Time Synchronization in an Active Directory Environment

In an Active Directory environment the default time source is the domain controller in your forest root domain that is running the PDC emulator FSMO role. Keep in mind that the PDC emulator FSMO role is a domain level FSMO role so each domain will have one, but each domain’s PDC emulator will receive its time from the forest root’s PDC emulator. The following procedure will walk you through the steps of configuring the forest root’s PDC emulator to receive its time updates from an Internet time server.

If you don’t know which one of your Active Directory domains is the forest root domain, there are several articles on the Internet to easily determine which one is the forest root. Here’s one of those articles at Windows IT Pro.

From a domain controller in the forest root domain, determine the PDC emulator by running netdom /query fsmo

On the PDC emulator, configure the following registry value to “5”:
HKLM>System>CurrentControlSet>Services>W32Time>Config>AnnounceFlags

Configure the following registry value to “1800” decimal (30 minutes):
HKLM>System>CurrentControlSet>Services>W32Time>Config>MaxNegPhaseCorrection

Configure the following registry value to “1800” decimal (30 minutes):
HKLM>System>CurrentControlSet>Services>W32Time>Config>MaxPosPhaseCorrection

Configure the following registry value to “tock.usno.navy.mil,0x1”:
HKLM>System>CurrentControlSet>Services>W32Time>Parameters>NtpServer

Configure the following registry value to “NTP”:
HKLM>System>CurrentControlSet>Services>W32Time>Parameters>Type

Configure the following registry value to “900” decimal (15 minutes): HKLM>System>
CurrentControlSet>Services>W32Time>TimeProviders>NtpClient>SpecialPollInterval

Verify the following registry value is set to “1”: HKLM>System>CurrentControlSet>
Services>W32Time>TimeProviders>NtpServer>Enabled

Restart the Windows Time (w32time) service.

If any of the PDC emulators are running as a virtualization guest on a Hyper-V server, see my “Active Directory Time Synchronization Problems with Hyper-V” blog.

µ

Leave a Reply

%d bloggers like this: