Windows NTP

Another good topic to talk about. I’ll blog soon about NTP in general when it comes to stratums and a design. But I want to focus on the Windows AD side now in this post.

#Windows Default options:
NTP – Use on computers that are not joined to a domain.
NT5DS – Use on computers that are joined to a domain.

Pretty straight forward. Windows has two default options. Computers NOT joined to the DOMAIN will use NTP and Computer joined to the DOMAIN will use NT5DS, NOT NTP. NT5DS is what every Domain device uses. It’s default. It’s a time service that synchronizes the entire domain hierarchy.

#HOW NT5DS WORKS:
In a Windows forest, the Primary Domain Controller (PDC) emulator holds the master role. This server holds the best time source if another reliable time source hasn’t been configured. This PDC is usually synched to external time sources or like in some of my other environments, internal GPS NTP appliances.

Next we’ll look at the Flexible Single Master Operation (FSMO) roles to find who that PDC server is.

#LOOK AT FSMO ROLES TO FIND PDC:
I won’t go into each role but there are 5 FSMO roles.

Schema Master – one per forest
Domain Naming Master – 1 per forest
Primary Domain Controller (PDC) Emulator – 1 per domain
Relative ID (RID) Master – 1 per domain
Infrastructure Master – 1 per domain

The one you’re looking is the PDC.

C:\>netdom /query FSMO
Schema master               kc-dc1.cordero.me
Domain naming master        kc-dc1.cordero.me
PDC                         kc-dc1.cordero.me
RID pool manager            kc-dc1.cordero.me
Infrastructure master       kc-dc1.cordero.me
The command completed successfully.

#FIND THE TIME SOURCE:
On a computer, use the below command to see who it’s getting its time from. The output should be the PDC from above.

C:\>w32tm /query /source
kc-dc1.cordero.me

#LOOK AT LOCAL TIME CONFIGURATION TO FIND THE TYPE OF NTP BEING USED
Now you can look to see how is the time getting synched, NTP or NT5DS. Since this device is domain joined, it’s using NT5DS.

LOCAL JOINED DEVICE:
C:\>w32tm /query /configuration
[Configuration]

EventLogFlags: 2 (Local)
AnnounceFlags: 10 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 10 (Local)
MaxPollInterval: 15 (Local)
MaxNegPhaseCorrection: 4294967295 (Local)
MaxPosPhaseCorrection: 4294967295 (Local)
MaxAllowedPhaseOffset: 300 (Local)

FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 1 (Local)
UpdateInterval: 30000 (Local)

[TimeProviders]

NtpClient (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
CrossSiteSyncFlags: 2 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Local)
ResolvePeerBackoffMaxTimes: 7 (Local)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: NT5DS (Local)

NtpServer (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 0 (Local)
InputProvider: 0 (Local)

PDC ON NETWORK WITH EXTERNAL SETTINGS:
You can use the same command to look a remote computer. Below we are looking out our DC that happens to be the PDC. You can see that the server is configured to get its time from external sources and the type is NTP.

C:\>w32tm /query /computer:{REMOTE_DEVICE_NAME} /configuration
[Configuration]

EventLogFlags: 2 (Local)
AnnounceFlags: 5 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 6 (Local)
MaxPollInterval: 10 (Local)
MaxNegPhaseCorrection: 172800 (Local)
MaxPosPhaseCorrection: 172800 (Local)
MaxAllowedPhaseOffset: 300 (Local)

FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 7 (Local)
UpdateInterval: 100 (Local)


[TimeProviders]

NtpClient (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Local)
ResolvePeerBackoffMaxTimes: 7 (Local)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 3600 (Local)
Type: NTP (Local)
NtpServer: pool.ntp.org time.nist.gov (Local)

NtpServer (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombinations: 1 (Local)

VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)

#CONFIGURING NTP SETTINGS MANUALLY:
So how do you configured the external time sources on the PDC? Below is the command you would use or something like it. You want the PDC to use reliable NTP sources.

Below we are prioritizing pool.ntp.org over time.nist.gov:

w32tm /config /manualpeerlist:"pool.ntp.org,0x8 time.nist.gov,0xa" /syncfromflags:manual /update

You can also use the “UseAsFallbackOnly flag (0x2)” to de-prioritize one of them. Or make them both 0x8. So you have options.

Below are the options:
0x1 SpecialInterval
0x2 UseAsFallbackOnly
0x4 SymmetricActive: For more information about this mode, see Windows Time Server: 3.3 Modes of Operation.
0x8 Client

#RESYNCH TIME:
This will tell the computer to resynch as soon as possible.

w32tm /resync [/computer:] [/nowait] [/rediscover] [/soft]