.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """"""""""""""""""""" .. |date| date:: .. meta:: :description: Managing NTP on Windows clients :keywords: Documentation, Samba-AD, Network Time Protocol, NTP .. _managing_ntp_clients: ############################### Managing NTP on Windows clients ############################### **************************************************** Forcing a resynchronization on a windows workstation **************************************************** Run the command :command:`w32tm /resync /nowait` **in a shell with admins rights** to force the local :abbr:`NTP (Network Time Protocol)` service of the Windows client to synchronize its clock with the NTP server. If all goes well, the command returns **The command ended correctly**). .. note:: an NTP server must be given some time before asking for its time, otherwise it declares itself to be an unreliable source. In the event of a problem ========================= The service is called :program:`w32time` while the management tool is called :program:`w32tm`. You may also need the commands :command:`net` and :command:`time`. ****************************************************************************************** Reconfiguring the domain’s Windows clients to synchronize their clocks with Samba-AD’s NTP ****************************************************************************************** On the Windows client, run the following instructions: .. code-block:: bash w32tm /config /syncfromflags:domhier w32tm /config /update w32tm /resync /nowait ********************************************* Debugging the NTP service on a Windows client ********************************************* To define a log file to debug the operation of the NTP service on a Windows client, the following registry keys can be defined: .. code-block:: bash Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config] "FileLogSize"=dword:01000000 "FileLogName"="c:\\w32time_debug.txt" "FileLogEntries"="0-300" For more information, visit this `article from Microsoft `_. ***************************************************** Choosing the operating mode of the Windows NTP client ***************************************************** There are two operating modes of the Windows NTP client, *Nt5DS* and *named*. The standard operating mode of a Windows client registered in the domain is *Nt5DS*. .. code-block:: bash Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters] ... "Type"="Nt5DS" If for some reason you prefer to switch to the *named* operating mode, do :command:`net time /setsntp:ad.mydomain.lan`, which should return: .. code-block:: bash [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters] ... "Type"="NTP" "ntpserver"="ad.mydomain.lan" If you have chosen this mode, make sure the client is pointing to the correct NTP server. If the :abbr:`DHCP (Dynamic Host Configuration Protocol)` gave an NTP server that is not the domain controller, this may be a problem. To check, use the command :command:`w32tm /monitor`.