Solved

Setting up PDC to be Authoritative Time Server

Posted on 2007-11-15
3
1,046 Views
Last Modified: 2010-04-21
We're novices at the whole NTP/Time Service setup, so here goes:
Currently whenever a NET TIME command  is run from a client PC on our domain, it returns a "Could not locate Time server" message. Although we are part of a larger Forest, we also have a member server that runs our Time & Attendance system on site and syncs with a Galleon Atomic clock.
I'd like an opinion on whether this scenario would be OK:

Set the PDC to be our local domain internal authoritative time server by pointing it at the T&A server (not an external NTP) using this command from the Microsoft site:
w32tm /config /manualpeerlist:<servername> /syncfromflags:manual /reliable:yes /update

Or should we sync with either 1) time.windows.com or 2) a PDC further up the domain forest?

Some experience/advice would be much appreciated.
0
Comment
Question by:dannewton
3 Comments
 
LVL 38

Accepted Solution

by:
ChiefIT earned 100 total points
ID: 20289370
Here you go:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Q_22799695.html

As an auditting tool, may I recommend Domain Time II, from Symetricom's website. Just google search Domain Time II.
0
 
LVL 9

Assisted Solution

by:dreamyguy
dreamyguy earned 100 total points
ID: 20289997
As per http://support.microsoft.com/kb/216734 and http://support.microsoft.com/kb/816042, this is what Microsoft recommends.

By default, Windows-based computers use the following hierarchy:
• All client desktop computers nominate the authenticating domain controller as their in-bound time partner.
• All member servers follow the same process as client desktop computers.
• Domain controllers may nominate the primary domain controller (PDC) operations master as their in-bound time partner but may use a parent domain controller based on stratum numbering.
• All PDC operations masters follow the hierarchy of domains in the selection of their in-bound time partner.
Following this hierarchy, the PDC operations master at the root of the forest becomes authoritative for the organization. We highly recommend that you configure the authoritative Time Server to gather the time from a hardware source. When you configure the authoritative Time Server to sync with an Internet time source, there is no authentication. We also recommend that you reduce your time correction settings for your servers and stand-alone clients. These recommendations provide more accuracy and security to your domain.
0
 

Author Closing Comment

by:dannewton
ID: 31409306
Thnaks Guys. I took some stuff from both your posts and also a bit of home-spun inspiration into the mix so I''ll split the points. Many thanks.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes a user will call me frantically, explaining that something has gone wrong and they have tried everything (read - they have messed it up more and now need someone to clean up) and it still does no good, can I help them?!  Usually the standa…
I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now