DC's in various time zones and how to update

Hello Folks,

I have a question.  Say you have 2 DC's in SF, 2DC's in NY, 2DC's in Australia, 2DC's in China and you want to update each DC in its own time zone at midnight.  Each site will have its own WSUS.

You are in the SF office and that is where AD lives and it lists all the DC's for all sites around the world in the "Domain Controllers" OU And you want SF to run it's updates at midnight SF on just the SF DC's. In other words, each global site will need to run their updates at a different time zone.

Do you need to create and OU for SF and move the SF DC's into that OU and then create a GPO for that OU to achieve this? I hate creating more OU's and then having to move the SF DC's out of the main "Domain Controllers" OU to the SF OU if I can avoid it, not to mention having to see what other GPO's are (hopefully not) assigned to the "Domain Controllers" OU as a whole.

And then having to create OU's for each global site and do the same thing with creating OU's, GPO's, etc., for each site.

Many thanks for your help! :-)

RT






  • Edited by rtausch 11 hours 10 minutes ago
July 24th, 2015 4:19pm

AFAIK, WUAgent operates on local time, so if you have the timezone set "correctly" for the computers (DCs), WU events should follow that observation.
You could use domain GPOs, filtered for a suitable condition so that each GPO only applies to the relevant site/location/machine. Or, don't use domain GP for this at all - do it by registry or by Local GP instead?
If you have a lot of DCs to deal with, domain GP might be very attractive, if so, I'd consider using GPP to plug in the registry entries, and you can use ILT.
Lots of ways to tackle this without moving the DCs out of the DCs OU.

Some suggested reading:

https://thwack.solarwinds.com/community/application-and-server_tht/patchzone/blog/2013/03/14/configuring-the-windows-update-agent--general-settings-part-1

https://social.technet.microsoft.com/Forums/windowsserver/en-US/5ec8d27f-d507-4c6b-8917-48fb6e1c962d/clients-are-gettingusing-gmt-instead-of-bst?forum=winserverwsus

Also, MSFT generally recommend *NOT* to move DCs out of the default Domain Controllers OU, and there are lots of forums threads where people have created major problems when they don't follow that recommendation.

Free Windows Admin Tool Kit Click here and download it now
July 25th, 2015 2:34am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics