Active Directory: Time Sync All DCs

Near as I can figure, AD automatically sets each DC to sync time with the master DC. In order to make sure the master DC has the proper time and is set to be an available & reliable time source, run the following commands:

W32TM /config /reliable:YES
W32TM /resync /rediscover

Next, run the following command on the other DCs.

W32TM /resync /rediscover

And you’re done!

Chrissy is a PowerShell MVP who has worked in IT for nearly 20 years, and currently serves as a Sr. Database Engineer in Belgium. Always an avid scripter, she attended the Monad session at Microsoft’s Professional Developers Conference in Los Angeles back in 2005 and has worked and played with PowerShell ever since. Chrissy is currently pursuing an MS in Systems Engineering at Regis University and helps maintain in her spare time. She holds a number of certifications, including those relating to SQL Server, SuSE Linux, SharePoint and network security. She recently became co-lead of the SQL PASS PowerShell Virtual Chapter. You can follow her on Twitter at @cl.

Posted in Active Directory
16 comments on “Active Directory: Time Sync All DCs
  1. Jason says:

    Thanks for this info… It saved me… I found you via Google…

  2. Thanks for the article.

  3. Pedro says:

    When I put in the last command master DC
    W32TM /resync /rediscover
    I get an error the computer did not resync because no time data was available.

  4. Radek Dolezel says:

    I have used the following sequence on my PDC emulator:
    1a) w32tm /config /update /syncfromflags:MANUAL /,0x1
    1b) net time /,0x1
    2) net stop w32time
    3) net time w32time
    4) net time /querysntp (for quick check)

    On all other ADs:
    1) w32tm /resync /rediscover


  5. Anne-Marie says:

    Thanks for the info; I used Radek’s suggestion (step 1a) and it worked like a charm.

  6. biruh says:

    I am having the same problems that most pcs including one secondary dc are lagging one hour behind the pdc time and all of the commands aren’t working. do you have any idea please?

  7. greg says:

    what are your daylight saving settings biruh?

  8. Sunoy says:

    I have run w32tm /config /update /syncfromflags:MANUAL /,0×1
    on PDC and w32tm /resync /rediscover on other DC it worked fine for me …………..

  9. Raad Orfali says:

    Thanks for the article it woks fine with me

  10. Esteban says:

    It is very important to know that the more you mess with this service, it gets harder to get it right, so one thing you can do on all yor DC´s is to unregister the w32tm service; don´t worry what will happen next is that you will re-register it in order to avoid all miss configuration you might have done previously. So the sentence on each and every Active Directory would go like this:
    CAUTION: be sure you know your local administrator account or some other admin user.

    c:>w32tm /unregister
    (although is not necesary, sometimes you are asked to reboot, do it)

    c:>w32tm /register

    Now your w32tm service is configured as it was after you decided that it was a good idea to "fix" it. (been there, done that!!!).

    In my case, this action allowed me to discover which was the server that was causin the problem; after that it decides to let the w32tm service disbled on that DC. Hope this help someone, i worked just fine for me.

    From BS.AS Argentina, Esteban

  11. Elias Mendez says:

    Elías Méndez.
    Hi my friends I would like to recomend below action plan It worked for me on a very critical situation. best regards.

    On PDC root forest domain RUN command

    w32tm /config / /syncfromflags:manual /reliable:yes /update



    W32TM /resync /rediscover
    Go to event viewer and verify under System log that now you are pointing to windows time server and you are receiving time correctly.


  12. ELías Mendez says:

    Then excecute following comman on Each additional domain controller or member server ( No not execute on Forest root Domain )

    w32tm /config /,0x1 /reliable:no /update

    w32tm /config /syncfromflags:domhier /update

    reg add HKLMsystemCurrentControlSetServicesW32TimeTimeProvidersNtpServer /v Enabled /t REG_DWORD /d 0x1 /f

    reg add HKLMsystemCurrentControlSetServicesW32TimeTimeProvidersNtpClient /v Enabled /t REG_DWORD /d 0x1 /f

    reg add HKLMsystemCurrentControlSetServicesW32TimeConfig /v AnnounceFlags /t REG_DWORD /d 0xa /f

    reg add HKLMsystemCurrentControlSetServicesW32TimeConfig /v MaxNegPhaseCorrection /t REG_DWORD /d 0x2a300 /f

    reg add HKLMsystemCurrentControlSetServicesW32TimeConfig /v MaxPosPhaseCorrection /t REG_DWORD /d 0x2a300 /f
    w32tm /config /update

  13. Elías Méndez says:

    Then stop and restart services.

    net stop w32time && net start w32time
    w32tm /resync /rediscover
    Now you had been configured root forest ntp server and pointed each additional domain controller and member server to it.

  14. jeff82 says:


  15. Matt says:

    Is there a way to run a report on AD forest to see what NTP source is being used on all machines inside network?

  16. Doyler says:

    Just so you know, /SETSNTP has been deprecated, but you can specify the computer or domain specifically in conjunction with the /SET flag. For example:

    C:\Windows\system32>NET TIME /SET /DOMAIN

Leave a Reply

Your email address will not be published. Required fields are marked *