Disclamer

Visit our disclaimer policy before making any changes to your system which may negatively impact the performance or make your system unresponsive.

Setting Time Source with PowerShell

PowerShell, Windows Server

Delegate server time source hierarchy between domain controllers, PDC, and external sources.

Intro

When setting up an Active Directory environment, machines sometimes do not sync time with the closest DC or, worse, when a DC and a server sync time, causing massive time drift.

When the script below is applied to the domain-level OU, workstations and servers will sync their time with the local DC(s). The DCs will sync with the PDC emulator, which will sync with Us.pool.ntp.org

You can click here if you’d like to learn how to apply the PowerShell script to a group policy.

If you have any questions, please fill out the comment section at the end of this post, and we will get back to you.

Full Script

Modifications:

Line 4: if you choose to use something other than Us.pool.ntp.org

Trouble Shooting:

Line 51: Will give you the time source the computer will use.

Line 54: Will give you more information about the sync.

				
					#The goal for this script is to set the time for all devices. For Workstations and Non-Domain COller Servers, the device time will point to the local DC
#For Domain Collers that do not have the PDC role, they will point to the PDC server.
#For The PDC server we are pointing our time to an external source
$timeSource = "Us.pool.ntp.org"


#Stopping the time server
net stop w32time 
w32tm /unregister
w32tm /register
net start w32time

#gets the product IT
$ProdcutType = Get-CimInstance -Class Win32_OperatingSystem | select ProductType 

#1 is for workstations and 3 is not non-domain controller servers
if($ProdcutType.ProductType -eq 1 -or $ProdcutType.ProductType -eq 3)
{
    #Point to the local Domain Controller
    w32tm /config /syncfromflags:domhier /update
} else {
    #We are finding the PDC server
    = Get-ADForest |
    Select-Object -ExpandProperty RootDomain |
    Get-ADDomain |
    Select-Object -Property PDCEmulator | 
    Select-Object -ExpandProperty PDCEmulator  
    
    #Gets the device FQDM
    $localhostname = hostname 
    $domain =  Get-WmiObject -Namespace root\cimv2 -Class Win32_ComputerSystem | Select Domain  
    $fqdm = $localhostname + "." + $domain.Domain    

    #If we are not the PDC Emulator
    if($fqdm -ne $PDC)
    {
        #Set time to the PDC
        w32tm /config /manualpeerlist:$PDC /syncfromflags:manual /reliable:yes /update        
    }   else{
        #Set time to the external source
        w32tm /config /manualpeerlist:"$timeSource,0x8" /syncfromflags:manual /reliable:yes /update
    }
}

#Stop and start time service again
net stop w32time
net start w32time
w32tm /resync /nowait

#Gets who the computer is syncing with. If script just ran, it might say "Local CMOS Clock", wait a minute and try again. 
#w32tm /query /source

#Last line is if we need to get more info 
#w32tm /query /status

Murphy

Michael “Murphy” has BA in Computer Technology from Wayne State University and is a System Engineer for a food manufacturer in the Chicagoland area.

Local Exchange Mailbox Users Can’t Email 365 Only Accounts

August 21, 2024

Unable to send emails from mailbox from your local Exchange server to a mailbox that only exist in 365. Find the fix here.

Migrating Azure AD Connect

July 30, 2024

Don’t waste time figuring out how to migrate Azure Active Directory from one server to another. Do it quick and don’t waste your time and get it done within an hour.

Creating a Certificate Signing Request Using OpenSSL

November 11, 2023

Find out how to quickly create a Certificate Signing Request in Windows using OpenSSL. With minimum software needed.

Disclamer

Setting Time Source with PowerShell

Table of Contents

Intro

Full Script

Murphy

Contact Us