Changing W32Time keys; NTPServer and Type

jeff-taylor · March 1, 2017, 3:02pm

Hello,

I have gathered data for the following registry path on all DC’s in our multi domain Forest:

System\CurrentControlSet\Services\W32Time\Parameters

with this script:

[DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() |
    Select-Object -ExpandProperty Sites |
        Select-Object -ExpandProperty Servers |
            Select-Object -ExpandProperty Name |
                % { 
                    try {
                        $NtpServer = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey( 'LocalMachine', $_ ).`
                                OpenSubKey( 'System\CurrentControlSet\Services\W32Time\Parameters' ).`
                                    GetValue('NtpServer')
                    }
                    catch{ 
                        $NtpServer = $_.Exception.Message
                    }
                    New-Object -TypeName PSCustomObject -Property @{ Name = $_; NtpServer = $NtpServer }
                } |
                    Export-Csv c:\temp\NtpServer.csv -NoTypeInformation

Now, I wish to perform the following on all DC’s but the PDC:

delete the key System\CurrentControlSet\Services\W32Time\Parameters\NtpServer
change the key System\CurrentControlSet\Services\W32Time\Parameters\Type to ‘NT5DS’

How should I edit the .csv from above to implement those two changes for all but the PDC?

thanks

donj · March 1, 2017, 4:15pm

Ah, well, you wouldn’t necessarily edit the CSV at all. You’re going to have to change your code, so that it can delete keys and change values. That’s not necessarily hard, but it’s non-trivial. For example, instead of using GetValue(), I imagine you’d use SetValue().

I’m not entirely certain what the CSV is even doing for you.

jeff-taylor · March 2, 2017, 2:25pm

well the .csv was just to archive the results of the values and share with team members.

Can anyone help with a script to change the values in the registry for select DC’s? It doesn’t have to be using .net classes

sam-boutros · March 4, 2017, 9:54am

Jeff,

I wasn’t able to post here - it thought I was spamming for some reason. At any rate, I posted it here.

See if this code works for you:

$DCNames = ((([DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).Sites).Servers).Name 
$DCNames -notmatch (Get-ADRole PdcRole).DCName | % { Set-NTP $_ time-c.nist.gov }

curtis-smith · March 4, 2017, 11:53am

Hey Jeff,
Writing a script for this is making it harder on yourself than you need to. You can easily apply these settings using Group Policy. You can also use group policy with a WMI filter to change just the PDCe so that it syncs to an external source. That way all workstations sync to DCs, DCs sync to PDCe in their domain, PDCe syncs to Forest Root PDCe, Forest Root PDCe syncs to External source.

External Article reference: Configuring NTP on Windows using GPO | Sysadmin Lab

jeff-taylor · October 5, 2017, 2:17pm

Sam,

How would I direct this to another Forest for which I have a trust setup?

 ((([DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).Sites).Servers).Name

Thanks,
Jeff

rkjeevan · October 4, 2018, 3:39am

Hi All,

Could someone help me how to change ntp settings on a bunch of work group servers using powershell?

Thank You

Jeevan

Topic		Replies	Views
Change HKey Class Root value PowerShell Help	3	572	May 13, 2019
Get registry value; forest DCs PowerShell Help	7	181	November 16, 2020
Powershell Script to Fix Registry Security Issues PowerShell Help	4	197	October 17, 2019
(\|(get reg value) (set reg value)) in Forest DCs PowerShell Help	6	119	November 3, 2016
Registry key issue PowerShell Help	4	148	August 22, 2013

Changing W32Time keys; NTPServer and Type

Related Topics