Link to home
Create AccountLog in
Avatar of Exchange User
Exchange User

asked on

Setting up Time Server in AD

Hi all,

I have to setup a time server on our PDC holding DC. I have seen how to set it up but our HQ is in one city and some of the branches are 1 hour behind, some are 2 and some are 3. All branches are in the same country though. So When setting up the time server, if I add pool.ntp.org, will that work fine for all branches ?
ASKER CERTIFIED SOLUTION
Avatar of Gauresh_sakhalkar
Gauresh_sakhalkar
Flag of India image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
I do not recommend changing the individual time settings on DCs.  You really need to know how time is used in an AD domain.
All workstations and member servers get their time from their authenticating DC.
All DCs get their time from the DC that holds the PDC emulator role.
The PDCe gets its time from an external time source, one of the pool servers, GPS, core router, etc.
All DCs are already time servers, evidences by the fact that netstat shows port 123 active.
You are much more likely seeing time zone issues that real time skew.  Active Directory uses Kerberos authentication and is set to allow for a maximum five minute skew, otherwise it considers those requests as replay attacks.