Share via

Active Directory Domain NTP Design

Asela De Costa 1 Reputation point
2020-09-09T13:29:43.433+00:00

We have 100 DC's in 8 countries ( US, UK, AUS, NZ, France and in Asia ) some DC's are in Azure, AWS and Vmware/xen hypervisors.

Noticed some RDP login issues to Vmware servers and DNS issues to AWS.

I thought PDC is set to external time source or load balancer and rest point to pdc.

So how do i change all other dc's point back to PDC?

Will location cause any issues?

if PDC goes offline, do I have to configure the NTP to external on that server?

AS

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,227 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,639 questions

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. TimCerling(ret) 1,156 Reputation points
    2020-09-09T13:56:32.23+00:00

    Yes, it is a general practice to configure the Domain Controller that is running the PDC FSMO role to point to a NTP server. At that point, all other domain controllers will get their time from the DC hosting the PDC FSMO role, just like all other domain members.

    If the DC hosting the PDC FSMO role goes offline, what you do depends upon how long it is expected to be off. Generally there will be little time drift over short periods of time. Domain controllers will continue to provide time for member servers. If the PDC role is going to be down for more than a day or two, you may seize the PDC FSMO role to any other DC and then configure that DC to your NTP.

    0 comments
  2. Anonymous
    2020-09-09T14:09:36.203+00:00

    Some general info

    to point the members back to domain time (NT5DS)

    w32tm /unregister
    net stop w32time
    w32tm /register
    net start w32time
    w32tm /config /syncfromflags:domhier /update
    net stop w32time
    net start w32time

    then check

    w32tm /query /source
    w32tm /query /configuration

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments
  3. Stephanie Yu 396 Reputation points
    2020-09-14T01:38:48.267+00:00

    Hello @Asela De Costa ,

    Thank you for posting here.

    Although the Windows Time service is not an exact implementation of the Network Time Protocol (NTP), it uses the complex suite of algorithms that is defined in the NTP specifications to ensure that clocks on computers throughout a network are as accurate as possible.

    You can refer to the content of this link, hope it will help you:
    https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc773013(v=ws.10)?redirectedfrom=MSDN

    Best regards,
    Stephanie Yu

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  4. Alex FONTANA 1 Reputation point
    2020-09-23T09:24:52.517+00:00

    Hi, Other answers are correct, the best option is to rely on AD for time synchronisation.

    I just want to add : beware of time sync with physical host on virtual server it may disturb the overall process.

    Solution is just to rely on AD and disable sync with host :)

    Hope this helps

    Alexandre

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.