• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1296
  • Last Modified:

Windows 2008 R2 -- configurng time source

I've recently installed a new 2008 R2 DC in my previously all 2003 domain. I'm planning to transfer over the PDC Emualator role and researching best time management for domain.  The article http://support.microsoft.com/kb/816042  recommends to use a 'hardware source' and also reduce the time correction settings.  At first, I though they meant the hardware clock in the computer - but further research indicates that they may mean a separate atomic or gps clock placed on the network for just this purpose.  I don't find much on the topic of hardware clocks for the network? I realize I can alternately use a NIST external time source on the Internet -- which I somewhat leans towards - but want to do what is 'recommended'.  Can someone give me some advice?  Also, does any know an article about reducing time connection settings - and it this necessary?

Thanks
C Emmons
0
apsutechteam
Asked:
apsutechteam
4 Solutions
 
woolnoirCommented:
you can use this guide to configure an external NTP server for your PDC emulator - it will ensure the time of the whole domain is as accurate as possible.

http://defaultreasoning.wordpress.com/2009/11/16/synchronize-time-with-external-ntp-server-on-windows-server-2008-r2/
0
 
woolnoirCommented:
Its always general best practise to point the PDC externally, although internally you want everything to be on 'domain time' to ensure no authentication issues (which are time critical ) - you want to ensure that you are linked to an external source. This becomes especially important if you have any external links - and for services like email etc, as synced clocks make logging and auditing a lot more effective.
0
 
Darius GhassemCommented:
You should an external time source for your domain this is the standard since your internal hardware clock can get off time depending on the CMOS battery.

If you import this reg file into the system this will configure your system to use an external time source.

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23630502.html
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
woolnoirCommented:
In addition to my two posts above, ensure that any firewall is set to allow the NTP protocol through to the addresses you add, ideally just add NTP > ALL , but you can lock this down more if required.
0
 
Adam BrownSr Solutions ArchitectCommented:
Most hardware clocks will synchronize with the atomic clocks that are run by the government. The only advantage that having a hardware clock on your network has is the ability to maintain correct time without internet connectivity since they synchronize through . If you set up your PDC to communicate with the NIST or even Windows time servers, that will be sufficient for your needs. Gigantic networks with a large number of domains and a lot of time sync traffic going out of the network are the only ones who really need to worry about obtaining a specialized network time server. As for configuring the time settings, you'll probably want to handle this with the w32tm utility in the command prompt. An article on this utility is located here: http://technet.microsoft.com/en-us/library/cc773263%28WS.10%29.aspx
0
 
apsutechteamAuthor Commented:
Thanks everyone.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now