Setting external time source in AD

The PDC emaulator in the root domain of your AD forest should point to an external time source. For some odd reason the PDC emulator in my lab wasn’t doing that. Easily remedied:

## set external time source
## set server type to NTP
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters -Name Type -Value ‘NTP’
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Config -Name AnnounceFlags -Value 5
## Enable NTP server
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer -Name Enabled -Value 1
## Specify Time source
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters -Name NtpServer -Value ‘,0x1’
## Set poll interval in seconds – every 30 minutes
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient -Name SpecialPollInterval -Value 1800
## set max +/- time corrections in seconds – 24 hours
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Config -Name MaxPosPhaseCorrection -Value 86400
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Config -Name MaxnegPhaseCorrection -Value 86400

Stop-Service -Name W32Time
Start-Service -Name W32Time

Wait a minute or so and the time will be set correctly.

Not a job you have to do very often but having the code to do the job reduces the probability of errors

You can view the settings

Get-Item HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
Get-Item HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Config
Get-Item HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
Get-Item HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient

This entry was posted in PowerShell and Active Directory. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s