Microsoft introduced increased polling and clock update frequency in Windows Server 2016 Active Directory, when compared to Windows Server 2008/2012. That advice still holds true with Windows Server 2012.Windows Server 2016 introduced the Accurate Time feature. I think a key take away point from that article is that you should disable the "Time Sync" feature of the Integration Components on any Vitual Machine that happens to be a Domain Controller. Once the DC is fetching time from the outside, there is nothing else you need to change, but if you wanted to force a computer to sync right away rather than drift gradually you can use w32tm /resync /force.įor some more information on Time Sync as it realtes to Virtual Machines, check out this oldie but goodie from Ben Armstrong titled Time Synchronization in Hyper-V. Side note: The Clients and other Member Servers are already using NTP, but their source will be your domain controller, not an internet time server. In the example below, you can see the time is being pulled from "LOCL" which means it is using its own Machine Clock (BIOS or CMOS if you like).Īfter making the above Registry edits and restarting the w32time service, you should see that the time is being syncd from an NTP source.Īt this point the rest of your domain members will begin to gradually drift their time back in sync with the domain controller over the next couple minutes to get back in line with the rest of the world. You can now use the w32tm utility to check the status of the time sync and determine where the clock is getting it's time from. Mirosoft recommends every 15 minutes, but that seems quite excessive to me in this case. It will also check back in every 59 minutes to make any adjustments necessary in order to keep the clock in sync. Then stop and restart the w32time service by running this from an elevated command prompt.Īs long as the clock is within 5 minutes of the actual time, your clock will automatically be updated to the current time as reported by one of the popular internet time servers. Many below are the default values and are included just to ensure they are configured as expected. Details on these settings can be found in KB816042.
CONFIGURE CHILD PDC TO TIME SYNC HOW TO
Microsoft has a pretty detailed KB Article on this topic which even includes a very handy "Fixit for me" utility, however that tool doesn't run on Windows Server 2012 for some reason, so let me just cut right to chase on how to quickly configure your domain to sync with an external NTP time server.Ĭopy the text below into a. To overcome this, you configure the Domain Controller to get it's time from a source that the rest of the world also trusts to keep track of the accurate and actual time, and this way everyone agrees what time it is, and life is good. Chances are that self clocked time will drift away from the "real" time that the rest of the world uses which can lead to troubles ranging from mild irritation to total failures. By default, the Domain Controller will be its own time authority, but that means it simply says what time it is and all domain members blindly obey it's decree.
When deploying a new Active Directory Domain Controller, it can be important to consider where your domain will get its official time from.