Currently we have 2 domain controllers (with Exchange in Cluster configuration) at our headquarters. We have 5 additional domain controllers one in each of our satellite offices and all of our offices are interconnected with an MPLS network.
This is the configuration I think we should have for the time synchronization:
- All of the DCs should sync with the PDCe
- The PDCe should sync with time.windows.com
While I was reviewing our current configuration I noticed that the Default Domain Controllers Policy has 2 Windows Time Service parameters configured, namely:
Enable Windows NTP Client (Enable)
Configure Windows NTP Client (to a server that is not even in the domain)
Since this clearly is wrong I proceed to change the Configure Windows NTP Client to point to our PDCe.
Now my questions:
From all that I have read it looks like these two paramentes in the Default Domain Controllers Policy should be disable, should they? If not, what should be the correct configuration?
How can I change my configuration so that all my DCs sync their time with my PDCe?
How can I change my PDCe configuration so that it syncs with time.windows.com?