Solved

Configuring NTP for all domain servers using GPO best practice

Posted on 2014-11-05
7
665 Views
Last Modified: 2014-11-26
Hi All,

I'd like to implement the Group Policy modification so that I can enter the NTP setting for my PDC emulator to be the primary source of time for all network devices and servers.

here's my list of NTP:
server 0.oceania.pool.ntp.org
server 1.oceania.pool.ntp.org
server 2.oceania.pool.ntp.org
server 3.oceania.pool.ntp.org

Open in new window


1. how do I input those four servers into the text boxes in
Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers
because it is just one lineTextbox and which flag format do I need to use?

2. Can I just simply modify the Default Domain Controllers Policy because I only want to target this to the PDC role holder ? or do I have to create new one and then perform WMI filter  
Select * from Win32_ComputerSystem where DomainRole = 5

Open in new window

0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 34

Expert Comment

by:it_saige
ID: 40425358
You will have to create a new Policy set that is applied with the WMI filter you specified.  If you apply the filter to the Default Domain Controllers Policy, then only your PDC Emulator will apply the policies therein, all of you other domain controllers will not apply the policy set.

-saige-
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40425379
ah I see.
So what I need to do is to create new GPO object and change just single line "Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers" ?

what about the 4 values to be entered into the textbox ?
0
 
LVL 34

Assisted Solution

by:it_saige
it_saige earned 167 total points
ID: 40425388
Here is an example of using WMI Filtering with regards to PDC Emulator and Time Services:

http://blogs.technet.com/b/askds/archive/2008/11/13/configuring-an-authoritative-time-server-with-group-policy-using-wmi-filtering.aspx

As for the values to be entered, don't set the settings in the policy you referenced, create registry entries as shown here:

http://www.xenappblog.com/2012/time-server-group-policy/

-saige-
0
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

 
LVL 35

Accepted Solution

by:
Seth Simmons earned 333 total points
ID: 40425438
if you're using the server with the PDC emulator role for the time source, why use GPO?
by default domain members will look to that server for time so as long as that server is configured properly for an external time source, you shouldn't need to do anything else

How to configure an authoritative time server in Windows Server
https://support2.microsoft.com/kb/816042/en-us
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40425456
ok, so in this case the PDC emulator server itself can be reconfugured using the registry entry ?
is that correct rather than using GPO to point the PDC emulator to the 4x NTP Pool servers above ?
0
 
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 333 total points
ID: 40425471
yeah...GPO isn't necessary
configure those registry values, restart NTP service and the system log should show entries saying it is receiving good time from one of the providers you specified
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40425478
Cool, I was confused myself reading the book from Amazon "Virtualizing Microsoft Business Critical Applications on VMware vSphere (VMware Press Technology)" which says that I need to perform the GPO method in setting one PDC role in my single domain to be the time server.

and when i started to do the implementation on my GP console, i confused myself and lucky that I didn't edit the Default DC GPO :-)
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question