Time confusion, some help would be great!
I need some help deciding on time configuration in a domain setting.
Time is not working and seems to be running about 2 minutes slow and creeping. After reading a bunch I now feel confused as some settings
seem to be set via registry and w32time while others seem to be set via GPO.
I need to know what settings for the
Default Domain controller policy and what settings for the Default Domain policy.
If you can help please be specific, real examples with syntax would be appreciated and not links to more pages of conflicting info.
The original time was set on a single 2003 DC that was the PDC and filled all fsmo roles 8 years ago. Time server sync source was set
in the registry. When users logged in the script set the time based on the DC.
That DC has been retired and replaced. The replacement 2008 server is currently filling the PDC and all fsmo roles. The login
script no longer sets time based on the DC. There is also a second DC not currently holding any fsmo roles.
I have attempted to set time via GPO's and have all time set to the DC internal time server that sync’s with the external time
servers or so I thought it was.
I’d rather not set anything manually in the registry and want to set time on the DC to sync from 2 external time servers via
GPO.
The
Default Domain Controller Policy
Global configuration settings are
enabled.
Time Providers???
Configure
Windows NTP Client
was enabled and is now disabled
Enable Windows NTP Client
was enabled to time.windows.com,0x1 and is now
disabled
Enable Windows NTP Server
is enabled
The
Default Domain policy
Global configuration settings are
not configured.
Time Providers???
Configure
Windows NTP Client
is not configured.
Enable Windows NTP Client
is enabled set to the DC
XXXXXXXX.XXX.local
Enable Windows NTP Server
is enabled
This shouldn’t be a big deal but now I feel like I am going in circles
Thanks
October 29th, 2010 12:06pm
Generally speaking, we don’t need configure Windows Time service for Domain clients.
To guarantee appropriate common time usage, the Windows Time service uses a hierarchical relationship that controls authority, and the Windows Time service does not permit loops. By default, Windows-based computers use the following hierarchy:
All client desktop computers nominate the authenticating domain controller as their in-bound time partner.
All member servers follow the same process that client desktop computers follow.
All domain controllers in a domain nominate the primary domain controller (PDC) operations master as their in-bound time partner.
All PDC operations masters follow the hierarchy of domains in the selection of their in-bound time partner.
For your reference:
How to configure an authoritative time server in Windows Server
http://support.microsoft.com/kb/816042/
If you would like to enforce time settings, please refer to Jorge’s suggestions in thread below:
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/89e675c4-5960-4c64-a408-a4a3cf6556e4
Thanks.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your
question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
November 2nd, 2010 5:33am
Should time be set via GPO or registry? If GPO does anything need to manually changed in the Registry?
If GPO, set Default Domain Controller Policy for the operations masters to follow the hierarchy of domains in the selection of their in-bound time partners?
And then set the Default Domain policy for all client desktop computers and member servers?
It is my understanding that using Default Domain Controller Policy for our 2 DC's an election if forced based on fsmo roles which should elect our 2008 server as the reference server and leave the 2nd DC
as a subordinate.
November 2nd, 2010 12:15pm
What is confusing is this.
Specifies whether the Windows NTP Client synchronizes time from the domain hierarchy or a manually configured NTP server.
Doesn't the PDC emulator become an NTP client of the external time source? Aren't all other
client desktop computers and member servers also NTP clients?
What is the client? This is unclear since everything is a client.
Free Windows Admin Tool Kit Click here and download it now
November 2nd, 2010 3:43pm
PDC is a client of the external time source at the same time, it’s a time server for its Domain. I think it’s not conflicting, Windows has different services for these tasks.
Thanks.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your
question. This can be beneficial to other community members reading the thread.
November 4th, 2010 5:26am