This exercise will configure an automated solution that will move the NTP External Time Source settings around as the PDC Emulator role transfers around domain controllers.

1. Logon to TMDC03 as Techmentor\Administrator.

2. Open the Group Policy Management Console (GPMC.msc) and create a new policy PDC External Time and link it to the Domain Controllers OU.

3. Create a WMI filter with the following code and link it to your policy (this WMI filter allows you to find a domain controller with the role of PDC and apply the policy only to it): Select * from Win32_ComputerSystem where DomainRole = 5.

4. Configure the PDC External Time Group Policy with the WMI Filter you just created.

5. Switch to the policy editing mode and go to the section Computer Configuration > Policies > Administrative Templates > System > Windows Time Service > Time Providers. Enable the policy Enable Windows NTP Client and edit the Configure Windows NTP Client policy.

6. Specify the following policy settings:

7. Enabled.

8. NtpServer:,0x8,0x8,0x8

9. Type: NTP.

10. CrossSiteSyncFlags: 2.

11. ResolvePeerBackoffMinutes: 15.

12. ResolvePeerBackoffMaxTimes: 7.

13. SpecialPollInterval: 1024.

14. EventLogFlags: 0.

15. On TMDC03 – Run the following: w32tm /config /syncfromflags:domhier /update.

16. net stop w32time && net start w32time.

17. w32tm /query /peers.

18. net stop w32time.

19. w32tm /unregister.

20. w32tm /register.

21. net start w32time.

22. gpupdate /force.

23. gpresult /z.

24. Verify NTP Settings via GPO.

25. Check the W32 Peers list that has been set via GPO.

w32tm / query /peers

26. Next, let’s move the FSMO Roles to TMDC04.

Move-ADDirectoryServerOperationMasterRole -identity TMDC04 -OperationMasterRole PDCEmulator,RIDMaster,InfrastructureMaster,SchemaMaster,DomainNamingMaster

27. Verify that the roles have moved by running

netdom query fsmo

28. Run gpupdate /force to remove the NTP Policy from TMDC03.

29. Run gpresult /z to view the policies applied.

30. You should see the policy removed.

31. Validate the NTP Peer Settings.

w32tm /query /peers

32. Logon to TMDC04 remotely.

33. Enter-PSSession -ComputerName TMDC04.


35. Gpupdate /force

36. Gpresult /z

37. W32tm /query /peers