Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Best Practices for configuring Time in a multiserver domain

Posted on 2014-09-16
3
153 Views
Last Modified: 2014-10-02
What is the best practice for configuring time source in a multi server domain?  (Have a mix of 2003 STD and 2012 STD and HyperV - VMs)

This is what I was thinking.......Have the DC/FSMO get external time,  Have the other DCs and member servers point to the DC/FSMO.  I believe workstations will by default point to the DC/Fsmo???

Should the other DCs and member servers point to the DC/FSMO and have a 2nd time source thats  external?
0
Comment
Question by:howmad2
3 Comments
 
LVL 12

Assisted Solution

by:Kent W
Kent W earned 250 total points
ID: 40325721
You are correct, your primary DC should look externally, all other computers internally.  If they are joined to the domain, this should happen automatically.  Any machines that are not technically on the domain (linux, etc.) can be pointed to your primary DC.  Your other DCs should also be getting time from the primary.
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 250 total points
ID: 40325866
Just so you know, you don't have to manually point the other machines at the PDC Emulator. Simply configure them to get time from the domain hierarchy (by setting the W32Time\Parameters\Type registry key to NT5DS or via the w32tm /config /syncfromflags:DOMHIER /update command), and they'll figure out the rest.
0
 
LVL 14

Expert Comment

by:frankhelk
ID: 40336273
I would opt in for the "external time source for the no-dc's as backup" idea ... but that would be tricky to configure with W32time. And I experienced enough trouble with that piece of crap when in NTP mode to avoid using it whenever I can.

My recommendation:

Use a Windows port of the classic *ix NTP service (see my article on NTP for more info), and sync the PDC and BDC to the servers from pool.ntp.org, i.e. with
(...)
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst
(...)

Open in new window

in ntp.conf. Sync the clients preferably to the PDC/BDC, but give time sources for backup, too, with
(...)
server PDCSERVER iburst prefer
server BDCSERVER iburst prefer
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst
(...)

Open in new window

in ntp.conf.

The NTP service software is free. Easy to install and configure, has a low ressource footprint, works like a charm and is stable as a rock. And it is nicer when it comes to one of the rare cases of troubleshooting. The NTP service has a low ressource footprint, therefore the NTP functionality could be hooked onto existing machines or VM's like webservers, ftp servers, mailservers or database hosts - even in a DMZ - without visible performance impact.

If securtity is an issue, you might as well place radio controlled clock appliances into your LAN who serve time very reliable and precise.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Backup on Server 2012 - back up to LTO tape? 1 20
Need network only 1 user? 10 67
DFSR ConflitandDeleted folder 14 26
SSL CSR question 2 5
The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
An article on effective troubleshooting
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question