Server - Active Directory Time syncronization problems

During these years I faced, on server and clients, several authentication problems due to wrong time and date.

Here they are some commands and tips useful for this troubleshottoing purpose:

1. Command useful on DC to see any time differences in place and relative (offset)

w32tm /monitor 

2. Run the following command on the PDC emulator:  

w32tm /config /manualpeerlist:timeserver /syncfromflags:manual /reliable:yes /update

Once done, restart W32Time service.

net stop w32time | net start w32time 

3. Run the following command on all other DCs (that are not PDC):  

w32tm /config /syncfromflags:domhier /update

Once done, restart W32Time service:

net stop w32time | net start w32time 

I have often, in recent years, to solve problems of e-mail or authentication domain generated from misconfigurations time servers. 

4. To check the source time server: 

w32tm /query /status

You can check registry entries if the domain controller is using NTP (should be on PDC) or NT5DS (on non-PDC):
Find the value of Type under 


reg query 

6. re-sync the w32time service using the following command:

w32tm /resync /rediscover

7. Execute the following command to actually perform a time synchronization with the external source

w32tm.exe /config /update

Some articles and tools

port query Tool GUI

Technet - Windows Time Service Tools and Settings

Time Configuration in Active Directory

Configure DC to synchronize time with external NTP server

[update 2021.03.04]

Here they are register keys related to date and time Windows services

Microsoft Registry