>From the command line, I've never seen NT5DS as an option. Only have seen it in GPO's
As such, in all environments I've worked on, as part of initial DC creation, I set the DC's to use the domain hierarchy, and configure the DC holding the PDCe role to sync to external NTP servers. In helping others, I have them run the same commands on all their DC's to make sure they all are synch'd to the PDCe first. Then have them configure the PDCe to synch to an outside source, usually over a weekend if the time difference is >5 minutes. Follow the above with using GPOs to use NT5DS for a time source on servers & workstations. To date *knock on wood*, I've not had an AD environment get out of synch (time wise). An additional side benefit is end user perception, in that their cell phones & computers now "match", and aren't off by X minutes. As far as Phone systems, well if the phone system can be configured to synch to an NTP/SNTP server, I point them to the PDCe (or closest DC), but in the few phone systems I've worked on, it's hit or miss if it will actually synch time correctly. I tell users that the computer has the correct time, and it's synch'd from the atomic clocks. To verify, go to www.time.gov & verify that the NTP time is +/- 3seconds of what the computer shows. Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: Christopher Bodnar [mailto:[email protected]] Sent: Tuesday, March 03, 2009 12:12 PM To: NT System Admin Issues Subject: RE: Bizarro-world: fixed! (mostly) I would change the Type to NT5DS and let the PDCE set it's time using the domain hierarchy. Just curious, are all your DC's or servers set to this? Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: [email protected] Phone: 610-807-6459 Fax: 610-807-6003 ________________________________ From: Scott Kaufman at HQ [mailto:[email protected]] Sent: Tuesday, March 03, 2009 11:50 AM To: NT System Admin Issues Subject: RE: Bizarro-world: fixed! (mostly) On the remote DC, open a command prompt & type: W32tm /config /syncfromflags:DOMHIER /update Net stop w32time & net start w32time On the PDCe server, I configure it to synch from external sources with the following command: w32tm /config /manualpeerlist:"pool.ntp.org nist.netservicesgroup.com time-a.timefreq.bldrdoc.gov time-b.timefreq.bldrdoc.gov time-c.timefreq.bldrdoc.gov time.nist.gov nist1-ny.witime.net time-a.nist.govtime-b.nist.gov nist1-dc.witime.net nist1.aol-va.symmetricom.com" /reliable:yes /syncfromflags:MANUAL /update Scott Kaufman Lead Network Analyst ITT ESI, Inc. From: David Lum [mailto:[email protected]] Sent: Tuesday, March 03, 2009 11:34 AM To: NT System Admin Issues Subject: RE: Bizarro-world: fixed! (mostly) Site1 DC2. How to I tell this server to sync with that? From: Michael B. Smith [mailto:[email protected]] Sent: Tuesday, March 03, 2009 7:24 AM To: NT System Admin Issues Subject: RE: Bizarro-world: fixed! (mostly) Time comes from the PDCe. Which one holds that? From: David Lum [mailto:[email protected]] Sent: Tuesday, March 03, 2009 10:15 AM To: NT System Admin Issues Subject: RE: Bizarro-world: fixed! (mostly) The 12 minute time offset was the issue! Changed the time, forced replication...presto! However the DC in question still shows "NtpClient has no source of accurate time" in the event log. The registry has the following entries in HKLM\System\CurrentControlSet\Service\W32Time\Parameters Ntpserver: time.windows.com,0x1 Type: NTP (plus entries for ServiceDLL and ServiceMain likely not relevant). It's possible port 123 isn't open from this server to the Internet, but I'd just as soon have this DC get it's time from the DC's in my office anyhow. I found this article: http://support.microsoft.com/kb/216734, but do I need to do something special since it's a DC? David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Monday, March 02, 2009 3:54 PM To: NT System Admin Issues Subject: Re: Bizarro-world On Mon, Mar 2, 2009 at 11:17 AM, David Lum <[email protected]> wrote: > 2) Rename Server1 to Server1-old, change IP address > I'm confused why it'd work at their site but not ours? Just a guess, but: When you did the renames, did you make sure you also renamed the NetBIOS ("Pre-Windows 2000" or whatever) name as well? -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ________________________________ This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
