A reliable time source within an Active Directory environment (or networks in general) is critical.
A prefer an expensive GPS Clock; others don’t care… I decided a while ago that I sync my DCs with an NTP source.
Please keep in Mind, that your servers need access to the NTP Servers on the UDP Port 123 (NTP) to sync the clock with them. So your Firwall needs to allow this.
In a minimum your Server with the FSMO Role PDC should sync. Here is how to find this server:
rem Get the PDC FSMO Role (Or apply it to all your DCs)
netdom /query fsmo
rem This will show you all FSMO Roles, see the PDC role for your main DC server
You can do that on all your DCs (or at least on one in every location/Site).
Now to the real work:
I use the German Servers of the NTP Pool Project in the sample above. If you want to use the general server, here you go:
rem This is the general list
rem w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org"
If you want to check that everything works:
w32tm /query /configuration
And check your EventLogs!
There are a few other ways to do this, but the sample above is older, and it works with all Windows Serevr 2008R2, or later. Just did it on a few Windows 2016 servers, and it worked great!
Here is what I did: I sync my Router with NTP Pool Project servers and sync my internal systems with this box. Most modern firewalls or Routers support NTP Server and Clients.