I wrote a post back in 2001 about fixing AD Time drift using a registry entry for clients and servers, which has worked fine for the most part. Recently though the power was shut off in our main data center; so we shut down all our systems for the night till power was to be restored because we didn't have a UPS systems that could run for the length of the outage.
When the outage was over and I turned the servers I had one active directory controller off by 5 minutes and the other off by 7 (using my watch as the source for time). I fixed the clocks manually so they were within a few seconds of each other but wanted a better solution.
So I decided to write a powershell script to update the time. On the AD Controllers in my org W32tm is stopped and not running. So I am going to setup task scheduler to run this on a schedule that I have yet to determine. For now though I've written this script; where $TimeServer is a network time server such as time.windows.com or time.apple.com or some other ntp server or IP.
updatetime.ps1
net start W32time
W32tm /config /manualpeerlist:$TimeServer,0x8 /reliable:yes /update
w32tm.exe /config /update
W32tm /resync /force
net stop W32time
So you have to make sure powershell scripts are permitted to run.
To run the powershell script with task scheduler I use a bat file to execute it.
@ECHO OFF
powershell.exe -executionpolicy remotesigned -File $PATH/$TOSCRIPT.ps1
Now after running my powershell script on both AD Controllers they are now in perfect sync.
Sources:
https://optionkey.blogspot.com/2021/01/ad-time-drift-and-how-to-fix-it.html
