External Time Source
The following will walk you through configuring an external time source for your domain. This is done through a GPO which configures the DC running the PDC Emulator role to use an external NTP server(s) as its time source.
netdom /query FSMO to locate the DC running the PDC Emulator role.
Hyper-V Time Service (Optional)
If the DCs are running as VMs on Hyper-V, ensure the Time Synchronization Integrated Service is disabled. This service, if left enabled, will cause the DCs to synchronize their time against the hypervisors clock rather than NTP.
Run the following command on the hypervisors, specifying which VM you’d like the Time Synchronization Integrated Service to be disabled.
Disable-VMIntegrationService -Name "Time Synchronization" -VMName DC1WMI Filter
Create a WMI filter that targets only the the DC running the PDC Emulator role. This is required so the GPO is only applied against the DC running the PDC Emulator role.
Select * from Win32_ComputerSystem where DomainRole = 5GPO Configuration
Create a new GPO with the following settings. For this article, we will be using NTP Pool Project as our time source.
- Browse to
Computer >> Administrative Templates >> System >> Windows Time Service >> Time Providers. - Enable
Enable Windows NTP Client. - Enable
Configure Windows NTP Clientand configure with the following settings:
| Field | Value |
|---|---|
| NTPServer | 0.pool.ntp.org,0x8 1.pool.ntp.org,0x8 2.pool.ntp.org,0x8 3.pool.ntp.org,0x8 |
| Type | NTP |
| CrossSiteSyncFlags | 2 |
| ResolvePeerBackOffMinutes | 15 |
| ResolvePeerBackoffMaxTimes | 7 |
| SpecialPollInternal | 3600 |
| EventLogFlags | 0 |
- Ensure the WMI filter created in the previous step, is selected on the GPO.
- Apply the GPO against the Domain Controllers OU.