On Tue, Feb 18, 2014 at 8:50 AM, Ken Cornetet <[email protected]> wrote: > Yes, member computers and non-PDC DCs in a domain sync to the PDC emulator > for the domain.
I don't believe that's exactly correct. By default: Active Directory (AD) members get their time from their domain's Domain Controllers (DCs). An "AD member" is any computer that's joined to a domain but not a DC. That includes "servers" and "clients". DCs get their time from the domain's PDC emulator (PDCe), *or* a parent domain's DCs.[1] PDCe's get their time from the forest root domain's PDCe, *or* a parent domain's DCs. The forest root PDCe gets its time from the local machine's clock. All of the above may be changed. In particular, it's strongly recommended to configure the forest root PDCe to obtain it's time from an external source, such as public NTP servers. Per: http://i.technet.microsoft.com/dynimg/IC195579.gif (From: http://technet.microsoft.com/en-us/library/cc773013%28v=ws.10%29.aspx) -- Ben [1] I didn't know (or had forgotten) about this second part. That's why it's always good to check your facts.
