Announcement

Collapse
No announcement yet.

how to configure AD as ntp server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • how to configure AD as ntp server

    am runing windows 2008r2 dc + 1 exchange 2010 + 1 sql server 2008
    + 4 client winodws 7

    i have configure dc to be as ntp server as following

    1- c:\ net stop w32time
    2- c:\w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org"
    3- c:\w32tm /config /reliable:yes
    4- Enable NTP mode:
    1. Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\W32Time\Parameters
    2. Set the Type value to "NTP".
    5- Specify a 15-minute update interval:
    1. Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\W32Time\TimeProviders\NtpClient
    2. Set the SpecialPollInterval value to 300.
    6-c:/net start w32time

    my question is this oky or i have to configure the client with GPO what is the setting for gpo.

  • #2
    Re: how to configure AD as ntp server

    Normally, a domain member gets its time from the DC that holds the PDC Operations Master role (a.k.a. FSMO Role), in line with settings in the Default Domain policy. But since the default domain policy also applies to the domain controllers themselves, you'll want to make the service changes for your NTP settings in the Domain Controller policy. If you don't, the manual changes you've made will be over-written the next time group policy is automatically re-applied to your DC.
    *RicklesP*
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **

    Comment


    • #3
      Re: how to configure AD as ntp server

      Windows domain controller machines that are part of an Active Directory domain are automatically configured to act as time servers. The domain controller who is the Primary Domain Controller Emulator in the network is automatically configured to poll time.windows.com as a time source, and all subsequent domain controllors automatically obtain time from the Primary Domain Controller Emulator.
      Windows domain member servers and domain member clients are automatically configured to receive time from domain controllers on the same network.
      Stand-alone Windows servers and clients are automatically configured to poll time.windows.com at one-hour intervals. The time.windows.com server (actually a cluster of servers) is maintained by Microsoft. However, time.windows.com is notoriously unreliable and heavily loaded, so configuring a different time source or multiple sources is probably wise.
      An example configuration, suitable for a Windows 2003/2008 standalone server or Primary Domain Controller Emulator in a Active Directory domain:
      C:\>w32tm /config /update /manualpeerlist:"0.pool.ntp.org,0x8 1.pool.ntp.org,0x8 2.pool.ntp.org,0x8 3.pool.ntp.org,0x8" /syncfromflags:MANUAL
      The above configuration tells Windows Time Service to use four servers from the NTP Pool, and use a client-mode association (identified by the ,0x8 after each server name) to contact them. This configuration is analgous to server directives in the configuration file for ntpd. Note that this configuration should not be used on Windows servers or clients that are members of an Active Directory domain, unless you absolutely want them to ignore time from Active Directory domain controllers on the network.
      A second example, suitable for a laptop computer that is a member of a Windows Active Directory domain:
      C:\>w32tm /config /update /manualpeerlist:"pool.ntp.org,0x8" /syncfromflags:MANUAL,DOMHIER
      The above configuration tells Windows Time Service to both Active Directory domain controllers and pool.ntp.org as time sources, so that domain controllers are used as time sources when the laptop is on the netowork, but pool.ntp.org is used when the machine is "on the road" but still connected to the Internet (at a WiFi hot-spot in your local coffee house, for example).
      I hope it explains the confusion.

      Comment


      • #4
        Re: how to configure AD as ntp server

        Originally posted by mohammedyusuf View Post
        Windows domain controller machines that are part of an Active...
        Always quote your sources so we know where to go if we require further information.

        http://support.ntp.org/bin/view/Supp...owsTimeService
        A recent poll suggests that 6 out of 7 dwarfs are not happy

        Comment

        Working...
        X