A prefer an expensive GPS Clock; others don’t care… I decided a while ago that I sync my DCs with an NTP source.

Please keep in Mind, that your servers need access to the NTP Servers on the UDP Port 123 (NTP) to sync the clock with them. So your Firwall needs to allow this.

In a minimum your Server with the FSMO Role PDC should sync. Here is how to find this server:

rem Get the PDC FSMO Role (Or apply it to all your DCs)
netdom /query fsmo
rem This will show you all FSMO Roles, see the PDC role for your main DC server

You can do that on all your DCs (or at least on one in every location/Site).

Now to the real work:

rem Stop the Time Service
net stop w32time

rem This is the German List
w32tm /config /syncfromflags:manual /manualpeerlist:"0.de.pool.ntp.org 1.de.pool.ntp.org 2.de.pool.ntp.org 3.de.pool.ntp.org"

# Make your PDC a reliable time source for others
w32tm /config /reliable:yes

rem Start the Time Service
net start w32time

I use the German Servers of the NTP Pool Project in the sample above. If you want to use the general server, here you go:

rem This is the general list
rem w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org"

If you want to check that everything works:

w32tm /query /configuration

And check your EventLogs!

There are a few other ways to do this, but the sample above is older, and it works with all Windows Serevr 2008R2, or later. Just did it on a few Windows 2016 servers, and it worked great! Here is what I did: I sync my Router with NTP Pool Project servers and sync my internal systems with this box. Most modern firewalls or Routers support NTP Server and Clients.

If you want to play fair: Become part of the NTP Pool Project! The traffic is not high and you support a great project. So, if you have a spare server and a dedicated IP, think about it.