Network Time Protocol

From WikiWiki
Jump to navigation Jump to search
test w32tm /stripchart / /samples:5 /dataonly
set source W32tm /config /,0x0 /syncfromflags:manual
set source on PDCe w32tm /config / /syncfromflags:manual /reliable:yes /update
check source w32tm /query /source
w32tm /query /peers
w32tm /query /status
w32tm /query /configuration
That tells the computer to since from the domain hierarchy (DCs) and to update itself. w32tm /config /update /syncfromflags:DOMHIER
w32tm.exe /resync /rediscover
test against all dc's w32tm /monitor
restart service net start/stop w32time
After much prodding, swearing and Googling, it became apparent that with 2003 if a DC has ever held the PDC Emulator role then it will still think it is the authoritative time source for the domain when that role is moved off it. This meant that we had 3 DCs all thinking that they were the One True Time Source and all being out of sync with each other by 2 or 3 minutes.

This issue can be resolved by running the following command on the former PDC Emulator(s): w32tm /config /syncfromflags:domhier /reliable:no /update which will tell the DC that it is no longer a reliable time source and so it should check for updates from a source that is (i.e. the PDC). You can speed things up a bit by issuing a w32tm /resync command to force the Windows Time service to update.

on PDC

w32tm /config /manualpeerlist:<peers> /syncfromflags:manual /reliable:yes /update

Technet - Configure the Time Source for the Forest

Blog - “It’s Simple!” – Time Configuration in Active Directory

value description
0x01 SpecialInterval
0x02 UseAsFallbackOnly
0x04 SymmatricActive
0x08 Client
 By making the primary NTP server flag 0x9, we made it “Client 0x08 + SpecialInterval 0x01”  and as for the second NTP time server.
 By making the secondary NTP peer flag 0xa, we made it “0x08 Client + 0x02 UseAsFallbackOnly”.