Forum Discussion

Vanir10's avatar
Vanir10
Copper Contributor
Nov 29, 2023

Trouble understanding NTP configuration

Were currently in the process of upgrading our domain controllers. One of our root domain controllers is set to receive time from an external time source and all the other domain controllers are set to receive time from that root DC.

I'm having trouble locating where that is configured though? We just created a brand new upgraded DC from scratch and somehow it already knew which root DC to look at. I figured each DC would have to be configured manually.

 

I thought maybe it was the FSMO rules but we've also moved those and the time source hasn't changed. I need to change which root DC is the time source as part of our upgrade. 

 

Windows Server
  • Dave Patrick's avatar
    Dave Patrick
    Dec 05, 2023

    Hard to say from what you just posted but for the PDC emulator      

     

     

    w32tm /unregister
net stop w32time
w32tm /register
net start w32time
w32tm /config /manualpeerlist:<ntp ip address> /syncfromflags:manual /reliable:yes /update
net stop w32time
net start w32time

     

    for all the rest of domain members you can    

        

    w32tm /unregister
net stop w32time
w32tm /register
net start w32time
w32tm /config /syncfromflags:domhier /update  
net stop w32time
net start w32time

     

     

  • Dave Patrick's avatar
    Dave Patrick
    MVP
    Nov 29, 2023

    The default for domain joined members is to use NT5DS domain time as source.      

           

    If you were doing it manually it would be;   

     

     

     

    w32tm /unregister
net stop w32time
w32tm /register
net start w32time
w32tm /config /syncfromflags:domhier /update  
net stop w32time
net start w32time

     

     

    Some general info
    - All domain members should use NT5DS domain time.
    - Desktops and member servers sync with any domain controller.
    - Domain controllers sync with PDC emulator (one per domain)
    - PDC emulator in child domain can sync with any domain controller in parent domain.
    - PDC emulator in parent domain syncs with either a hardware clock or possibly an external source.
    https://blogs.technet.microsoft.com/nepapfe/2013/03/01/its-simple-time-configuration-in-active-directory/          

     

     

    • Dave Patrick's avatar
      Dave Patrick
      MVP
      Nov 30, 2023

      Vanir10 just checking if there's any progress or updates? please don't forget to mark helpful replies.     

             

       

      • Vanir10's avatar
        Vanir10
        Copper Contributor
        Dec 05, 2023
        Well this helped put a couple pieces together but the problem that our PDC emulator was never on the root server that the other DCs were pointed at and then was moved.

        I found some registry edits on the root machine that the other DCs were getting time from and changed the old root to look like the other older ones and changed the new one to be the ntp server.

        For some reason the upgraded servers are pointing to the correct server but the old ones still point at the older root server, even after an NTP restart.

        Doesn't work exactly the way I was expecting and I'm still not sure why only the new ones will point at the new NTP server but hey it works.

Resources