Sync Time from External Time Source

By default, all machines in the domain will sync time from the domain controller which is the internal time server - if you have more than one DC then time will sync from the DC that holds the PDC emulator FSMO role. To check which DC is PDC emulator in your domain you need to run netdom /query fsmo command like so:

image-1606851771543.png

Once PDC emulator role is established there is few commands we need to run in order for time to sync, these are (run on PDC emulator):

1

2

3

w32tm /config /manualpeerlist:"time.windows.com,0x1" /syncfromflags:manual /reliable:yes /update

w32tm /config /update

net stop w32time && net start w32time

image-1606851810564.png

IF you need to add more than one NTP server then the peer list entries are space delimited, example:

1

"0.ntp.pool.org,0x1 1.ntp.pool.org,0x1 2.ntp.pool.org,0x1"

Once completed Windows time service should begin synchronizing time on the domain controller(s) with external source. To view the time configuration you can use w32tm /query /configuration command. In my case, my time was not synced with external time server:

image-1606851856814.png

and after I made the changes:

image-1606851887995.png

all was set to sync from time.windows.com. From workstation point of view to configure a client computer for automatic domain time synchronization:

1

w32tm /config /syncfromflags:domhier /update

and to check if its syncing:

1

w32tm /monitor

and to re-sync:

1

w32tm /resync

If there’re any errors then these will be written to Event Viewer - please check if you’re having issues.