Solved

Configuring NTP for all domain servers using GPO best practice

Posted on 2014-11-05
7
640 Views
Last Modified: 2014-11-26
Hi All,

I'd like to implement the Group Policy modification so that I can enter the NTP setting for my PDC emulator to be the primary source of time for all network devices and servers.

here's my list of NTP:
server 0.oceania.pool.ntp.org
server 1.oceania.pool.ntp.org
server 2.oceania.pool.ntp.org
server 3.oceania.pool.ntp.org

Open in new window


1. how do I input those four servers into the text boxes in
Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers
because it is just one lineTextbox and which flag format do I need to use?

2. Can I just simply modify the Default Domain Controllers Policy because I only want to target this to the PDC role holder ? or do I have to create new one and then perform WMI filter  
Select * from Win32_ComputerSystem where DomainRole = 5

Open in new window

0
Comment
  • 3
  • 2
  • 2
7 Comments
 
LVL 33

Expert Comment

by:it_saige
ID: 40425358
You will have to create a new Policy set that is applied with the WMI filter you specified.  If you apply the filter to the Default Domain Controllers Policy, then only your PDC Emulator will apply the policies therein, all of you other domain controllers will not apply the policy set.

-saige-
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40425379
ah I see.
So what I need to do is to create new GPO object and change just single line "Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers" ?

what about the 4 values to be entered into the textbox ?
0
 
LVL 33

Assisted Solution

by:it_saige
it_saige earned 167 total points
ID: 40425388
Here is an example of using WMI Filtering with regards to PDC Emulator and Time Services:

http://blogs.technet.com/b/askds/archive/2008/11/13/configuring-an-authoritative-time-server-with-group-policy-using-wmi-filtering.aspx

As for the values to be entered, don't set the settings in the policy you referenced, create registry entries as shown here:

http://www.xenappblog.com/2012/time-server-group-policy/

-saige-
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 34

Accepted Solution

by:
Seth Simmons earned 333 total points
ID: 40425438
if you're using the server with the PDC emulator role for the time source, why use GPO?
by default domain members will look to that server for time so as long as that server is configured properly for an external time source, you shouldn't need to do anything else

How to configure an authoritative time server in Windows Server
https://support2.microsoft.com/kb/816042/en-us
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40425456
ok, so in this case the PDC emulator server itself can be reconfugured using the registry entry ?
is that correct rather than using GPO to point the PDC emulator to the 4x NTP Pool servers above ?
0
 
LVL 34

Assisted Solution

by:Seth Simmons
Seth Simmons earned 333 total points
ID: 40425471
yeah...GPO isn't necessary
configure those registry values, restart NTP service and the system log should show entries saying it is receiving good time from one of the providers you specified
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40425478
Cool, I was confused myself reading the book from Amazon "Virtualizing Microsoft Business Critical Applications on VMware vSphere (VMware Press Technology)" which says that I need to perform the GPO method in setting one PDC role in my single domain to be the time server.

and when i started to do the implementation on my GP console, i confused myself and lucky that I didn't edit the Default DC GPO :-)
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question