Re: redundant time source
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Tue, 21 Aug 2007 21:19:16 +0100
Hi
Time Sync is very important to windows.
The Windows Time service is essential to the successful operation of
Kerberos authentication and, therefore, to Active Directory-based
authentication. Any Kerberos-aware application, including most security
services, relies on time synchronization between the computers that are
participating in the authentication request. Active Directory domain
controllers must also have synchronized clocks to help ensure accurate data
replication.
Discrepancies between computer clocks can lead to transactions being
recorded before the open or after the close of the business day, or money
being credited to an account before it is withdrawn from another.
http://technet2.microsoft.com/windowsserver/en/library/a0fcd250-e5f7-41b3-b0e8-240f8236e2101033.mspx?mfr=true
Make sure that the PDC emulator from the root domain is always having the
correct time, by synchronizing it with an external time source or internal
clock.
By default, each Windows 2000/XP/2003 client will automatically synchronize
its time with the DC where it was authenticated, and that DC(s) will syn
their time with their PDCe.
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
"Bentley" <Bentley@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C2E038AA-6FA1-4785-AD4A-7A9E5AA77864@xxxxxxxxxxxxxxxx
The PDC emulator syncs to the naval observatory and the device in question
will sync to GPS. How far off would these 2 sources have to be to cause
issues on my domain?
"Mathieu CHATEAU" wrote:
Hello,
at the end, if all computers are exactly at the same time (atomic clock),
there isn't any issue.
Issues about time start when there is more than 5 minutes lag (kerberos
replay protection)
It may also make debug harder if there is more than 30 seconds lags.
The goal is to get everyone at the same time, and the good time is event
better !
--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com
"Bentley" <Bentley@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:193BE2D1-28A6-42FB-9036-3CF894D046AC@xxxxxxxxxxxxxxxx
Are there any problems with having a secondary time source in a windows
2003
forest?
One of the agencies we support wants to point a couple domain member
servers
to a 'netclock' device that is co-located rather than have them point
to
the
pdc emulator, which is in another building.
I do not want to point the pdc emulator to this device (it currently
points
to naval observatory).
Any thoughts?
Thanks!
.
- References:
- Re: redundant time source
- From: Mathieu CHATEAU
- Re: redundant time source
- Prev by Date: Re: How Can I tell when a server was promoted to Domain Controller
- Next by Date: Re: How Can I tell when a server was promoted to Domain Controller
- Previous by thread: Re: redundant time source
- Next by thread: Re: Email address are not populating after account creation
- Index(es):
Relevant Pages
|
