This is a guide intended to show the steps to set up AD for a lab and not meant for large-scale deployment as you would deploy these services on different servers.
NTP
This section is a simple powershell script to setup NTP on windows.
1.) Enable NTP server in the registry using the following command:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\NtpServer" -Name "Enabled" -Value 1
2.) Enable the announce flags in the registry with the following:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\W32Time\Config" -Name "AnnounceFlags" -Value 5Flag Values:
0 = DC does not advertise the time service.
1 = DC always advertises time service.
2 = DC automatically determines whether to advertise the time service.
4 = DC will always advertise reliable time service.
8 = DC automatically determines whether it should advertise reliable time service.
5 (1+4) = DC always advertises + always advertises reliable time service.
3.) Restart the Time service now that it is enabled and advertising NTP:
Restart-Service w32Time4.) If windows firewall is enable use the following to open up NTP:
New-NetFirewallRule `
-Name "NTP Server Port" `
-DisplayName "NTP Server Port" `
-Description 'Allow NTP Server Port' `
-Profile Any `
-Direction Inbound `
-Action Allow `
-Protocol UDP `
-Program Any `
-LocalAddress Any `
-LocalPort 123NTP_TLDR
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\NtpServer" -Name "Enabled" -Value 1
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\W32Time\Config" -Name "AnnounceFlags" -Value 5
Restart-Service w32Time
New-NetFirewallRule `
-Name "NTP Server Port" `
-DisplayName "NTP Server Port" `
-Description 'Allow NTP Server Port' `
-Profile Any `
-Direction Inbound `
-Action Allow `
-Protocol UDP `
-Program Any `
-LocalAddress Any `
-LocalPort 123