Setting up Time Server in AD

Exchange User
Exchange User used Ask the Experts™
on
Hi all,

I have to setup a time server on our PDC holding DC. I have seen how to set it up but our HQ is in one city and some of the branches are 1 hour behind, some are 2 and some are 3. All branches are in the same country though. So When setting up the time server, if I add pool.ntp.org, will that work fine for all branches ?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Senior Server Administrator
Commented:
Hello,

I will suggest you to configure PDC as NTP server and to sync it's time with external time source 'pool.ntp.org' for more accuracy. Please check if any of your domain controllers are virtual servers. If the DC is hosted on any virtual servers then please make sure you have disabled the time sync between host and guest. Also, On the additional domain controllers you can set the value of 'NtpServer' as 'pool.ntp.org,0x1' to sync time
I do not recommend changing the individual time settings on DCs.  You really need to know how time is used in an AD domain.
All workstations and member servers get their time from their authenticating DC.
All DCs get their time from the DC that holds the PDC emulator role.
The PDCe gets its time from an external time source, one of the pool servers, GPS, core router, etc.
All DCs are already time servers, evidences by the fact that netstat shows port 123 active.
You are much more likely seeing time zone issues that real time skew.  Active Directory uses Kerberos authentication and is set to allow for a maximum five minute skew, otherwise it considers those requests as replay attacks.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial