Domain controller post-promotion tasks: time synchronization

After you finish installing a first domain controller in a new forest, couple of important settings must be configured:
  • Time synchronization
  • Windows Activation service location
This part will explains how to configure

Time synchronization

PDC Emulator must be synchronized with a reliable time source. In large companies it is usually one of the internal routers, that is configured to sync time with external NTP server.

Once you finish installing domain controller, logon to it, open the elevated Command Prompt and enter the following command:

w32tm /config /manualpeerlist:"<FQDN_of_internal_NTP_server> <IP_address_of_internal_NTP_server>" /syncfromflags:manual /reliable:yes /update

Ensure that the command has completed successfully.

Open the Event Viewer console from Administrative tools.
Select Windows Log > System node.

Ensure that events 35 and 37 from the Time-Service source are logged.

Open event 37 and read the message details: "The time provider NtpClient is currently receiving valid time data from <Your_NTP_server>" on port UDP:123.
The message indicates that valid time source server was successfully contacted and communication has successfully crossed all firewalls.

Open event 35 and read the message details: "The time service is now synchronizing the system time with the time source  <Your_NTP_server>" on port UDP:123.
The event indicates that domain controller (PDC Emulator) is able to receive regular time updates from the time server.

No comments:

Post a Comment