This post was originally published on February 13, 2017
The latest update to this post was made 11 months ago.
Setting A Reliable Time Server For Your PDC Emulator
You need to set an authoritative time server on your PDC emulator and make it remain a reliable time source for your domain.
Also includes EVENT ID 12, Time-Service
Details: Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
Windows Server 2008/2008r2/2012/2012r2/2016/2019. The authoritative time is configured only on the PDC emulator for your domain. The other domain controllers will pickup the time changes at next sync. You can optionally run the w32tm /resync command on the additional domain controllers to make them pickup changes immediately.
Follow these steps to set a new time server source and make your PDC emulator a reliable time source for your domain.
- Find out who your PDC emulator is. Run the following command on a domain controller in an admin command prompt:
- netdom /query fsmo
- Login to the PDC emulator that you discovered from step 1.
- Open an administrator command prompt (run as administrator), and run the following commands (shown in BOLD):
w32tm /config /syncfromflags:manual /manualpeerlist:”<time server #1>, <time server #2>”
You can specify NTP and SNTP servers, you must enter at least one address of a trusted time server.
You can use FQDN and/or IP Address. We recommend: time.nist.gov and utcnist.colorado.edu – If you decide to use these time servers, you can simply copy the following line and paste in to your command prompt:
w32tm /config /syncfromflags:manual /manualpeerlist:time.nist.gov,utcnist.colorado.edu
See available public NIST time servers here -> http://tf.nist.gov/tf-cgi/servers.cgi
w32tm /config /reliable:yes
This command makes the PDC a reliable time source for your domain, this is a requirement!
net stop w32time
Stops the time service
net start w32time
Starts the time service
If the time is now correct on your PDC, you are done! Check your event log on the PDC emulator, look under ‘Windows Logs’ -> ‘System’. You should see the time service synchronized and received valid data from your selected server(s) above.
If not, run these additional steps (from your administrator command prompt, still)
w32tm /query /configuration
Queries your current configuration (review it)
Forces a resync of settings.
w32tm /config /reliable:yes
Forces the new configuration to be a reliable time server for your domain.