Automate External NTP Configuration with Group Policy for PDC Emulators

This exercise will configure an automated solution that will move the NTP External Time Source settings around as the PDC Emulator role transfers around domain controllers.

1. Logon to TMDC03 as Techmentor\Administrator.

2. Open the Group Policy Management Console (GPMC.msc) and create a new policy PDC External Time and link it to the Domain Controllers OU.

3. Create a WMI filter with the following code and link it to your policy (this WMI filter allows you to find a domain controller with the role of PDC and apply the policy only to it): Select * from Win32_ComputerSystem where DomainRole = 5.

4. Configure the PDC External Time Group Policy with the WMI Filter you just created.

5. Switch to the policy editing mode and go to the section Computer Configuration > Policies > Administrative Templates > System > Windows Time Service > Time Providers. Enable the policy Enable Windows NTP Client and edit the Configure Windows NTP Client policy.

6. Specify the following policy settings:

7. Enabled.

8. NtpServer:

0.pool.ntp.org,0x8 1.pool.ntp.org,0x8 2.pool.ntp.org,0x8

9. Type: NTP.

10. CrossSiteSyncFlags: 2.

11. ResolvePeerBackoffMinutes: 15.

12. ResolvePeerBackoffMaxTimes: 7.

13. SpecialPollInterval: 1024.

14. EventLogFlags: 0.

15. On TMDC03 – Run the following: w32tm /config /syncfromflags:domhier /update.

16. net stop w32time && net start w32time.

17. w32tm /query /peers.

18. net stop w32time.

19. w32tm /unregister.

20. w32tm /register.

21. net start w32time.

22. gpupdate /force.

23. gpresult /z.

24. Verify NTP Settings via GPO.

25. Check the W32 Peers list that has been set via GPO.

w32tm / query /peers

26. Next, let’s move the FSMO Roles to TMDC04.

Move-ADDirectoryServerOperationMasterRole -identity TMDC04 -OperationMasterRole PDCEmulator,RIDMaster,InfrastructureMaster,SchemaMaster,DomainNamingMaster