Active Directory Time Synchronization with multiple domain controllers on different Hyper-V hosts

2017/10/19 03:42
By default, when virtual machine is created on Hyper-V host, its clock is "bound" to the virtualization host operating system clock via Hyper-V integration services. If there are two or more virtualization hosts in the same network, it may happen the operating system time on one of the hosts to be different comparing to another host. If Windows Active Directory domain controllers are installed on such virtualization hosts even with slight difference in their system time, some more sensitive application work might be disturbed. To avoid such situation the following arrangement could be considered.

As a first step "unbound" domain controller virtual machines from virtualization host operating system time. Disable time synchronization integration service for all active directory domain controllers.

Hyper-V time synchronization integration service

At the command prompt, type the following command to restart the Windows Time service, and then press Enter:
net stop w32time && net start w32time

Confirm which one the primary domain controller is. In Windows PowerShell run the following command:
[System.DirectoryServices.ActiveDirectory.Forest]::
GetCurrentForest().RootDomain.PdcRoleOwner.Name

Once disconnected from the virtualization host, set the time service of the primary domain controller to synchronize with an external clock.

PowerShell as administrator on the primary domain controller run:
w32tm.exe /config /manualpeerlist:”ntp_server_1 ntp_server_2” /syncfromflags:manual /reliable:YES /update

w32tm.exe /config /update - Update the PDC system time

Restart-Service w32time - for the changes to take effect

To find suitable NTP server consider the following resources 

Windows time synchronization resources