{"id":3150,"date":"2023-11-20T09:42:33","date_gmt":"2023-11-20T09:42:33","guid":{"rendered":"https:\/\/blog.designed79.co.uk\/?p=3150"},"modified":"2023-11-20T09:43:25","modified_gmt":"2023-11-20T09:43:25","slug":"windows-time-sync-registry-set-up","status":"publish","type":"post","link":"https:\/\/blog.designed79.co.uk\/?p=3150","title":{"rendered":"Windows Time Sync Registry set Up"},"content":{"rendered":"\n

This script needs to be run as an administrator and it will modify registry.
The primary domain controller will sync time externally from pool.ntp.org while the seconday dc’s will sync time from the primary (which has PDc emulater role.)<\/p>\n\n\n\n

\n\n
&lt;# 
\nWindows Time Sync Registry set up 
\nBy allenage.com DC time sync v 0.1
\nFinal Update on 6\/19\/2017
\n
\n
\n##########################****** Configuration Info *********####################################
\n# Peers
\nHKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\W32Time\\Parameters\\NTPServer=pool.ntp.org,0x1
\nWe are setting Pool.ntp.org,0x1 Check your region if you would set your own http:\/\/www.pool.ntp.org\/zone\/@
\n
\n# interval
\n0x01 SpecialInterval
\n0x02 UseAsFallbackOnly
\n0x04 SymmetricActive
\n0x08 Client
\n0x9 which uses DNS round robin to make a random selection from a pool of time servers.
\n
\n
\n# For PDC Announce flag 5 and backup domain controllers
\nHKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\W32Time\\Config\\AnnounceFlags=5
\nThis entry controls whether this computer is marked as a reliable time server. A computer is not marked as reliable unless it is also marked as a time server.
\n0x00 Not a time server
\n0x01 Always time server
\n0x02 Automatic time server
\n0x04 Always reliable time server
\n0x08 Automatic reliable time server
\nThe default value for domain members is 10. The default value for stand-alone clients and servers is 10.
\n
\n# HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\W32Time\\Parameters\\Type=NTP
\nthis entry indicates which peers to accept synchronization from:
\n
\nNoSync. The time service does not synchronize with other sources.
\nNTP. The time service synchronizes from the servers specified in the NtpServer. registry entry.
\nNT5DS. The time service synchronizes from the domain hierarchy.
\nAllSync. The time service uses all the available synchronization mechanisms.
\n
\n##########################****** Configuration Info *********####################################
\n
\n
\n
\nImportant psremoting needs to be enabled.
\n
\nrun  Enable-PSRemoting -Force on PowerShell elevated mode to enable Psremoting.
\n
\nThis script needs to be run as an administrator and it will modify registry.
\nThe primary domain controller will sync time externally from pool.ntp.org while the secondary dc's will sync time from the primary (which has PDc emulator role.)
\n
\nLater you can type Dcdiag to check Advertising test.
\n
\n#&gt; 
\n
\n 
\n If (-NOT (&#91;Security.Principal.WindowsPrincipal]&#91;Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(&#91;Security.Principal.WindowsBuiltInRole] "Administrator"))
\n {    
\n  Write-Host "This script needs to be run As Admin go back and Run as admin" -BackgroundColor red
\nStart-Sleep -Seconds 5
\nExit
\n }
\n
\nWrite-host "Enabling Psremoting on this Computer $env:computername" -ForegroundColor Green
\n
\nEnable-PSRemoting -Force
\n
\nimport-module activedirectory
\n
\n$pdc=Get-ADDomainController -Discover -Service PrimaryDC |select -ExpandProperty name
\n$PDCSYNC = { w32tm \/config \/manualpeerlist:"pool.ntp.org,0x1" \/syncfromflags:manual \/reliable:yes \/update
\nw32tm \/config \/update
\nRestart-Service w32time
\nw32tm \/resync \/rediscover
\nw32tm \/resync
\n}
\n
\n# Registry Modifications for PDC so It advertise as Time server
\n$aflags={Set-ItemProperty -path "HKLM:\\system\\CurrentControlSet\\Services\\W32Time\\Config" -Name AnnounceFlags -Value 5 -Type DWord -Force}
\n$ntp1={Set-ItemProperty -path "HKLM:\\SYSTEM\\CurrentControlSet\\Services\\W32Time\\Parameters" -Name Type -Value NTP  -Force }
\n$Vmic={Set-ItemProperty -path "HKLM:\\SYSTEM\\CurrentControlSet\\Services\\W32Time\\TimeProviders\\VMICTimeProvider" -Name Enabled -Value 0 -Type DWord -Force}
\n
\nInvoke-Command -ComputerName $pdc -ScriptBlock $PDCSYNC
\nInvoke-Command -ComputerName $pdc -ScriptBlock $aflags
\nInvoke-Command -ComputerName $pdc -ScriptBlock $ntp1
\nInvoke-Command -ComputerName $pdc -ScriptBlock $Vmic
\n$dc=Get-ADDomainController -filter * |?{$_.OperationMasterRoles -notcontains 'PDCEmulator'} |select -ExpandProperty name
\n
\n# commands for DC to sync from primary
\n$dcupdate={w32tm \/config \/syncfromflags:domhier \/update}
\n$advtest1={Set-ItemProperty -path "HKLM:\\SYSTEM\\CurrentControlSet\\Services\\W32Time\\TimeProviders\\VMICTimeProvider" -Name Enabled -Value 0 -Type DWord -Force}
\n$advtest2={Set-ItemProperty -path "HKLM:\\system\\CurrentControlSet\\Services\\W32Time\\Config" -Name AnnounceFlags -Value 10 -Type DWord -Force}
\n$ntp2={Set-ItemProperty -path "HKLM:\\SYSTEM\\CurrentControlSet\\Services\\W32Time\\Parameters" -Name Type -Value NT5DS  -Force }
\n$Advtest3={restart-service w32time}
\n$advtest4={w32tm \/resync \/rediscover}
\n$advtest5={w32tm \/resync}
\nif($dc -like '*')
\n{
\nInvoke-Command -ComputerName $dc -ScriptBlock $dcupdate
\nInvoke-Command -ComputerName $dc -ScriptBlock $Advtest1
\nInvoke-Command -ComputerName $dc -ScriptBlock $Advtest2
\nInvoke-Command -ComputerName $dc -ScriptBlock $ntp2
\nInvoke-Command -ComputerName $dc -ScriptBlock $Advtest3
\nInvoke-Command -ComputerName $dc -ScriptBlock $Advtest4
\nInvoke-Command -ComputerName $dc -ScriptBlock $Advtest5
\n}
\nelse
\n
\n{
\nwrite-host "You have only one domain controller"
\n}<\/div><\/div>\n\n<\/pre>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
This script needs to be run as an administrator and it will modify registry.The primary domain controller will sync time externally from […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3150","post","type-post","status-publish","format-standard","hentry","category-info-on-tech"],"_links":{"self":[{"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/3150","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3150"}],"version-history":[{"count":2,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/3150\/revisions"}],"predecessor-version":[{"id":3152,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/3150\/revisions\/3152"}],"wp:attachment":[{"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3150"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3150"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.designed79.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}