Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

force all domain controllers to register NTP SRV records

Posted on 2013-10-31
8
Medium Priority
?
1,316 Views
Last Modified: 2013-11-02
I have a mixed environment, and have a need for several clients to be able to dynamically find NTP services within thier active directory site.  Is there a way that I can have all of my domain controllers dynamically register these SRV records? I am trying to avoid creating them all manually so that my environment stays fluid as I grow it.
0
Comment
Question by:intlfcs_krismortensen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39614963
Configure authorative time server on the PDC role holder server below is the KB article for the same.http://support.microsoft.com/kb/816042

Please also make sure that udp port 123 which as direction the chosen NTP server is not blocked.

By default client machine and servers will sync time from PDC server.More here: http://support.microsoft.com/kb/223184


Jorge's Time Service blogs:
Configuring and Managing the Windows Time Service, Parts 1 to 4:
http://blogs.dirteam.com/blogs/jorge/archive/2010/09/26/configuring-and-managing-the-windows-time-service-part-1.aspx
http://blogs.dirteam.com/blogs/jorge/archive/2010/09/26/configuring-and-managing-the-windows-time-service-part-2.aspx
http://blogs.dirteam.com/blogs/jorge/archive/2010/09/26/configuring-and-managing-the-windows-time-service-part-3.aspx
http://blogs.dirteam.com/blogs/jorge/archive/2010/09/26/configuring-and-managing-the-windows-time-service-part-4.aspx
0
 
LVL 1

Author Comment

by:intlfcs_krismortensen
ID: 39614979
Sandeshdubey-
thanks for the links, however, this doesn't answer my question at all. I already have my PDC Emulator configured as an authoritative time server, udp port 123 is already allowed, and yes, by default WINDOWS clients will automatically sync time from the various domain controllers which are synced by the PDC emulator. The key to my question is that I have NON WINDOWS clients looking for NTP services. they are currently configured to look for those services by querying "internaldomain.com", and domain controllers do not register NTP SRV records in DNS by default... I want to change things so that each of my domain controllers automatically registers an NTP SRV record for my NON WINDOWS clients to find.
0
 
LVL 41

Expert Comment

by:footech
ID: 39615333
I've never seen or heard of a setting that will create these automatically for you.  The closest you could come is scripting their creation.  DHCP options may also be of help to you depending on if the clients will use them.
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 51

Expert Comment

by:Netman66
ID: 39616801
Most non-windows clients have time services of their own.  It would only be a matter of pointing those services to the PDCE.

I know of no way other than manually to create DNS records for NTP - and even then, clients don't normally query for time servers using SRV records.

Is this a custom service you have created?
0
 
LVL 1

Author Comment

by:intlfcs_krismortensen
ID: 39616883
Netman66-
This is not a custom service; in this case, it is actually NetApp storage controllers, which ends up being a very heavily modified version of freebsd. I manually created SRV records for now, and as you noted, the storage controllers don't seem to be looking for those SRV records though.
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 600 total points
ID: 39618079
Ok, that gives me more info.

So using System Administrator under Ontap5/Configuration/System Tools/{date/time/timezone} - select Edit (top left) and enable Timed and set the Time Servers by IP - best to use the PDC Emulator.

If you prefer the commandline then:

> options timed
> options timed.servers {IP address of the PDCE}
> options timed.enable on

That should do the trick.

Let me know.
0
 
LVL 1

Author Closing Comment

by:intlfcs_krismortensen
ID: 39618828
While the solution does work, it doesnt really provide for the dynamic environment that I am looking for; at this point I am not confident that it is possible to have that kind of dynamic environment though.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 39619159
You can use the PDCE name instead, it will use the DNS settings to resolve.

NTP is not a dynamic service in an AD environment as the PDCE is always the authoritative time source for the infrastructure.  Changing the PDCE role holder will always require changing NTP settings - whether using DNS or static IP, there is no getting around that.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question