You shouldn't be getting skew if the servers can all talk
to each other. The only time I have seen any serious skew in my environment
(Global) has been when one of the following conditions was
present
1. Serious hardware issues where the clock on the machine
was running doubletime or halftime or worse.
2. The SNTP setting for the server has a value and is not
allowed to seek its own time source.
3. Someone manually dorks with the time and pushes it
outside the kerberos cert window.
We
initially would sync all DCs with the local routers wherever they were assuming
they would always be right, we had no end of replication errors due to time sync
problems. I went through and did a net time /setsntp: on every DC (and it is
part of our dcpromo script now too just in case) and a large number of issues
disappeared and we only got skew issues from problems listed
above.
Now
only our Forest Root DCs in our US Data Center actually have hard set time
servers set and those are to the routers there which seem to be ok.
By
default if you don't specify sntp servers the machines will sync all the way
back to the forest root PDC anyway. I can confirm that functionality, I see it
every day.
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto
Sent: Sunday, January 18, 2004 5:31 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Remote time sync of DC
Hi Joe,
Roger,
Sorry for not replying earlier.
We have been arranging some things because we are in the proces of buying a
house.
To answer your questions and
give you an understanding about the matter, why I wanted to synchronize the time
of the DCs remotely.
At the moment I'm developing
Forest Recovery procedures including multiple domains. It is one of the steps in
the procedure. Because of an eventual time skew that can occur (I experienced
this in a test environment) I want to force a time sync accross ALL DCs
(executed remotely) just to be sure that all DCs are in sync with one DC (the
PDC emulator in the forest root domain)
The option of using AT to
schedule a "NET TIME \\SERVER /set" sounds OK to
me
Regards,
Jorge
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent: Friday, January 09, 2004 13:56
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Remote time sync of DC
I
guess I'm having a hard time understanding what you're really trying to
accomplish - the bigger picture. You're writing some sort of script that does
functionality that's already inherent in the product.
Roger
--------------------------------------------------------------
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.
-----Original Message-----
From: Jorge de Almeida Pinto [mailto:[EMAIL PROTECTED]
Sent: Friday, January 09, 2004 3:55 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Remote time sync of DCI want to use a script and try to use standard OS functionality (like WMI for example if ever possible) and I don't want to depend on some executable like RCMDJorge
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 08, 2004 17:37
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Remote time sync of DCThen you'll either need to use rcmd or terminal services - I don't believe net time works remotely--------------------------------------------------------------
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.-----Original Message-----
From: Jorge de Almeida Pinto [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 08, 2004 11:25 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Remote time sync of DCHi Roger,I don't want to specify a SNTP server that a server will use to sync the time from time to time, I just want to force a time sync of a certain DC (task remote executed) with a DC that I specify. Something that works like: "net time \\server /set" but remote executedRegards,Jorge
From: Roger Seielstad [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 08, 2004 17:10
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Remote time sync of DCFrom a command line:net time /setsntp:server.domain.com--------------------------------------------------------------
Roger D. Seielstad - MTS MCSE MS-MVP
Sr. Systems Administrator
Inovis Inc.-----Original Message-----
From: Jorge de Almeida Pinto [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 08, 2004 10:59 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Remote time sync of DCHello all,
I'm trying to find an script/tool to synchronize the time (remote from another computer) of a particular domain controller (Windows 2000) with a domain controller that is specified by me. Is this possible at all? Is it possible to use WMI?
Thanx!
Kind regards,
Jorge de Almeida Pinto
Microsoft Infrastructure Consultant
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
