Synchronizing the Windows Clock With an Authoritative Time Source
Synchronizing the Windows Clock With an Authoritative Time Source
“Lost time is never found again.” – Benjamin Franklin
You probably already know that having accurate time set on all clients and servers is important. Very bad things happen when computer clocks disagree. Things like:
- Users cannot logon to a domain
- Applications overwrite new data with older versions
- Servers fail to synchronize data between each other, causing version conflicts
- Financial transactions become subject to dispute
- Regulatory requirements are not met
Luckily Windows has taken this into account. The Network Time Protocol (NTP) service has been built into Windows since Windows XP and Windows Server 2003, and most Unix and Linux implementations have supported NTP since they were first built.
Windows Client and Server Time Synchronization
Unfortunately most Windows implementations do not use NTP as it is not enabled in many situations, especially when older servers are upgraded. The thinking was that they don’t need to. All domain-joined computers synchronize their time with the domain controller by default. This synchronization uses a Microsoft-specific protocol instead of NTP for backwards compatibility.
Also, by default, domain controllers synchronize their time with the Primary Domain Controller. So in most cases, enabling NTP on the PDC and configuring it to synchronize with an authoritative time source is all that you need to do.
Enabling NTP in Windows
In most domain scenarios you only need to worry about synchronizing the PDC with an authoritative time source. That’s pretty easy and it is the same on Windows clients as well as non-joined computers. So you can use these steps on Windows 7, Windows Server 2008, Windows 8, etc.
- Logon to the Primary Domain Controller as a local administrator.
- Open the Services MMC snap-in for the local computer.
- Scroll down to Windows Time. Configure it for a Startup Type of Automatic, and then right-click and select Start. (Note: skip this step if the service is already running)
- Close the Services MMC snap-in.
- Open a command prompt.
- Type w32tm /config /syncfromflags:manual /manualpeerlist:0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org and press Enter. This configures Windows to use the highly-available clusters provided by ntp.org as its authoritative time source.
- Type w32tm /resync and press Enter.
Close the command prompt.
NTP does not always immediately change the clock. It is designed to slowly converge the local time to the authoritative source. This is done to avoid large rapid time changes that can cause applications and transactions to fail. So you may not see an instantly accurate clock, but NTP is now on the job and will ensure that the clock becomes, and remains, synchronized.
Once the PDC clock is accurate, all domain-joined computers will continue to synchronize their clocks. Over a bit of time – perhaps a day or two – your systems will have accurate time.
Stay safe!
Mike Danseglio -CISSP / CEH
Interface Technical Training – Technical Director and Instructor
You May Also Like
Creating Users and Managing Passwords in Microsoft Office 365
0 708 3In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365. For instructor-led Office 365 training classes, see our course schedulle: Spike Xavier SharePoint Instructor – Interface Technical Training Phoenix, AZ 20347: Enabling and Managing Office 365
Windows 10 Features and Navigation – December 1, 2015
0 123 1In this recorded Windows 10 webinar from December 1,2015, Windows Instructor Steve Fullmer presents the navigation and some of the new features associated with Windows 10 including Sysinternals Tools for Windows Client, Windows core concepts, exploring Process Explorer as well as some of the features that are not yet ready for prime time but will … Continue reading Windows 10 Features and Navigation – December 1, 2015
How to clone a Windows Server 2012 or 2012 R2 Domain Controller
3 1610 3One of the coolest new features in Window Server 2012 and Windows Server 2012 R2 is the ability to clone a Domain Controller. In the past, if we had virtualized Domain Controllers and we actually took a snapshot of it and then rolled back to that snapshot, it would break the logon service on that … Continue reading How to clone a Windows Server 2012 or 2012 R2 Domain Controller
See what people are saying...