Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2008
  • Last Modified:

NTP Group policy

Hi
I am configuring the Server holding PDC role as time server for all computers in the domain. This PDC server will be getting time from externel sources. Now I need to configure rest of computers in the domain to sync time from PDC. The challenge is that we have 1800 client computers located in different sites and in multiple OU's. All the domain controllers in one OU and member server in yet another OU. I  was thinking to deploy this change using group policy but there is problem... if I deploy GPO at domain level, PDC will also get affected.  If I go by OU or site, they are so many and also the domain controller OU holding all other DC's along with PDC.
How can I do this effectively to make sure all the machines except PDC is pointing towards PDC for time sync.

Note: At present the computers have "time.windows.com,0x1" with type "NT5DS"...not sure what this registry means?

Any help will be greatly appreciated

Thanks
0
mjasco8
Asked:
mjasco8
  • 3
  • 2
1 Solution
 
Malli BoppeCommented:
You don't need a group policy.Just configure the PDC to the external time source and all the other computers in the domain would automatically reciave the time from PDC.
http://www.windowsnetworking.com/articles_tutorials/Configuring-Windows-Time-Service.html 
0
 
mjasco8Author Commented:
Hi

Thanks for reply. I had used same article to configure PDC registry for exrternal time server.
All other computer are looking up for "time.windows.com,0x1" for time sync, which I beleive is external time source again. These machines should be looking up for PDC for time sync, there should be PDC address in resgistry for these machines - correct?
0
 
Malli BoppeCommented:
I don't think so.By default all machines are configured to time.windows.com.As long as the computers are in the domain the heiracy would flow for time.If the machine is just by iteself it will use the time.windows.com.
http://support.microsoft.com/kb/307897 
0
 
mjasco8Author Commented:
Hi
Let me provide more details because I still having trouble in getting correct time from the correct servers
PDC Emulator registry settings:
NTPServer = x.x.x.x Ip server for NIST (three servers listed)
Type- NTP
AnnouceFlags=5
This part on PDC works perfectly - no errors
All other machines in the domain including domain controllers, member servers and workstations registry settings:
NtpServer=time.windows.com,0x1
Type=NT5DS
AnnounceFlags=10
We have issues here (not with all the machines but few of them have big offset in time)
1. Not all the machines lookup for time from the PDC, they just pick any other server in the domain and I don't figure what criteria they are using to pick the time server.
2. Few machine pick the print server as time source and other pick another domain controller as time server which is not PDC. All have same registry settings and then why this behavior?

Important - how can I make sure that all the server only and only look for the PDC as the time source and how to verify that.

Thanks

0
 
Malli BoppeCommented:
Read my link again. Workstation would sync time from local dc and all the dc's would sync time from PDC.
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now