Network Time Protocol
|test||w32tm /stripchart /computer:ntp.belnet.be /samples:5 /dataonly|
|set source||W32tm /config /manualpeerlist:ntp.belnet.be,0x0 /syncfromflags:manual|
|set source on PDCe||w32tm /config /manualpeerlist:ntp.belnet.be /syncfromflags:manual /reliable:yes /update|
|check source||w32tm /query /source|
|w32tm /query /peers|
|w32tm /query /status|
|w32tm /query /configuration|
|That tells the computer to since from the domain hierarchy (DCs) and to update itself.||w32tm /config /update /syncfromflags:DOMHIER|
|w32tm.exe /resync /rediscover|
|test against all dc's||w32tm /monitor|
|restart service||net start/stop w32time|
|After much prodding, swearing and Googling, it became apparent that with 2003 if a DC has ever held the PDC Emulator role then it will still think it is the authoritative time source for the domain when that role is moved off it. This meant that we had 3 DCs all thinking that they were the One True Time Source and all being out of sync with each other by 2 or 3 minutes.
This issue can be resolved by running the following command on the former PDC Emulator(s): w32tm /config /syncfromflags:domhier /reliable:no /update which will tell the DC that it is no longer a reliable time source and so it should check for updates from a source that is (i.e. the PDC). You can speed things up a bit by issuing a w32tm /resync command to force the Windows Time service to update.
w32tm /config /manualpeerlist:<peers> /syncfromflags:manual /reliable:yes /update
By making the primary NTP server flag 0x9, we made it “Client 0x08 + SpecialInterval 0x01” and as for the second NTP time server. By making the secondary NTP peer flag 0xa, we made it “0x08 Client + 0x02 UseAsFallbackOnly”. (https://blogs.technet.microsoft.com/askds/2007/11/01/configuring-your-pdce-with-alternate-time-sources/)