U-Tools: Unique Tools for Windows System Administrators
U-Move Help
Menu

Copying NTP Settings

If you check the box Copy NTP Settings, U-Move will copy the Network Time Protocol (NTP) settings from the old domain controller to the new replacement domain controller.

What is NTP?

The Network Time Protocol (NTP) is used to synchronize the clocks between all the domain controllers (DCs) in the domain.

Windows Server uses the Kerberos security authentication system for validating user logins within a domain. Kerberos requires accurate clocks to function. This is because it inserts a timestamp when it encrypts a security ticket. The purpose is to prevent so-called 'replay' attacks. Therefore, all clocks must be accurate to within approximately 5 minutes of each other on every DC. Otherwise Kerberos authentication might fail, and you will see error messages in the Event Log that report failed logon attempts due to time skew.

The domain controller in the AD forest root with the Primary Domain Controller (PDC) role provides the NTP service. All other DCs will periodically contact the root PDC to get time information. This ensures that all DCs in the AD forest share the same clock.

The root PDC in turn contacts a master NTP server on the Internet to get the official time information. The default master NTP server is time.windows.com.

Copying NTP Settings

Check the box Copy NTP Settings. The box is checked by default the first time you use U-Move to copy DNS settings.

U-Move will copy the NTP service settings and the list of master NTP servers from the old DC to the new DC. It will then start the NTP service on the new DC if it was running on the old DC. U-Move will configure the new DC to auto-start the service on subsequent reboots.

NTP on a Virtual Machine

If the DC is running inside of a virtual machine (VM), it is possible that the virtual DC is obtaining its time information from the physical host instead of the NTP server. Microsoft does not recommend this confirmation for a virtual domain controller. All DCs need to have a consistent clock. Otherwise the VMs might incur replication errors or Kerberos authentication errors if the physical host's clock is changed.

For more information see Running Domain Controllers in Hyper-V (Microsoft Docs).

Troubleshooting NTP Configuration Errors

U-Move will warn you if the NTP client or server settings appear to be incorrect. The Server Verification Report will explain the problem and give you instructions on how to correct it.

See Troubleshooting Windows Time Service Problems (Microsoft Docs).

You can also run Dcdiag on the new replacement computer to perform additional network and DNS connectivity tests.