Configure a DC to be a reliable time source

Overview

In a domain environment, by default machines get their time off the PDC
Many times the hardware clock can fall out of sync or not really be in sync to anything.

It is recommended to set the PDC as a reliable time source.

How to do it quickly

I have devised a set of command lines than can be put in a script to automate this.

In this example, we will use the servers au.pool.ntp.org as they are the closest.

On the domain controller which is designated as the PDC emulator, run the following commands below:

net stop w32time

w32tm /config /syncfromflags:manual /manualpeerlist:"au.pool.ntp.org"

w32tm /config /reliable:yes

net start w32time

w32tm /query /configuration

And that's it. If this still doesn't work you can run the following command to verify outbound port UDP 123 is open:

w32tm /stripchart /computer:au.pool.ntp.org

You should get a continuous output with a time offset. If you don't then outgoing communication via UDP port 123 to the destination is closed (in this example we are using au.pool.ntp.org as an external reliable time source).