Synchronizing the Windows Clock With an Authoritative Time Source

Home > Blogs > Windows 7 > Synchronizing the Windows Clock With an Authoritative Time Source

Synchronizing the Windows Clock With an Authoritative Time Source

Like This Blog 1 Mike Danseglio
Added by October 24, 2014

Lost time is never found again.” – Benjamin Franklin

You probably already know that having accurate time set on all clients and servers is important. Very bad things happen when computer clocks disagree. Things like:

  • Users cannot logon to a domain
  • Applications overwrite new data with older versions
  • Servers fail to synchronize data between each other, causing version conflicts
  • Financial transactions become subject to dispute
  • Regulatory requirements are not met

Luckily Windows has taken this into account. The Network Time Protocol (NTP) service has been built into Windows since Windows XP and Windows Server 2003, and most Unix and Linux implementations have supported NTP since they were first built.

Windows Client and Server Time Synchronization

Unfortunately most Windows implementations do not use NTP as it is not enabled in many situations, especially when older servers are upgraded. The thinking was that they don’t need to. All domain-joined computers synchronize their time with the domain controller by default. This synchronization uses a Microsoft-specific protocol instead of NTP for backwards compatibility.

Also, by default, domain controllers synchronize their time with the Primary Domain Controller. So in most cases, enabling NTP on the PDC and configuring it to synchronize with an authoritative time source is all that you need to do.

Enabling NTP in Windows

In most domain scenarios you only need to worry about synchronizing the PDC with an authoritative time source. That’s pretty easy and it is the same on Windows clients as well as non-joined computers. So you can use these steps on Windows 7, Windows Server 2008, Windows 8, etc.

  1. Logon to the Primary Domain Controller as a local administrator.
  2. Open the Services MMC snap-in for the local computer.
  3. Scroll down to Windows Time. Configure it for a Startup Type of Automatic, and then right-click and select Start. (Note: skip this step if the service is already running)
  4. Close the Services MMC snap-in.
  5. Open a command prompt.
  6. Type w32tm /config /syncfromflags:manual /manualpeerlist:0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org and press Enter. This configures Windows to use the highly-available clusters provided by ntp.org as its authoritative time source.
  7. Type w32tm /resync and press Enter.

Close the command prompt.

NTP does not always immediately change the clock. It is designed to slowly converge the local time to the authoritative source. This is done to avoid large rapid time changes that can cause applications and transactions to fail. So you may not see an instantly accurate clock, but NTP is now on the job and will ensure that the clock becomes, and remains, synchronized.

Once the PDC clock is accurate, all domain-joined computers will continue to synchronize their clocks. Over a bit of time – perhaps a day or two – your systems will have accurate time.

Stay safe!

Mike Danseglio -CISSP / CEH
Interface Technical Training – Technical Director and Instructor

Videos You May Like

Creating Users and Managing Passwords in Microsoft Office 365

0 675 3

In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.   For instructor-led Office 365 training classes, see our course schedulle: Spike Xavier SharePoint Instructor – Interface Technical Training Phoenix, AZ 20347: Enabling and Managing Office 365    

How to clone a Windows Server 2012 or 2012 R2 Domain Controller

3 1534 3

One of the coolest new features in Window Server 2012 and Windows Server 2012 R2 is the ability to clone a Domain Controller. In the past, if we had virtualized Domain Controllers and we actually took a snapshot of it and then rolled back to that snapshot, it would break the logon service on that … Continue reading How to clone a Windows Server 2012 or 2012 R2 Domain Controller

Detailed Forensic Investigation of Malware Infections – April 21, 2015

4 630 5

How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015

Write a Comment

See what people are saying...

    Share your thoughts...

    Please fill out the comment form below to post a reply.