Configuring external time source on your Primary Domain Controller

Here we will configure your primary domain controller (PDC) to connect to an external source to keep your time synchronized up with the rest of the world.  By changing the primary DC’s time source to an external source, the changes will be replicated from the PDC to other clients in your domain; limiting the amount of bandwidth needed to synchronize with an external source.  First, I am going to reference much of the information provided by .  I would highly recommend you check out his blog post as it contains a ton of valuable information on the subject as well as more information/best practicies in regards to keeping time in your organization’s infrastrucutre: http://binarynature.blogspot.co.uk/2012/04/configure-active-directory.html

  1. Find out what your primary domain controller (PDC) is for your domain by executing the following powershell commands from any machine in the domain
    1. [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().RootDomain.PdcRoleOwner.Name
      PowerShell - PdcRoleOwner
  2. Login to your primary domain controller
  3. Open up a command prompt/powershell window with administrative privilegesServer 2012 - PowerShell - Run as Administrator
  4. Execute the following command to configure the domain controller to look at an external time source
    1. w32tm.exe /config /manualpeerlist:”0.us.pool.ntp.org 1.us.pool.ntp.org 2.us.pool.ntp.org 3.us.pool.ntp.org” /syncfromflags:manual /reliable:YES /update
      w32tm config manualpeerlist syncfromflags manual ntp

      1. Notes: You can find the closest time server near you by browsing the following page and clicking on the nearest zone: http://www.pool.ntp.org/zone/@
  5. Execute the following command to actually perform a time synchronization with the external source
    1. w32tm.exe /config /update
      w32tm config update
  6. Execute the following command for the changes to take effect
    1. Restart-Service w32time
      Restart-Service w32time

That’s all that is to it!

15 thoughts on “Configuring external time source on your Primary Domain Controller

  1. Pingback: Migrating Domain Controllers From Server 2008 R2 to Server 2012 R2 | Jack Stromberg

  2. Alex

    Tried this, on 2008R2 DC
    all went fine, but when i do run first command to check the source ([System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().RootDomain.PdcRoleOwner.Name)
    im getting my DC name as at the beginning

    why?

    Reply
  3. Solongo

    Can second DC also be configured with external time source? or only PDC can be configured with external and second DC point to the PDC for time source?

    Reply
    1. Jack Post author

      I believe it is recommended to only have one DC configured to an external time source so you can ensure all the DCs have the exact same time. That way when your clients sync up to a DC, they will all have a very similar time.

      Jack

      Reply
      1. Eric

        If only 1 DC is configured to sync time externally, what would happen in the scenario where that DC went down and another DC became the PDC.

        are there settings to have this sync externally in a failover situation? looked all over the interwebs and i have not been able to find anything, unfortunately.

        I walked in to a domain that already had NTP setup and i see the secondary DC in the peer list. Not sure that is correct. Hoping someone here has experience with this setup!

        Thanks all

        Reply
  4. Jonathan

    To find your PDC, alternatively, you can run the below command from either Powershell or a regular command prompt. This lists all the FSMO roles quick-and-easy:

    netdom query fsmo

    Reply
  5. Nazrul

    Hi,
    Thanks for a very useful article… although did not work on vmware hosted VM server 2012 r2.

    The commands appear be accepted (no errors)… but post sync command and the w32time service restart… the time remains unchanged 🙁 on the server even after a reboot and a w32tm /status even tells me last synch success… but time is unchanged 🙁

    Please advise where I am going wrong?
    I am running on the PDC role holder, elavated.

    Regards,
    Nazrul

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *