Server - Active Directory Time syncronization problem - Problemi di ora in Active Directory

Mi è capitato spesso in questi anni di dover risolvere problemi di posta elettronica o autenticazione del dominio generati da errate configurazioni dell'ora dei server.

Appunto su questo blog alcuni comandi utili per fare troubleshooting:

1. Comando da lanciare su un DC per trovare la differenza di orario fra i dc (visualizza anche l'offset)

w32tm /monitor 

2. Run the following command on the PDC emulator:  

w32tm /config /manualpeerlist:timeserver /syncfromflags:manual /reliable:yes /update

Once done, restart W32Time service.

net stop w32time | net start w32time 

3. Run the following command on all other DCs (that are not PDC):  

w32tm /config /syncfromflags:domhier /update

Once done, restart W32Time service:

net stop w32time | net start w32time 

I have often, in recent years, to solve problems of e-mail or authentication domain generated from misconfigurations time servers. 

4. To check the source time server: 

w32tm /query /status

You can check the registry entries if the domain controller is using NTP (should be on PDC) or NT5DS (on non-PDC):
Find the value of Type under 


reg query 

6. re-sync the w32time service using the following command:

w32tm /resync /rediscover

7. Execute the following command to actually perform a time synchronization with the external source

w32tm.exe /config /update


Some articles and tools

port query Tool GUI

Technet - Windows Time Service Tools and Settings

Time Configuration in Active Directory

Configure DC to synchronize time with external NTP server