Author Posts

March 1, 2017 at 8:32 pm

Hello,

I have gathered data for the following registry path on all DC's in our multi domain Forest:

System\CurrentControlSet\Services\W32Time\Parameters

with this script:

[DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() |
    Select-Object -ExpandProperty Sites |
        Select-Object -ExpandProperty Servers |
            Select-Object -ExpandProperty Name |
                % { 
                    try {
                        $NtpServer = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey( 'LocalMachine', $_ ).`
                                OpenSubKey( 'System\CurrentControlSet\Services\W32Time\Parameters' ).`
                                    GetValue('NtpServer')
                    }
                    catch{ 
                        $NtpServer = $_.Exception.Message
                    }
                    New-Object -TypeName PSCustomObject -Property @{ Name = $_; NtpServer = $NtpServer }
                } |
                    Export-Csv c:\temp\NtpServer.csv -NoTypeInformation

Now, I wish to perform the following on all DC's but the PDC:
1) delete the key System\CurrentControlSet\Services\W32Time\Parameters\NtpServer
2) change the key System\CurrentControlSet\Services\W32Time\Parameters\Type to 'NT5DS'

How should I edit the .csv from above to implement those two changes for all but the PDC?

thanks

March 1, 2017 at 9:45 pm

Ah, well, you wouldn't necessarily edit the CSV at all. You're going to have to change your code, so that it can delete keys and change values. That's not necessarily hard, but it's non-trivial. For example, instead of using GetValue(), I imagine you'd use SetValue().

I'm not entirely certain what the CSV is even doing for you.

March 2, 2017 at 7:55 pm

well the .csv was just to archive the results of the values and share with team members.

Can anyone help with a script to change the values in the registry for select DC's? It doesn't have to be using .net classes

March 4, 2017 at 3:24 pm

Jeff,

I wasn't able to post here – it thought I was spamming for some reason. At any rate, I posted it here.

See if this code works for you:


$DCNames = ((([DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).Sites).Servers).Name 
$DCNames -notmatch (Get-ADRole PdcRole).DCName | % { Set-NTP $_ time-c.nist.gov }

March 4, 2017 at 5:23 pm

Hey Jeff,
Writing a script for this is making it harder on yourself than you need to. You can easily apply these settings using Group Policy. You can also use group policy with a WMI filter to change just the PDCe so that it syncs to an external source. That way all workstations sync to DCs, DCs sync to PDCe in their domain, PDCe syncs to Forest Root PDCe, Forest Root PDCe syncs to External source.

External Article reference: http://www.sysadminlab.net/windows/configuring-ntp-on-windows-using-gpo

October 5, 2017 at 7:47 pm

Sam,

How would I direct this to another Forest for which I have a trust setup?

 ((([DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).Sites).Servers).Name

Thanks,
Jeff