Salandra, Justin A. <mailto:[EMAIL PROTECTED]> wrote: > Everyone, > > I have my PDC Emulator on a server that is set to a SNTP server on > the web, however all my others servers when I type in net time /set > point to a different server that holds no roles what so ever for AD, > it is just a DC. What am I doing worng.
Short answer- Don't use net time on a DC. Net Time uses the LANMAN NETTOD API's and is not what you want to use on DC's, it doesn't compensate reliably for network induced latency and it also uses browser mechanisms to locate a time source, ick... the time service is far more reliable and accurate and will keep accurate time in the entire forest if left alone. If you feel you must play with the time service, you want to use w32tm after stopping W32Time. As long as your PDCe in the forest root is pointing to a reliable NTP source, just leave the rest of the DC's alone. They will be in NT5DS mode by default and generally a DC will peer up to the PCCe in it's own domain but not always, sometimes it will select another DC in it's own domain. That's fine. Time synchronization will occur authenticated over the secure channels between machines. Manually specified time sources are not authenticated, you can also create loops in the synchronization tree and cause unpredictable results. If you have mucked with the child DC's SNTP sources, you can just issue net time /setsntp with no argument and it will clear the SNTP server entry in the registry and return the box from NTP to NT5DS mode. If you are familiar with full NTP,the w32time SNTP implementation's stratum hierarchy looks this- Stratum 1 External NTP time source 2 PDC emulator of the forest root domain 3 Domain controllers in the forest root domain or PDC emulators in child domains 4 Workstations and member servers in the forest root domain or domain controllers in child domains 5 Workstations and member servers in child domains Bob Free Sr Network Specialist PG&E Auburn, Ca. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
