Avatar of Exchange User
Exchange User
 asked on

Setting up Time Server in AD

Hi all,

I have to setup a time server on our PDC holding DC. I have seen how to set it up but our HQ is in one city and some of the branches are 1 hour behind, some are 2 and some are 3. All branches are in the same country though. So When setting up the time server, if I add pool.ntp.org, will that work fine for all branches ?
Active Directory

Avatar of undefined
Last Comment
Bob McCoy

8/22/2022 - Mon

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Bob McCoy

I do not recommend changing the individual time settings on DCs.  You really need to know how time is used in an AD domain.
All workstations and member servers get their time from their authenticating DC.
All DCs get their time from the DC that holds the PDC emulator role.
The PDCe gets its time from an external time source, one of the pool servers, GPS, core router, etc.
All DCs are already time servers, evidences by the fact that netstat shows port 123 active.
You are much more likely seeing time zone issues that real time skew.  Active Directory uses Kerberos authentication and is set to allow for a maximum five minute skew, otherwise it considers those requests as replay attacks.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck