + | == Query any NTP server == | ||
| + | w32tm /stripchart /computer:<IP or FQDN> | ||
| + | Output: | ||
| + | 01:44:54, d:+00.0052839s o:+00.0827370s [ * ] | ||
| + | 01:44:56, d:+00.0008230s o:+00.0850416s [ * ] | ||
| + | 01:44:58, d:+00.0007924s o:+00.0850182s [ * ] | ||
| + | 01:45:00, d:+00.0008230s o:+00.0850203s [ * ] | ||
| + | 01:45:02, d:+00.0008339s o:+00.0850633s [ * ] | ||
| + | 01:45:04, d:+00.0009755s o:+00.0850647s [ * ] | ||
| Line 17: | Line 82: | ||
== Reference == | == Reference == | ||
http://defaultreasoning.wordpress.com/2009/11/16/synchronize-time-with-external-ntp-server-on-windows-server-2008-r2/ | http://defaultreasoning.wordpress.com/2009/11/16/synchronize-time-with-external-ntp-server-on-windows-server-2008-r2/ | ||
| + | |||
| + | http://blogs.technet.com/b/askds/archive/2008/11/13/configuring-an-authoritative-time-server-with-group-policy-using-wmi-filtering.aspx | ||
| + | |||
| + | http://www.networkworld.com/community/node/42190 | ||
[[Category:Windows]] | [[Category:Windows]] | ||
Latest revision as of 13:17, 9 March 2021
Contents
Windows 2003 & XP
Stop the Windows Time service
net stop w32time
Force a resync
w32tm /resync
Set the time source
net time /setsntp:<Time_Source>
View the current time source
net time /querysntp
Note: In most cases you dont need to stop the w32time service anymore.
Windows 2008 & 2012 Server
Stop the W32Time service:
net stop w32time
Configure the external time sources:
w32tm /config /syncfromflags:manual /manualpeerlist:'0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org'
Make your PDC a reliable time source for the clients:
w32tm /config /reliable:yes
Start the w32time service:
net start w32time
The windows time service should begin synchronizing the time.
Check the external NTP servers in the time configuration by typing:
w32tm /query /configuration
External Time Source GPO
The PDC Emulator FSMO role is critical because it is the time source for the rest of the devices on the domain. In the event that your PDC goes down, you will likely transfer or seize the role onto another Domain Controller. The problem with this is the new DC was most likely never configured for an external time source. The solution is to create a Group Policy object that sets the external NTP settings, and create a WMI filter that applies this GPO to only the PDCs within the domain.
WMI Filter
SELECT * FROM Win32_ComputerSystem WHERE DomainRole = 5
GPO
Link the following GPO to the Domain Controllers OU.
Computer Configuration\Policies\Administrative Templates\System\Windows Time Service\Time Providers
- Configure Windows NTP Client
- NTP Server: us.pool.ntp.org,0x1
- Type: NTP
- EventLogFlags: 3
- Enable Windows NTP Server = Enabled
ServerFlags you may have noticed the ,0x1 at the end of the NTP Server setting. This is a bitmask flag with the following options:
0x01 = SpecialInterval (Use a predefined interval)
0x02 = UseAsFallbackOnly (Try all other servers first)
0x04 = SymmatricActive
0x08 = Client
EventLogFlags is a bitmask, which means you can take the various values and add them together to implement multiple settings.
For example:
0 = Disabled
1 = Log when ever a time jump is detected
2 = Log when ever a time source change is made
3 = 1+2 (Log time jumps and time source changes)
Query any NTP server
w32tm /stripchart /computer:<IP or FQDN>
Output:
01:44:54, d:+00.0052839s o:+00.0827370s [ * ] 01:44:56, d:+00.0008230s o:+00.0850416s [ * ] 01:44:58, d:+00.0007924s o:+00.0850182s [ * ] 01:45:00, d:+00.0008230s o:+00.0850203s [ * ] 01:45:02, d:+00.0008339s o:+00.0850633s [ * ] 01:45:04, d:+00.0009755s o:+00.0850647s [ * ]