NTP in Win 2003 domains (awaiting response of my previous post)

---

• From: "DD" <darshan.diora@xxxxxxxxxxxxxxxxx>
• Date: Thu, 21 Feb 2008 11:40:18 +0530

---

Hi,
Domain hier means First Parent DC, than ADC. and in my case all the 5
FSMO roles are with server A and server B has no roles with it.
This means that all menbers shall be taking their time from ServerA being a
PDC which doesen't happen . Also configured the server options in DHCP |
time server as server A but still all members of the domain shows time
source as Server B. After removing ADS from server B all the client, members
shows
correct time source as Server A but after adding a new serverC as an ADC all
the clients take their time from ServerC despite it has not been configured
anywhere to be a time source of my domain.Why is it so.

Regards
darshan

"Bruce Sanderson" <bsanders@xxxxxxxxxxxxxxxxx> wrote in message
news:F1E42160-9273-4186-8EBE-AD1CC73A2603@xxxxxxxxxxxxxxxx

The default for domain members and Domain Controllers is to sync time with
the "Domain Hierarchy", not the Domain Controller with the PDC Role. The
page referenced by Marcin tells you how to set up the default and the PDC
emulator to use an external time source.

Which Domain Controller is used by clients is not usually important
because all of the Domain Controller routinely syncronize their time
amongst themselves, using the DC with the PDC emulator role as the
ultimate source of true time. With just two Domain Controllers, DC B will
sync time from DC A - the one with the PDC emulator role.

Just as which Domain Controller a particular computer uses for user
credential authentication is not deterministic, so is which Domain
Controller will be used as the source of time.

As long as:

1. the PDC emulator is configured to syncronize time from an "external
source"
(e.g. using the command w32tm /config /syncfromflags:manual
/manualpeerlist:time.nist.com /reliable:yes /update)
2.. the other Domain Controllers are configured to syncronize with the
"Domain Hierarchy" - which is the default
(can be set using the command w32tm /config /syncfromflags:domhier
/update)
3. the other member computers are configured to syncronize with the -
which is the default (same command as for 2.)

Your time syncronization should be in good shape. Except for doing 1.
normally there is no need to adjust the Windows Time Service
configuration - it just works - when a computer joins the domain, it is
configured to syncronize with the Domain Controllers ("Domain Hierarchy").

If you really want (or need for some special reason) to force all your
domain members to specifically syncronize time with a particular Domain
Controller, you can do this using a GPO:

Computer Configuration
Administrative Templates
System
Windows Time Service
Enable Windows NTP Client

Bruce Sanderson
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong question.

"DD" <darshan.diora@xxxxxxxxxxxxxxxxx> wrote in message
news:OvS$q$KcIHA.1212@xxxxxxxxxxxxxxxxxxxxxxx

Hi,
Tried all the possibilities as posted in the link but no success.
Whenever i shut down the server B which is an ADC the net time on any
clients shows correct
source as server A which is the parent DC but as soon i start the
ADC(serverB) it automatically shows the time source as ServerB. How can i
resolve this
as time source is actually Server A on which the time sync with external
program is running.

Regards
darshan
"Marcin" <marcin@xxxxxxxxxxxxxxxx> wrote in message
news:B57D1346-FE4F-4D76-A4A5-9DC1C2103DC7@xxxxxxxxxxxxxxxx

Darshan,
try steps outlined in the
http://technet2.microsoft.com/windowsserver/en/library/f1d8b85d-2b4f-4acd-8c2e-259167b95e481033.mspx?mfr=true

hth
Marcin

.

---

• Follow-Ups:
  • Re: NTP in Win 2003 domains (awaiting response of my previous post)
    • From: Meinolf Weber

• Prev by Date: Re: IE History with Temp Internet files
• Next by Date: Re: time sync from NTP in win 2003
• Previous by thread: 0xd KDC_ERR_BADOPTION
• Next by thread: Re: NTP in Win 2003 domains (awaiting response of my previous post)
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Adding Domain Controllers to Remote Sites ... remote location and perform the necessary configuration across the network. ... proces is site aware so when you promote a server in a site to be a GC ... Configuring Domain Controllers in remote sites ... domain controller that will be running at each site. ... (microsoft.public.windows.server.general) Re: NTP in Win 2003 domains (awaiting response of my previous post) ... The purpose of the Windows Time service is to make sure that all computers that are running Microsoft Windows 2000 or later versions in an organization use a common time. ... All domain controllers in a domain nominate the primary domain controller operations master as their in-bound time partner. ... When you configure the authoritative time server to sync with an Internet time source, ... (microsoft.public.windows.server.active_directory) Re: Issues with w32tm on AD network ... controller automatically as their primary time source, ... configure the domain controller explicitely as times source on every ... Maybe you have another Windows server on which you can install NTP. ... w32time and get the time from the server running ntpd. ... (comp.protocols.time.ntp) Re: Windows 2003 Time service ... to the authoratative time server? ... sync with the next step on the domain hierarchy and there are no higher ... domain hierarchy to use as a time source. ... Can you restart Windows Time service on this domain controller? ... (microsoft.public.windows.server.setup) Re: Error when joining member server ... I have not changed anything on the machine's default configuration ... domain controller. ... Like I said I have had this problem only on this server, ... First run Dcdiag and Netdiag tests on the existent Dc. ... (microsoft.public.windows.server.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)