• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1055
  • Last Modified:

Setting up PDC to be Authoritative Time Server

We're novices at the whole NTP/Time Service setup, so here goes:
Currently whenever a NET TIME command  is run from a client PC on our domain, it returns a "Could not locate Time server" message. Although we are part of a larger Forest, we also have a member server that runs our Time & Attendance system on site and syncs with a Galleon Atomic clock.
I'd like an opinion on whether this scenario would be OK:

Set the PDC to be our local domain internal authoritative time server by pointing it at the T&A server (not an external NTP) using this command from the Microsoft site:
w32tm /config /manualpeerlist:<servername> /syncfromflags:manual /reliable:yes /update

Or should we sync with either 1) time.windows.com or 2) a PDC further up the domain forest?

Some experience/advice would be much appreciated.
0
dannewton
Asked:
dannewton
2 Solutions
 
ChiefITCommented:
Here you go:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Q_22799695.html

As an auditting tool, may I recommend Domain Time II, from Symetricom's website. Just google search Domain Time II.
0
 
dreamyguyCommented:
As per http://support.microsoft.com/kb/216734 and http://support.microsoft.com/kb/816042, this is what Microsoft recommends.

By default, Windows-based computers use the following hierarchy:
• All client desktop computers nominate the authenticating domain controller as their in-bound time partner.
• All member servers follow the same process as client desktop computers.
• Domain controllers may nominate the primary domain controller (PDC) operations master as their in-bound time partner but may use a parent domain controller based on stratum numbering.
• All PDC operations masters follow the hierarchy of domains in the selection of their in-bound time partner.
Following this hierarchy, the PDC operations master at the root of the forest becomes authoritative for the organization. We highly recommend that you configure the authoritative Time Server to gather the time from a hardware source. When you configure the authoritative Time Server to sync with an Internet time source, there is no authentication. We also recommend that you reduce your time correction settings for your servers and stand-alone clients. These recommendations provide more accuracy and security to your domain.
0
 
dannewtonAuthor Commented:
Thnaks Guys. I took some stuff from both your posts and also a bit of home-spun inspiration into the mix so I''ll split the points. Many thanks.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now