A Quick Tip To Configure Time Service In Active Directory Environment

by [Published on 24 March 2009 / Last Updated on 28 Nov. 2008]

This article explains how you can configure time service for an active directory environment.

Windows Time is necessary for domain controllers and client computers. This is a requirement for the Kerberos protocol for authentication purpose. You should keep the following points in mind when configuring the Windows Time Service in an Active Directory environment:

  • Configure your client computers to sync time from it's authentication or local domain controller in the site
  • Configure your DC to sync time from it's PDC Emulator for that domain
  • Configure your Child PDC to sync time from any DC in the Forest Root domain
  • Configure your Forest PDC to sync time from an external source (time.windows.com)

For the above things to work, you need to modify two registry entries:

For all Domain Controllers and PDC in the Forest except PDC in the Forest:

  • Key: HKLM\System\CurrentControlSet\Services\W32Time\Parameters
  • Entry: Type
  • Value: NT5DS

For Forest PDC:

  • Key: HKLM\System\CurrentControlSet\Services\W32Time\Parameters
  • Entry: Type
  • Value: NTP
  • Entry: NTPServer
  • Value: time.windows.com

 

 

 

 

Featured Links