abillz
asked on
Active Directory Time Issues, Help Explain?
We experienced an issue this morning having to do with Active Directory and System Times. The system clocks on several of our servers and many of our clients became off by a couple of hours, which started causing issues on their next reboots. Everything is working now, and I think I have a handle on WHAT happened, but I am trying to understand WHY it happened and how to rpevent it in the future. Please comment and let me know what you know and any advice you can share.
We have five domain controllers spread between four sites (A, B, C, D). I will call the DCs A1, A2, B1, C1, D1 just to make it easy.
The "1's" are all Global Catalogs, serve as DHCP and DNS servers for their sites.
All of the Active Directory Roles are held by server A1 except for the PDC Emulator, which is held by server A2.
Server A2 went offline yesterday for no more than 15 minutes due to a power failure. It dropped, and came back fine. This happened yesterday late afternoon around 5pm. After this happened, the clocks of a lot of the workstations shifted by an hour. It was determined that server B2, which is at a different site in another time zone started handling time operations for the domain. When this happened the servers, the clients, and exchange all went out of synch and no one could connect to Exchange.
So I guess I am trying to figure out why a DC in another site assumed time operations for the domain and not the other server in the same site as the failed server. Also, how do I control who takes on the failover responsibility? Can I point every DC to an outside time source, or should I only point the PDC Emulator to the outside?
Please elt me know your thoughts.
We have five domain controllers spread between four sites (A, B, C, D). I will call the DCs A1, A2, B1, C1, D1 just to make it easy.
The "1's" are all Global Catalogs, serve as DHCP and DNS servers for their sites.
All of the Active Directory Roles are held by server A1 except for the PDC Emulator, which is held by server A2.
Server A2 went offline yesterday for no more than 15 minutes due to a power failure. It dropped, and came back fine. This happened yesterday late afternoon around 5pm. After this happened, the clocks of a lot of the workstations shifted by an hour. It was determined that server B2, which is at a different site in another time zone started handling time operations for the domain. When this happened the servers, the clients, and exchange all went out of synch and no one could connect to Exchange.
So I guess I am trying to figure out why a DC in another site assumed time operations for the domain and not the other server in the same site as the failed server. Also, how do I control who takes on the failover responsibility? Can I point every DC to an outside time source, or should I only point the PDC Emulator to the outside?
Please elt me know your thoughts.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I was under the impression that AD passed the time in UTC/GMT format, then the client adjust based on its time settings locally.
http://technet.microsoft.com/en-us/library/bb727060.aspx