Windows Active Directory Domains need to keep their clocks in sync in order to properly handle authentications.

Within the domain itself, time is synchronized with domain controllers – however, at least one domain controller should reference an outside time source.

This can be configured with the “w32tm” command:

w32tm /config /update /manualpeerlist:10.255.0.200,0x8 /syncfromflags:MANUAL

In this case, I am configuring the NTP (really sntp) client to synchronize with a server located at 10.255.0.200 – the 0x8 tells it to synchronize as a client.

(In some cases the Windows NTP server attempts to synchronize as a peer – which won’t work properly against most NTP servers.)

Once configured, you should see the following output in the System log within Event Viewer: