Syncing Windows Time service to an external source

It is important to have the Windows Time Service on a DC on the network pointing to an external NTP source to keep time in sync.

There is an article here which tells you how:

https://support.microsoft.com/en-us/help/816042/how-to-configure-an-authoritative-time-server-in-windows-server

I’ve condensed it here to a reg file you can create and run.

Copy the following code into a text document, name it time.reg and run it on a DC.

Then restart the time service with the command:

net stop w32time && net start w32time

Give it a few seconds and the clock should correct itself.

If it is a virtual machine make sure that the Hyper Visor isn’t pushing time out to it, as the server will take that as priority. For example on Hyper-V go to the VM Settings, and Integration┬áServices and un-tick Time synchronization.

The registry file

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer]
“Enabled”=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
“NtpServer”=”0.europe.pool.ntp.org,0x1 1.europe.pool.ntp.org”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval]
“SpecialPollInterval”=dword:900
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config]
“MaxPosPhaseCorrection”=dword:00000e10
“MaxNegativePhaseCorrection”=dword:00000e10

 

Migrating from NTFRS to DFSR replication of Sysvol

DFSR replication of sysvol is much more reliable, and NTFRS is being deprecated after Windows Server 2016.

This is how to migrate to DFSR. The information here is gleamed from :

https://blogs.technet.microsoft.com/filecab/2014/06/25/streamlined-migration-of-frs-to-dfsr-sysvol/

and the long version:

https://technet.microsoft.com/en-us/library/dd640019%28v=WS.10%29.aspx?f=255&MSPPError=-2147217396

Check forest functional level using domain.msc and raise if below 2008.

Force a replication with:

Repadmin /syncall /force /APed

this is optional, but will speed things up, and you can use this replication to check for errors.

Check event log for errors, especially the File Replication Service logs.

Repadmin /replsummary

Check that replication is working.

Dcdiag /e /test:sysvolcheck /test:advertising

Fix any errors.

Next the migration.

dfsrmig /setglobalstate 1

Run

dfsrmig /getmigrationstate

Do not proceed further until it tells you that “All domain controllers have migrated successfully to the Global state.”

dfsrmig /setglobalstate 2

Again check it with

dfsrmig /getmigrationstate

And make sure all DCs have migrated.

Finally

dfsrmig /setglobalstate 3

And it is finished when

dfsrmig /getglobalstate

tells you that all DCs have migrated successfully.

You can apparently go straight to state 3, but it doesn’t take long to go the full route, so better taking a little time.