Following are my best practices for Time Service settings within a Windows Domain environment.
This environment will hold a Single Clockmaster, being the Primary Domain Controller (PDC Role). This means that only one single device within this environment will hold the “correct” time. All other devices will synchronize their time with this Clockmaster.
Most of the time this Single Clockmaster would also be virtualized, and could therefore suffer from Clockdrift, due to heavy loads on the hyper-visor host. If you want to find out more about Clockdrift have a look at Kevin Kline’s topic about it.
To avoid heavy Clockskew between our environment and the rest of the world due to the Clockdrift, we will synchronize time from our Clockmaster with an external reference via the Network Time Procotol (NTP).
Reset Time Service settings on PDC, DC’s, Servers or Clients
"net time /setsntp: " net stop w32time w32tm /unregister w32tm /register net start w32time
Configure Time Service settings on PDC (Clockmaster)
w32tm /config /manualpeerlist:be.pool.ntp.org /syncfromflags:manual /reliable:yes /update w32tm /resync /rediscover net stop w32time && net start w32time
Configure Time Service settings on other DC’s, Servers or Clients
w32tm /config /syncfromflags:domhier /update w32tm /resync /rediscover net stop w32time && net start w32time