Syncing Time within An Active Directory Domain Checklist

A computer that had 30 seconds ahead of the domain controller got me to do this sanity check to see if the time is synchronized across the whole network. Why? Because having time off all over the place will cause all sorts of weird issues. It’s just that important.

Here is a checklist of things you need to know when it comes to syncing time in a Windows domain based network.

Firs of all, where to check to know what the exact time is right now? is that place that tells you not only what the time is now but checks if your computer clock is off.

How to sync time for Domain Controller

Since my domain controller is virtualized, I don’t actually need to do anything on AD level. All I need is to make sure the host that all VMs rely on has an accurate time all the time. Basically, I can enable the NTP Client on the host and have it sync to specified NTP servers.

If setting up NTP on the host level isn’t an option, maybe because the host doesn’t have the access to the internet, here is what you can also do.

Open an elevated Command Prompted window on the domain controller and run the following command:

net stop w32time
w32tm /config /manualpeerlist:",0x1,0x1,0x1,0x1"
w32tm /config /reliable:yes
net start w32time

Now, running w32tm /resync should be completed successfully.

How to sync time on domain workstations

The quickest way to sync your computer with the domain time is to run the following command in an elevated Command Prompt window.

net time /domain

You can schedule it or put it as part of your login script so it runs frequently enough to keep the time synced with AD all the time. But obviously, it’s not ideal because it’s better done in Group Policy level if you are in an AD environment.

Open the Group Policy assigned to an OU that includes all the workstations on your network and then navigate to the following location:

Computer Configuration > Policies > Administrative Templates > System > Windows Time Service > Time Providers

Enable the Configure Windows NTP Client policy and set yourdc.yourdomain,0x1 as the NtpServer.

And enable the “Enable Windows NTP Client” policy afterwards.

To test it out, you can either reboot a workstation or run GPUpdate /Force to update the policy on the local computer and run the following to display the status of the time service.

w32tm /query /status

That’s about it. Here are a few w32tm command options that you use to find more information:

w32tm /query /configuration – check NTP configuration

w32tm /query /source – display time source

w32tm /query /peers – display the list of all configured NTP servers and their status

Leave a Reply

Your email address will not be published. Required fields are marked *