I have my virtual copy of my AD structure just about all ready to go. The DCs are on an isolated vSwitch on VMware ESX 4.1. The last step is to set up time sync, I think.
According to <http://www.sole.dk/post/how-to-configure-your-virtual-domain-controllers-and-avoid-simple-mistakes-with-resulting-big-problems/?p=387>, it looks like I want to set the DC as "reliable", to act as it's own time source (getting it from VMware Tools, which gets it from the ESX server, which gets it via NTP from my production PDC DC). But that article says "Configure virtual Domain Controllers, not to sync with the time service by using the NoSync parameter and let the service know that the server has an authorative time". I am unclear on this "no sync" parameter. MS says (<http://support.microsoft.com/kb/816042>), "Configuring the Windows Time service to use an internal hardware clock ", to do: To configure the PDC master without using an external time source, change the announce flag on the PDC master. The PDC master is the server that holds the forest root PDC master role for the domain. This configuration forces the PDC master to announce itself as a reliable time source and uses the built-in complementary metal oxide semiconductor (CMOS) clock. To configure the PDC master by using an internal hardware clock, follow these steps: Click Start, click Run, type regedit, and then click OK. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags In the right pane, right-click AnnounceFlags, and then click Modify. In Edit DWORD Value, type A in the Value data box, and then click OK. Quit Registry Editor. At the command prompt, type the following command to restart the Windows Time service, and then press ENTER: net stop w32time && net start w32time That's relatively clear. But where is the "no sync" that the first web page spoke of? So what changes (if any) should I make to the time service of this lab AD, considering that it can't reach the outside world for an NTP source? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
