Time synchronization is an important aspect for all computers on the network. By default, the clients computers get their time from a Domain Controller and the Domain Controller gets his time from the domain’s PDC Operation Master. Therefore the PDC must synchronize his time from an external source. I usually use the servers listed at the NTP Pool Project website. Before you begin, don’t forget to open the default UDP 123 port (in- and outbound) on your firewall. 

  1. First, locate your PDC Server. Open the command prompt and type: C:\>netdom /query fsmo
  2. Log in to your PDC Server and open the command prompt.
  3. Stop the W32Time service: C:\>net stop w32time
  4. Configure the external time sources, type: C:\> w32tm /config /syncfromflags:manual /manualpeerlist:time.windows.com
  5. Make your PDC a reliable time source for the clients. Type:C:\>w32tm /config /reliable:yes
  6. Start the w32time service: C:\>net start w32time
  7. The windows time service should begin synchronizing the time. You can check the external NTP servers in the time configuration by typing: C:\>w32tm /query /configuration
  8. Check the Event Viewer for any errors.

Tested on Windows Server 2008 R2 (Build 7600).

There are a couple ways to determine your Windows AD Schema Version: ADSIedit.msc and/or LDP.exe. In this article I use ADSIedit.msc.

Note: The sample domain used in this article is Servusinc.com. Substitute this domain with your own AD domain.

  1. Open “ADSIEdit.msc ”
  2. Navigate to: “CN=Schema,CN=Configuration,DC=ServusInc,DC=com”
  3. Right-click on “CN=Schema,CN=Configuration,DC=ServusInc,DC=com” and select properties.
  4. Scroll down to “objectVersion” attribute.
  5. The value of this attribute will tell you the schema version.


13 -> Windows 2000 Server

30 -> Windows Server 2003 RTM, Windows 2003 With Service Pack 1, Windows 2003 With Service Pack 2

31 -> Windows Server 2003 R2

44 -> Windows Server 2008 RTM

47 -> Windows Server 2008 R2

Being able to easily delegate access to domain systems is essential for administrators to enable necessary IT staff to manage their environments. The proper OU structure along with the deployment of Active Directory GPOs makes this a fairly simple task.

GPOs can be used to add users or groups to local admins or to replace the existing memberships. Using GPOs ensures access is granted uniformly and consistently for a specific group of systems, ideally separated by their OU placement.

Read More →

Recently, the time on all of my domain computers was out of sync. Each computer in my domain had the same time, but it was about 10 minutes slow. Domain computers get their time from your domain controller(s), so I looked into syncing the time of my DC with an internet time server. The steps below can be used to sync your DC with an internet time server.

Read More →

Activating Standby Continuous Replication Targets