Solved

Best Practices for configuring Time in a multiserver domain

Posted on 2014-09-16
3
157 Views
Last Modified: 2014-10-02
What is the best practice for configuring time source in a multi server domain?  (Have a mix of 2003 STD and 2012 STD and HyperV - VMs)

This is what I was thinking.......Have the DC/FSMO get external time,  Have the other DCs and member servers point to the DC/FSMO.  I believe workstations will by default point to the DC/Fsmo???

Should the other DCs and member servers point to the DC/FSMO and have a 2nd time source thats  external?
0
Comment
Question by:howmad2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 12

Assisted Solution

by:Kent W
Kent W earned 250 total points
ID: 40325721
You are correct, your primary DC should look externally, all other computers internally.  If they are joined to the domain, this should happen automatically.  Any machines that are not technically on the domain (linux, etc.) can be pointed to your primary DC.  Your other DCs should also be getting time from the primary.
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 250 total points
ID: 40325866
Just so you know, you don't have to manually point the other machines at the PDC Emulator. Simply configure them to get time from the domain hierarchy (by setting the W32Time\Parameters\Type registry key to NT5DS or via the w32tm /config /syncfromflags:DOMHIER /update command), and they'll figure out the rest.
0
 
LVL 14

Expert Comment

by:frankhelk
ID: 40336273
I would opt in for the "external time source for the no-dc's as backup" idea ... but that would be tricky to configure with W32time. And I experienced enough trouble with that piece of crap when in NTP mode to avoid using it whenever I can.

My recommendation:

Use a Windows port of the classic *ix NTP service (see my article on NTP for more info), and sync the PDC and BDC to the servers from pool.ntp.org, i.e. with
(...)
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst
(...)

Open in new window

in ntp.conf. Sync the clients preferably to the PDC/BDC, but give time sources for backup, too, with
(...)
server PDCSERVER iburst prefer
server BDCSERVER iburst prefer
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst
(...)

Open in new window

in ntp.conf.

The NTP service software is free. Easy to install and configure, has a low ressource footprint, works like a charm and is stable as a rock. And it is nicer when it comes to one of the rare cases of troubleshooting. The NTP service has a low ressource footprint, therefore the NTP functionality could be hooked onto existing machines or VM's like webservers, ftp servers, mailservers or database hosts - even in a DMZ - without visible performance impact.

If securtity is an issue, you might as well place radio controlled clock appliances into your LAN who serve time very reliable and precise.
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question