This is a guide intended to show the steps to set up AD for a lab and not meant for large-scale deployment as you would deploy these services on different servers.

NTP

This section is a simple powershell script to setup NTP on windows.

1.) Enable NTP server in the registry using the following command:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\NtpServer" -Name "Enabled" -Value 1 

2.) Enable the announce flags in the registry with the following:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\W32Time\Config" -Name "AnnounceFlags" -Value 5

Flag Values:
0 = DC does not advertise the time service.
1 = DC always advertises time service.
2 = DC automatically determines whether to advertise the time service.
4 = DC will always advertise reliable time service.
8 = DC automatically determines whether it should advertise reliable time service.
5 (1+4) = DC always advertises + always advertises reliable time service.

3.) Restart the Time service now that it is enabled and advertising NTP:

Restart-Service w32Time

4.) If windows firewall is enable use the following to open up NTP:

New-NetFirewallRule `
-Name "NTP Server Port" `
-DisplayName "NTP Server Port" `
-Description 'Allow NTP Server Port' `
-Profile Any `
-Direction Inbound `
-Action Allow `
-Protocol UDP `
-Program Any `
-LocalAddress Any `
-LocalPort 123

NTP_TLDR

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\NtpServer" -Name "Enabled" -Value 1 


Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\W32Time\Config" -Name "AnnounceFlags" -Value 5 


Restart-Service w32Time


New-NetFirewallRule `
-Name "NTP Server Port" `
-DisplayName "NTP Server Port" `
-Description 'Allow NTP Server Port' `
-Profile Any `
-Direction Inbound `
-Action Allow `
-Protocol UDP `
-Program Any `
-LocalAddress Any `
-LocalPort 123

Related Posts