Sync Domain Controller with External Internet Time

Here's a handy way to make sure your Active Directory controllers are actively syncing their clocks with proper time servers. Although Virtual Machines have gotten better over the years, I find that they still get their clocks out of sync faster than their Physical counterparts. This works just fine on physical machines as well, but I find that I need this more for VMs than not.

 

Since I manage several different domains, I've just created two scripts that handle this for me.

 

Create these scripts in your favorite scripts folder on your FSMO role holder. I typically use c:\scripts for mine.

 

syncsetup.cmd - This script configures the time service and creates a daily task to sync
@echo off
net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist:pool.ntp.org
w32tm /config /reliable:yes
net start w32time
schtasks.exe /create /tn "Internet Time Sync" /sc DAILY /TR "C:\Scripts\timesync.cmd" /ru SYSTEM /rl HIGHEST

 

 

timesync.cmd - This script ensures that the w32time service is up and forces a sync
net start w32time
w32tm /resync

Don't forget to adjust syncsetup.cmd to have the proper path and filename of your timesync script.

 

By default Windows syncs up the time once per week. I prefer a daily schedule to reduce skew as much as possible, but if you're OK with the default simply delete the last line of syncsetup so as to not create the scheduled task. You can still run timesync when you want to do a manual time adjustment.

 

To ensure that your script is working properly, check the System event log for Time-Service event id 35 and then Kernel-General event id 1 for the actual time change.



Back to Article Index

blog comments powered by Disqus