This TechNote outlines how time should be configured in an Active Directory (AD) environment. In Active Directory, time sync occurs automatically throughout the forest, and only the PDC emulator fsmo role-holder in the forest root needs specific setup.
You can tell which is the PDC emulator DC by typing this command “netdom /query fsmo”.
It’s important to remember then that if fsmo roles are moved, the new PDC emulator must be configured to get time from an external source, and the old PDC emulator must be reconfigured to use the domain hierarchy.
- To set the time source on the PDC emulator, enter the following command: “w32tm /config /manualpeerlist:”tic.ntp.telstra.net toc.ntp.telstra.net”,0x8 /syncfromflags:MANUAL”
- {Note the above command uses Telstra time servers as a source}
- Once completed, restart the Windows Time service, and then check the System event log. You should see something like this: “The time provider NtpClient is currently receiving valid time data from tic.ntp.telstra.net (ntp.m|0x0|0.0.0.0:123->203.14.0.250:123)”.
- If you have just moved the PDC emulator role, you need to remember to set the time service on the old PDC emulator back to using the hierarchy. To do this type “w32tm /config /syncfromflags:domhier /update”