That's how I feel. My argument against using the internal firewall is that should someone change the firewall (woops) then every PC get's that change. On the other hand, someone making a change to the DC's time should now enough about AD to not do it. Even then, an alert would be generated (if configured in MOM).
Teo
On 6/12/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
The best approach is to setup NTP on the PDC Emulator role Forest Root DC to point to the two IP addresses by IP on the 2 US Naval Observatory time servers. It is possible to use an internal server but best to use the external ones, depending on the individual company.Chuck
-----Original Message-----
From: Teo De Las Heras <[EMAIL PROTECTED] >
To: [email protected]
Sent: Mon, 12 Jun 2006 13:22:33 -0400
Subject: [ActiveDir] Time Server for Forest Root PDC
How have people on this list configured their Forest Root PDC to synchronize the time service? Is it O.K. to use an internal time server on a firewall? Is it best to point to tick.usno.navy.mil or time.windows.com?Teo
Check out AOL.com today. Breaking news, video search, pictures, email and IM. All on demand. Always Free.
