Best Practices for configuring Time in a multiserver domain

What is the best practice for configuring time source in a multi server domain?  (Have a mix of 2003 STD and 2012 STD and HyperV - VMs)

This is what I was thinking.......Have the DC/FSMO get external time,  Have the other DCs and member servers point to the DC/FSMO.  I believe workstations will by default point to the DC/Fsmo???

Should the other DCs and member servers point to the DC/FSMO and have a 2nd time source thats  external?
howmad2Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kent WSr. Network / Systems AdminCommented:
You are correct, your primary DC should look externally, all other computers internally.  If they are joined to the domain, this should happen automatically.  Any machines that are not technically on the domain (linux, etc.) can be pointed to your primary DC.  Your other DCs should also be getting time from the primary.
0
DrDave242Commented:
Just so you know, you don't have to manually point the other machines at the PDC Emulator. Simply configure them to get time from the domain hierarchy (by setting the W32Time\Parameters\Type registry key to NT5DS or via the w32tm /config /syncfromflags:DOMHIER /update command), and they'll figure out the rest.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
frankhelkCommented:
I would opt in for the "external time source for the no-dc's as backup" idea ... but that would be tricky to configure with W32time. And I experienced enough trouble with that piece of crap when in NTP mode to avoid using it whenever I can.

My recommendation:

Use a Windows port of the classic *ix NTP service (see my article on NTP for more info), and sync the PDC and BDC to the servers from pool.ntp.org, i.e. with
(...)
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst
(...)

Open in new window

in ntp.conf. Sync the clients preferably to the PDC/BDC, but give time sources for backup, too, with
(...)
server PDCSERVER iburst prefer
server BDCSERVER iburst prefer
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst
(...)

Open in new window

in ntp.conf.

The NTP service software is free. Easy to install and configure, has a low ressource footprint, works like a charm and is stable as a rock. And it is nicer when it comes to one of the rare cases of troubleshooting. The NTP service has a low ressource footprint, therefore the NTP functionality could be hooked onto existing machines or VM's like webservers, ftp servers, mailservers or database hosts - even in a DMZ - without visible performance impact.

If securtity is an issue, you might as well place radio controlled clock appliances into your LAN who serve time very reliable and precise.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.