Solved

GPO to point clients to domain controller for NTP time

Posted on 2013-02-04
7
5,214 Views
Last Modified: 2013-02-05
Hello EE,

We have an issue where we have a domain controller that is setup to point to an external time source for NTP.  I followed this for setting up "Configuring the Windows Time service to use an external time source" http://support.microsoft.com/kb/816042#method2 so think this part is correct

We would like all internal clients to point to this domain controller for time, but I'm not sure how to do this through GPO.
0
Comment
Question by:bergquistcompany
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 5

Accepted Solution

by:
tjc123 earned 500 total points
ID: 38852668
0
 

Expert Comment

by:schooltechnician
ID: 38852682
When we have a machine that doesn't sync time with the rest of network I run a command in cmd "w32tm /config /manualpeerlist:dc.domain.local /syncfromflags:MANUAL"
You could add this as a startup script on the computer(s) in a GPO?

Hope this helps,
Tom
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38853663
Remove any group policy for Time settings and use below article to configure Time in your domain env

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/A_10789-Time-Service-Configuration.html
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 9

Expert Comment

by:Zenvenky
ID: 38853802
If you've configured PDC as NTP and is in sync with external Time source, then everything works fine in the domain. The KB article you've followed is correct to configure authoritative Time Server. However as per your request I'm providing 1 link check it out.

Configuring an Authoritative Time Server with Group Policy Using WMI Filtering
0
 
LVL 4

Expert Comment

by:Thomas WERNHER
ID: 38854029
Hi,

i'm actually managing a NTP problem at work.
so, the first question i'd like to ask you is : are your clients domain members ? because you have to differentiate the treatment in function of the root cause.

so, for the domain members :
net stop w32time
w32tm /config /syncfromflags:DOMHIER (this will force the domain members to sync on the domain controllers)
 sc config W32Time startuptype= auto (this will put the startup type on auto - might want to verify the command though)
net start W32time

on the non domain members, i use the manualpeerlist of the clients to sync them on the DC.

Cheers
T
0
 
LVL 35

Expert Comment

by:Nirmal Sharma
ID: 38854200
Looks like I need to design an Assessment Pack for checking Time Service Configuration on Domain Controllers and Clients in Dynamic SpotAction Tool at www.Dynamic-SpotAction.com

What else Assessmen Packs you guys think I can design for a tool which I am developing?

Please do not get me wrong - I just need the inputs/feedbacks if you have any!

Thanks!
Sys
Microsoft MVP - Directory Services
0
 

Author Closing Comment

by:bergquistcompany
ID: 38857672
all excellent articles thank you for all the tips.  You helpded me resolve it
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question