Changing W32Time keys; NTPServer and Type

This topic contains 4 replies, has 4 voices, and was last updated by Profile photo of Curtis Smith Curtis Smith 3 weeks, 2 days ago.

  • Author
    Posts
  • #65494
    Profile photo of Jeff Taylor
    Jeff Taylor
    Participant

    Hello,

    I have gathered data for the following registry path on all DC's in our multi domain Forest:

    System\CurrentControlSet\Services\W32Time\Parameters

    with this script:

    [DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() |
        Select-Object -ExpandProperty Sites |
            Select-Object -ExpandProperty Servers |
                Select-Object -ExpandProperty Name |
                    % { 
                        try {
                            $NtpServer = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey( 'LocalMachine', $_ ).`
                                    OpenSubKey( 'System\CurrentControlSet\Services\W32Time\Parameters' ).`
                                        GetValue('NtpServer')
                        }
                        catch{ 
                            $NtpServer = $_.Exception.Message
                        }
                        New-Object -TypeName PSCustomObject -Property @{ Name = $_; NtpServer = $NtpServer }
                    } |
                        Export-Csv c:\temp\NtpServer.csv -NoTypeInformation

    Now, I wish to perform the following on all DC's but the PDC:
    1) delete the key System\CurrentControlSet\Services\W32Time\Parameters\NtpServer
    2) change the key System\CurrentControlSet\Services\W32Time\Parameters\Type to 'NT5DS'

    How should I edit the .csv from above to implement those two changes for all but the PDC?

    thanks

  • #65499
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Ah, well, you wouldn't necessarily edit the CSV at all. You're going to have to change your code, so that it can delete keys and change values. That's not necessarily hard, but it's non-trivial. For example, instead of using GetValue(), I imagine you'd use SetValue().

    I'm not entirely certain what the CSV is even doing for you.

    • #65653
      Profile photo of Jeff Taylor
      Jeff Taylor
      Participant

      well the .csv was just to archive the results of the values and share with team members.

      Can anyone help with a script to change the values in the registry for select DC's? It doesn't have to be using .net classes

  • #65775
    Profile photo of Sam Boutros
    Sam Boutros
    Participant

    Jeff,

    I wasn't able to post here – it thought I was spamming for some reason. At any rate, I posted it here.

    See if this code works for you:

    
    $DCNames = ((([DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).Sites).Servers).Name 
    $DCNames -notmatch (Get-ADRole PdcRole).DCName | % { Set-NTP $_ time-c.nist.gov }
    
    
  • #65782
    Profile photo of Curtis Smith
    Curtis Smith
    Participant

    Hey Jeff,
    Writing a script for this is making it harder on yourself than you need to. You can easily apply these settings using Group Policy. You can also use group policy with a WMI filter to change just the PDCe so that it syncs to an external source. That way all workstations sync to DCs, DCs sync to PDCe in their domain, PDCe syncs to Forest Root PDCe, Forest Root PDCe syncs to External source.

    External Article reference: http://www.sysadminlab.net/windows/configuring-ntp-on-windows-using-gpo

You must be logged in to reply to this topic.