Solved

Configuring NTP for all domain servers using GPO best practice

Posted on 2014-11-05
7
616 Views
Last Modified: 2014-11-26
Hi All,

I'd like to implement the Group Policy modification so that I can enter the NTP setting for my PDC emulator to be the primary source of time for all network devices and servers.

here's my list of NTP:
server 0.oceania.pool.ntp.org
server 1.oceania.pool.ntp.org
server 2.oceania.pool.ntp.org
server 3.oceania.pool.ntp.org

Open in new window


1. how do I input those four servers into the text boxes in
Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers
because it is just one lineTextbox and which flag format do I need to use?

2. Can I just simply modify the Default Domain Controllers Policy because I only want to target this to the PDC role holder ? or do I have to create new one and then perform WMI filter  
Select * from Win32_ComputerSystem where DomainRole = 5

Open in new window

0
Comment
  • 3
  • 2
  • 2
7 Comments
 
LVL 33

Expert Comment

by:it_saige
ID: 40425358
You will have to create a new Policy set that is applied with the WMI filter you specified.  If you apply the filter to the Default Domain Controllers Policy, then only your PDC Emulator will apply the policies therein, all of you other domain controllers will not apply the policy set.

-saige-
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40425379
ah I see.
So what I need to do is to create new GPO object and change just single line "Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers" ?

what about the 4 values to be entered into the textbox ?
0
 
LVL 33

Assisted Solution

by:it_saige
it_saige earned 167 total points
ID: 40425388
Here is an example of using WMI Filtering with regards to PDC Emulator and Time Services:

http://blogs.technet.com/b/askds/archive/2008/11/13/configuring-an-authoritative-time-server-with-group-policy-using-wmi-filtering.aspx

As for the values to be entered, don't set the settings in the policy you referenced, create registry entries as shown here:

http://www.xenappblog.com/2012/time-server-group-policy/

-saige-
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 34

Accepted Solution

by:
Seth Simmons earned 333 total points
ID: 40425438
if you're using the server with the PDC emulator role for the time source, why use GPO?
by default domain members will look to that server for time so as long as that server is configured properly for an external time source, you shouldn't need to do anything else

How to configure an authoritative time server in Windows Server
https://support2.microsoft.com/kb/816042/en-us
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40425456
ok, so in this case the PDC emulator server itself can be reconfugured using the registry entry ?
is that correct rather than using GPO to point the PDC emulator to the 4x NTP Pool servers above ?
0
 
LVL 34

Assisted Solution

by:Seth Simmons
Seth Simmons earned 333 total points
ID: 40425471
yeah...GPO isn't necessary
configure those registry values, restart NTP service and the system log should show entries saying it is receiving good time from one of the providers you specified
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40425478
Cool, I was confused myself reading the book from Amazon "Virtualizing Microsoft Business Critical Applications on VMware vSphere (VMware Press Technology)" which says that I need to perform the GPO method in setting one PDC role in my single domain to be the time server.

and when i started to do the implementation on my GP console, i confused myself and lucky that I didn't edit the Default DC GPO :-)
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question