Share via

Domain Controller NTP

Handian Sudianto 5,121 Reputation points
2024-11-05T12:51:04.4133333+00:00

We use domain controller as NTP server for all cisco devices, now i want to know is NTP Active Directory can act as SNTP also to support authentication?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,208 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,628 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 25,675 Reputation points MVP
    2024-11-05T13:26:35.7633333+00:00

    Active Directory domain controllers can provide Network Time Protocol (NTP) services for synchronizing time across devices on a network. However, they don't natively support Simple Network Time Protocol (SNTP) with authentication in the same way that some dedicated NTP servers might.

    Here’s a breakdown of key points:

    1. NTP vs. SNTP: NTP (Network Time Protocol) is more accurate and designed for full network time synchronization with drift correction, while SNTP (Simple Network Time Protocol) is a simplified version primarily used for smaller devices where precision isn't critical. Most modern networked devices and domain controllers use NTP rather than SNTP.
    2. Authentication: By default, Windows NTP services on domain controllers don't support NTP authentication for client devices (such as Cisco routers) via built-in options like MD5 or SHA-based hashing. If authentication is required by the Cisco devices, the domain controller's NTP service will not fulfill this out-of-the-box.
    3. Options for Authentication: If your Cisco devices require NTP authentication, you would need a separate, dedicated NTP server that supports authenticated NTP. Some network environments use a hardware NTP appliance (e.g., from vendors like Meinberg) or an NTP server running on Linux that can support secure authentication. You can configure this external NTP server to sync time with the domain controller, providing an intermediary layer that supports the authentication the Cisco devices require.

    In short, while an AD domain controller can act as an NTP server, it doesn't natively support authenticated SNTP for Cisco devices. Using a dedicated NTP server with authentication capabilities would be the recommended approach.

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.