Windows Time Synchronization

Table of Contents

• Configuring Time Synchronization and Analyzing Time Services in Windows
  • Client Computer, Member Servers, and Domain Controller
  • Domain Controller (PDC Emulator)
  • Compare Time Server vs Local with Stripchart
  • List Manually Configured NTP Servers (Peers)
  • Display the Simple Network Time Protocol (SNTP) Server
  • Current Status of the Windows Time Service
  • time.windows.com vs us.pool.ntp.org

Configuring Time Synchronization and Analyzing Time Services in Windows

Time synchronization is critical in maintaining the integrity of network operations, especially in domain environments. In this blog, we’ll explore several key topics related to time synchronization, provide step-by-step instructions, and explain the commands and their respective flags.

Client Computer, Member Servers, and Domain Controller

Domain-joined client computers, server or other domain controller synchronize their time with the domain hierarchy. Here’s how to configure this:

w32tm /config /syncfromflags:domhier /update

Breaking it Down:

• w32tm: The Windows Time Service command-line tool.
• /config: Switch to configure the service.
• /syncfromflags:domhier: Synchronizes time from the domain hierarchy. The system will look to the nearest domain controller for time.
• /update: Applies the configuration immediately without restarting the Windows Time Service.

This ensures the client computer automatically synchronizes time with the domain hierarchy (Active Directory).

Domain Controller (PDC Emulator)

In an Active Directory domain, the Primary Domain Controller (PDC) Emulator typically acts as the authoritative time source for the domain. To configure the PDC Emulator to sync with an external NTP server (e.g., us.pool.ntp.org):

w32tm /config /manualpeerlist:"us.pool.ntp.org" /syncfromflags:manual /reliable:YES /update

Breaking it Down:

• /manualpeerlist:”us.pool.ntp.org”: Sets the external NTP server(s) to use. Replace us.pool.ntp.org with your preferred NTP server.
• /syncfromflags:manual: Specifies manual sync from the configured NTP servers only.
• /reliable:YES: Marks this machine as a reliable time source for other devices in the network.
• /update: Applies the changes immediately.

The PDC Emulator ensures time consistency across the domain by acting as the primary time source.

Compare Time Server vs Local with Stripchart

The stripchart option allows you to compare the time of your local machine with a specified time server:

w32tm /stripchart /computer:time.windows.com /dataonly /samples:10

Breaking it Down:

• /stripchart: Monitors the time difference (offset) between the local machine and a remote time server.
• /computer:time.windows.com: Specifies the remote NTP server to compare. You can replace time.windows.com with any NTP server.
• /dataonly: Outputs only the raw time difference without additional details.
• /samples:10: Number of queries (samples) to send to the remote server (10 in this case).

This command is useful for verifying how closely your local time matches the NTP server.

List Manually Configured NTP Servers (Peers)

To view the NTP servers (peers) currently configured on your system:

w32tm /query /peers

Breaking it Down:

• /query: Initiates a query to retrieve specific information.
• /peers: Lists the manually configured NTP servers the system is set to synchronize with.

The output shows the configured servers, polling intervals, and their status.

Display the Simple Network Time Protocol (SNTP) Server

To view the currently configured SNTP server:

net time /querysntp

Breaking it Down:

• net time: An older time synchronization command.
• /querysntp: Displays the SNTP server the system is set to use for time synchronization.

This command is mostly replaced by w32tm in modern Windows systems but can still be useful for legacy environments.

Current Status of the Windows Time Service

To check the current status of the Windows Time Service and its synchronization details:

w32tm /query /status

Breaking it Down:

• /query: Queries the service for specific information.
• /status: Displays the current status, including:
• • NTP server in use.
• • Last synchronization time.
• • Stratum level (distance from the time source).
• • Current offset (time difference).

This is a valuable command for troubleshooting synchronization issues.

time.windows.com vs us.pool.ntp.org

Both are viable options for NTP synchronization, but they have different use cases:

time.windows.com

• Advantages:
• • Microsoft’s default NTP server.
• • Easy to use and sufficient for personal computers or small environments.
• Disadvantages:
• A single server, so less redundancy and reliability.

us.pool.ntp.org

• Advantages:
• • Part of the NTP Pool Project, providing multiple servers for redundancy.
• • More reliable and accurate, especially for critical systems.
• Disadvantages:
• • Requires manual configuration.

Recommendation:

• • Use time.windows.com for simplicity and casual use.
• • Use us.pool.ntp.org for higher reliability and accuracy in larger or critical environments.

By configuring and analyzing your Windows Time Service settings using the commands above, you can ensure accurate and reliable timekeeping, whether you’re managing a domain or maintaining individual systems. Time synchronization might seem trivial, but it’s a foundational piece of a well-functioning network!