Solved

GPO to point clients to domain controller for NTP time

Posted on 2013-02-04
7
5,114 Views
Last Modified: 2013-02-05
Hello EE,

We have an issue where we have a domain controller that is setup to point to an external time source for NTP.  I followed this for setting up "Configuring the Windows Time service to use an external time source" http://support.microsoft.com/kb/816042#method2 so think this part is correct

We would like all internal clients to point to this domain controller for time, but I'm not sure how to do this through GPO.
0
Comment
Question by:bergquistcompany
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 5

Accepted Solution

by:
tjc123 earned 500 total points
ID: 38852668
0
 

Expert Comment

by:schooltechnician
ID: 38852682
When we have a machine that doesn't sync time with the rest of network I run a command in cmd "w32tm /config /manualpeerlist:dc.domain.local /syncfromflags:MANUAL"
You could add this as a startup script on the computer(s) in a GPO?

Hope this helps,
Tom
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38853663
Remove any group policy for Time settings and use below article to configure Time in your domain env

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/A_10789-Time-Service-Configuration.html
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 9

Expert Comment

by:Zenvenky
ID: 38853802
If you've configured PDC as NTP and is in sync with external Time source, then everything works fine in the domain. The KB article you've followed is correct to configure authoritative Time Server. However as per your request I'm providing 1 link check it out.

Configuring an Authoritative Time Server with Group Policy Using WMI Filtering
0
 
LVL 4

Expert Comment

by:Thomas WERNHER
ID: 38854029
Hi,

i'm actually managing a NTP problem at work.
so, the first question i'd like to ask you is : are your clients domain members ? because you have to differentiate the treatment in function of the root cause.

so, for the domain members :
net stop w32time
w32tm /config /syncfromflags:DOMHIER (this will force the domain members to sync on the domain controllers)
 sc config W32Time startuptype= auto (this will put the startup type on auto - might want to verify the command though)
net start W32time

on the non domain members, i use the manualpeerlist of the clients to sync them on the DC.

Cheers
T
0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 38854200
Looks like I need to design an Assessment Pack for checking Time Service Configuration on Domain Controllers and Clients in Dynamic SpotAction Tool at www.Dynamic-SpotAction.com

What else Assessmen Packs you guys think I can design for a tool which I am developing?

Please do not get me wrong - I just need the inputs/feedbacks if you have any!

Thanks!
Sys
Microsoft MVP - Directory Services
0
 

Author Closing Comment

by:bergquistcompany
ID: 38857672
all excellent articles thank you for all the tips.  You helpded me resolve it
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question