Configure Domain Controller to synchronize time with external NTP server

Introduction

Configure Domain Controller to synchronize time with external NTP server (dk.pool.ntp.org)
UDP port 123 must be open on firewall to allow NTP traffic in and out from this DC.
From DC command prompt type “telnet portquiz.net 123” to test if the port 123 traffic can go out.

Logon to Domain Controller (with PDC role) with Administrator account and open elevated command prompt.

If you have multiple domain controller and don’t know which DC holds PDC role then use following command:

netdom /query fsmo

Configure external time sources

w32tm /config /reliable:yes /syncfromflags:manual /manualpeerlist:dk.pool.ntp.org

restart w32 time server, now DC should synchronize time with the ntp time servers.

net stop w32time && net start w32time
  • Check the Event Log on the server

w32tm sync commands:

Force synchronizing the time asap

w32tm /resync /nowait
 Check NTP configuration
w32tm /query /configuration

Display time source

w32tm /query /peers

Display time between Domain Controllers

w32tm /monitor

Force domain computers to synchronize the time with the DC; use elevated command prompt

w32tm /config /syncfromflags:domhier /update
net stop w32time && net start w32time

Following commands will reset the time service to default.

net stop w32time
w32tm /unregister
w32tm /register
net start w32time