Solved

Best Practices for configuring Time in a multiserver domain

Posted on 2014-09-16
3
146 Views
Last Modified: 2014-10-02
What is the best practice for configuring time source in a multi server domain?  (Have a mix of 2003 STD and 2012 STD and HyperV - VMs)

This is what I was thinking.......Have the DC/FSMO get external time,  Have the other DCs and member servers point to the DC/FSMO.  I believe workstations will by default point to the DC/Fsmo???

Should the other DCs and member servers point to the DC/FSMO and have a 2nd time source thats  external?
0
Comment
Question by:howmad2
3 Comments
 
LVL 12

Assisted Solution

by:Kent W
Kent W earned 250 total points
ID: 40325721
You are correct, your primary DC should look externally, all other computers internally.  If they are joined to the domain, this should happen automatically.  Any machines that are not technically on the domain (linux, etc.) can be pointed to your primary DC.  Your other DCs should also be getting time from the primary.
0
 
LVL 25

Accepted Solution

by:
DrDave242 earned 250 total points
ID: 40325866
Just so you know, you don't have to manually point the other machines at the PDC Emulator. Simply configure them to get time from the domain hierarchy (by setting the W32Time\Parameters\Type registry key to NT5DS or via the w32tm /config /syncfromflags:DOMHIER /update command), and they'll figure out the rest.
0
 
LVL 13

Expert Comment

by:frankhelk
ID: 40336273
I would opt in for the "external time source for the no-dc's as backup" idea ... but that would be tricky to configure with W32time. And I experienced enough trouble with that piece of crap when in NTP mode to avoid using it whenever I can.

My recommendation:

Use a Windows port of the classic *ix NTP service (see my article on NTP for more info), and sync the PDC and BDC to the servers from pool.ntp.org, i.e. with
(...)
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst
(...)

Open in new window

in ntp.conf. Sync the clients preferably to the PDC/BDC, but give time sources for backup, too, with
(...)
server PDCSERVER iburst prefer
server BDCSERVER iburst prefer
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst
(...)

Open in new window

in ntp.conf.

The NTP service software is free. Easy to install and configure, has a low ressource footprint, works like a charm and is stable as a rock. And it is nicer when it comes to one of the rare cases of troubleshooting. The NTP service has a low ressource footprint, therefore the NTP functionality could be hooked onto existing machines or VM's like webservers, ftp servers, mailservers or database hosts - even in a DMZ - without visible performance impact.

If securtity is an issue, you might as well place radio controlled clock appliances into your LAN who serve time very reliable and precise.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now