Setup NTP Time Server in a Domain Environment

When setting up your domain environment, you need to ensure that your domain computers are getting up to date time synchronization to avoid issues. In this posts, I will be showing you how to setup an NTP time server in a Windows 2008 R2 domain environment using the server that holds the FSMO roles with domain computers.

Time Synchronization Flow:

Domain Computer <—NT5DS—>Domain Controller (PDC)<—NTP/123(UDP)—>Firewall<—>External NTP Server

Setup Guide:

1. Configure DC (PDC) to sync with external source

– Log onto the Domain Controller that holds the PDC role -> click on Start\Run -> Type regedit -> click Ok

– Locate each of the following registry keys and set the values as follows (Note: when changing the value select Decimal):

[table id=15 /]

– Run the command ‘Net Stop W32Time and Net Start W32Time’

Note: It may take sometime for the PDC emulator to sync with the NTP server. If you can’t wait that long, run the following command to force a syncw32tm /resync /rediscover

– Look for the following event logs:

2. Configure Domain/Client computers

– Open up registry of the computer/member server/Other DCs -> Navigate to the following registry location “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters” -> Set key ‘Type’ to NT5DS

–  Run the command ‘Net Stop W32Time and Net Start W32Time’

comments powered by Disqus