Network Time Protocol (NTP) is a protocol designed to time-synchronize a network of machines. NTP runs on User Datagram Protocol (UDP), which in turn runs on IP. Whenever you experience a drift in your servers, below are the steps to synchronize your domain controller with an external time source in your time zone. For related guides, see; change the system time zone under RedHat and CentOS. And How to fix clock synchronization issues in Windows.
Time Syncing in Windows via the Commandline
On how to enable and disable Linux systems clock synchronization with a Network Time Protocol (NTP) Server, see the steps below. In Windows, here is a simple command that can be run to achieve this.
C:\>w32tm /config /manualpeerlist:ntp1.tpg.com.au /syncfromflags:manual /reliable:yes /update
Note: It is recommended to have a dedicated server (Domain Controller) synchronise their time from an external time source. Then sync all other servers from the dedicated server.
Please see Active Directory: How to Setup a Domain Controller, AD Connect Sync Service not running: Cannot proceed because the sync service is not running, start the ADSync service and restart the AD Connect Wizard to continue. Also, see how to add a second Domain Controller.
FAQ on Domain Controller Sync with an external time source
Synchronizing a Domain Controller (DC) with an external time source is crucial for maintaining accurate time across your network. Inconsistent time can lead to authentication issues, security vulnerabilities, and problems with various network services. By syncing with a trusted external time source, you ensure that all network devices and services operate with the same time reference, thereby enhancing security and overall system performance.
The preferred method for synchronizing a DC time with an external source in a Windows environment is to use the Windows Time Service (w32time) as shown above.
This service can be configured to synchronize with a variety of external time sources.
The frequency of time synchronization depends on your network’s specific requirements and the potential drift of your DC internal clock
Oftentimes, configuring your DC to synchronize time with an external source every 15 minutes is recommended. However, high-precision environments may require more frequent synchronization. It is necessary to balance the need for accurate time with the network resources and the reliability of the external time source.
Regular checks and monitoring can help you determine the optimal synchronization frequency for your network.
I hope you found this blog post helpful in synchronising your domain controller with an external time source. Be sure to leave a question or comment below.