Default installations of Windows Server 2008 R2 and Windows 7 will configure domain based network time resolution as soon as you create or join a domain. That’s the best option for all servers and computers except:
- Forest root servers – Establish the correct atomic time at the root, which is then (potentially) propagated to all other servers and computers in the forest.
- Site masters – Limit the damage caused by incorrect time configuration to one site.
- Infrastructure operations master – The purpose of this server is to cross-check that replication is functioning correctly, hence having its own atomic time source will also check for any time issues.
There are two configuration options for any machine (server or computer) in the domain, shown below along with the correct new command to configure them (NET TIME is depreciated).
- Machines which should source their time from an internet NTP (time) server, effectively an atomic clock proxy:
w32tm /config /syncfromflags:manual /manualpeerlist:europe.pool.ntp.org /update /reliable:yes
- Machines which should source their time from their domain hierarchy, assuming the time from the other servers (is hopefully correct):
w32tm /config /syncfromflags:domhier /update /reliable:yes
After changing the configuration run the following command to update immediately:
If you are running virtualized servers (e.g. Hyper-V) then you need to think carefully about your settings. When the host reboots or for any other reason pauses or saves the machines, their clocks stop! When they restart it may take a long time for the domain or internet synchronization to run again. When the difference is really great (machine offline for days) then it will refuse to sync at all without the manual intervention and the w32tm “/force” option. That means you really must have integration services installed with host time synchronization enabled on all virtual machines. Following on, it is then even more important that virtual machine hosts have their time synchronized accurately, especially when they host virtual domain controllers (which may be the time server for other machines in the domain hierachy).