Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Time synchronization for Domain Controllers

Posted on 2016-07-29
10
Medium Priority
?
53 Views
Last Modified: 2016-08-28
Hello,

I am experiencing an issue where all the clocks on our domain controllers become out of sync. We currently have 8 DCs on our network and for some reason, the clocks become out of sync, causing anomalies on our network (exchange in particular).

Is there a reason this may be happening and is there a fix for this? Perhaps a way to connect to an external clock?

Thanks in advance
0
Comment
Question by:zito2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 13

Assisted Solution

by:Dustin Saunders
Dustin Saunders earned 668 total points (awarded by participants)
ID: 41734892
I've always used the pool.ntp servers for our TIme service.  This link shows how to set them as your NTP server.
0
 
LVL 16

Assisted Solution

by:Todd Nelson
Todd Nelson earned 668 total points (awarded by participants)
ID: 41734896
If you have not configured an authoritative time server for your domain then each of the servers will attempt to set their time from Microsoft--which isn't always a reliable source.

When you configure an authoritative time server, you want to configure the PDC emulator to access a reliable external time service (http://www.pool.ntp.org/en/) from which it will set its time.  Then all other internal servers should get their time from the PDC emulator.

Utilize these two references to configure time synching for your Windows domain.

How to configure an authoritative time server in Windows Server ... https://support.microsoft.com/en-us/kb/816042

Configure a client computer for automatic domain time synchronization ... https://technet.microsoft.com/en-us/library/cc758905%28WS.10%29.aspx?f=255&MSPPError=-2147217396

Good luck.
0
 
LVL 14

Assisted Solution

by:frankhelk
frankhelk earned 664 total points (awarded by participants)
ID: 41737017
Hmmm ... W32time, the timekeeping service in Windows. I experienced enough trouble with that piece of crap when in NTP mode to avoid using it whenever I can.

For a mature timekeeping service with well documented behaviour, I'd recommend this:

Use a Windows port of the classic *ix NTP service on your DCs, and sync 'em with NTP time sources from pool.ntp.org. Sync the clients with your DCs to keep 'em in sync in case of network failure. Ensure to disable the time sync features of VMware (to timekeeping services on one clock will cause time chaos). The NTP service software is free. Easy to install and configure, works like a charm and is stable as a rock. And it is nicer when it comes to one of the rare cases of troubleshooting.

See my article on NTP basics for the "How To".

The NTP service has a low ressource footprint, therefore the NTP functionality could be hooked onto existing machines or VM's like webservers, ftp servers, mailservers or database hosts - even in a DMZ - without visible performance impact.

If securtity is an issue, you might as well use local radio controlled clock appliances (see the article for that, too) in your LAN who serve times very reliable and precise.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:zito2000
ID: 41737478
Thank you everyone for the help.

I prefer synchronizing with an external so I will try that solution first.

If no luck, I will explore other avenues to achieve the synchronization.

thank you
0
 

Author Comment

by:zito2000
ID: 41737481
I forgot to ask,

Dustin, do I need to do this for every DC, or just the roots?
0
 
LVL 13

Accepted Solution

by:
Dustin Saunders earned 668 total points (awarded by participants)
ID: 41737491
Microsoft states that it only needs to be done on the PDC that is the operations master.
0
 

Author Comment

by:zito2000
ID: 41737505
Ok cool,

that would be one of our roots
0
 
LVL 13

Expert Comment

by:Dustin Saunders
ID: 41748958
@Zito2000

When a question is resolved, simply select an answer(s) that most helped you lead to your resolution.  The question will be closed and points will be awarded to the expert(s) who helped you.
1
 
LVL 13

Expert Comment

by:Dustin Saunders
ID: 41773565
All three experts helped asker reach desired solution with good answers.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question