well, yes.... but it is not needed for the time service.... By default the time sync within a forest/domain is automatically configured as it shoud be... Each client and server syncs time with the authenticating DC Each DC syncs time with the PDC in the same domain or with parent DCs (from a parent domain) The PDC syncs time with parent DCs (from a parent domain) The PDC in the forest root domain is the only DC you need to configure for time sync and for that several possibilties exist: External/Internal Time Source Internal hardware clock Jorge
________________________________ From: [EMAIL PROTECTED] on behalf of Douglas M. Long Sent: Wed 2005-12-28 19:18 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Time Service Isn't it best practice to set the entire domain time policy at the domain level (Default Domain Policy) instead of trying to set every machine or every OU separately? ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Wednesday, December 28, 2005 12:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Time Service why are you using the GPO to configure the time service on the PDC? Why not just configure the PDC with the commands and info provided? Jorge ________________________________ From: [EMAIL PROTECTED] on behalf of Douglas M. Long Sent: Wed 2005-12-28 18:42 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Time Service OK, so then I am still not synching with an external time source. I have followed the steps, and still I get the same thing. I can not figure out what it causing it to not use the server I specify. I am guessing it has something to do with some group policy setting? Do I need to block inheritance on the default domain controller GPO and have different settings? ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, December 28, 2005 12:03 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Time Service To keep things simple, doing Net time /setsntp:pool.ntp.org then net stop w32time& net start w32time and net time /querysntp (ALL at the PDC-E) should give acceptable result. If it doesn't, then something at the firewall may be blocking 123 Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com <http://www.readymaids.com/> - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Almeida Pinto, Jorge de Sent: Wednesday, December 28, 2005 8:49 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Time Service w32tm /monitor dc1.domain.com *** PDC *** [10.100.110.12]: ICMP: 0ms delay. NTP: +0.0000000s offset from dc1.domain.com RefID: 'LOCL' [76.79.67.76] <<<<<<<<<<<<<<<<<<<<<<<<THIS IS THE TIME SERVER THE PDC IS POINTING TO A PDC that is not configured with an external time source:(default after install) C:\>w32tm /monitor rootdc001.ADCORP.LAN *** PDC *** [10.0.0.1]: ICMP: 0ms delay. NTP: +0.0000000s offset from rootdc001.ADCORP.LAN RefID: 'LOCL' [76.79.67.76] A PDC that is configured with an external time source C:\>w32tm /monitor PDC.DOMAIN.LOCAL *** PDC *** [172.16.1.1]: ICMP: 0ms delay. NTP: +0.0000000s offset from PDC.DOMAIN.LOCAL RefID: (unknown) [internet IP] A PDC that is configured to sync with its own internal clock C:\>w32tm /monitor rootdc001.ADCORP.LAN *** PDC *** [10.0.0.1]: ICMP: 0ms delay. NTP: +0.0000000s offset from rootdc001.ADCORP.LAN RefID: 'LOCL' [76.79.67.76] In addition to what Ulf said: http://blogs.dirteam.com/blogs/jorge/archive/2005/11/20/111.aspx Cheers, Jorge ________________________________ From: [EMAIL PROTECTED] on behalf of Douglas M. Long Sent: Wed 2005-12-28 16:30 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Time Service I have Run w32tm /config /update /syncfromflags:MANUAL /manualpeerlist: "navobs1.oar.net" and also verified HKLM\System\CCS\Services\w32time\Parameters Type=NTP is set. I stopped and started w32time, and still the PDC-E points to itself. Or at least that is what I think it is saying. Isn't LOCL in the following telling me that it is looking at itself instead of an external time source? w32tm /monitor dc1.domain.com *** PDC *** [10.100.110.12]: ICMP: 0ms delay. NTP: +0.0000000s offset from dc1.domain.com RefID: 'LOCL' [76.79.67.76] ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner Sent: Wednesday, December 28, 2005 9:58 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Time Service Hi Douglas, To configure domain members and DCs to use the default behavior, either Run w32tm /config /update /syncfromflags:DOMHIER Or check the following registrykey HKLM\System\CCS\Services\w32time\Parameters Type=NT5DS To configure a server to use a NTP-Timesource (what you want to do on the PDC-E of the forest root): Run w32tm /config /update /syncfromflags:MANUAL /manualpeerlist:"fqdn1 fqdn2 ip1" Or check the following registrykeys HKLM\System\CCS\Services\w32time\Parameters Type=NTP NTPServer="fqdn1 fqdn2 ip1" To configure a server to trust his BIOS-Clock (test-environment) or which is getting it's time from a 3rd party soft- or hardware attached locally check the following reg-keys: HKLM\System\CCS\Services\w32time\Parameters Type=NoSync ReliableTimeSource = 1 (reg_dword) Afterwards I'd restart w32time using net stop w32time && net start w32time Gruesse - Sincerely, Ulf B. Simon-Weidner MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz <http://tinyurl.com/44zcz> Weblog: http://msmvps.org/UlfBSimonWeidner <http://msmvps.org/UlfBSimonWeidner> Website: http://www.windowsserverfaq.org <http://www.windowsserverfaq.org> Profile: http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C811D <http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C811D> ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Wednesday, December 28, 2005 3:09 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Time Service I have read the Time Service white paper from Microsoft and am still confused. I have set the default domain GPO to use NT5DS under Configure Windows NTP Client, and set an external time server (navobs1.oar.net,0x1) for NTPServer. I have also set Enable Windows NTP Server to enabled. There are no other time related GPOs set in the domain. I was under the assumption that with that setting my PDC emulator (DC1) should be synching with navobs1.oar.net,0x1 and the other DC synchs with the PDC emulator, and then all clients synch to the closest DC. When I run a w32tm /monitor from the either DC or from any clients, I get the following. dc1.domain.com *** PDC *** [10.100.110.12]: ICMP: 0ms delay. NTP: +0.0000000s offset from dc1.domain.com RefID: 'LOCL' [76.79.67.76] dc2.domain.com [10.100.110.13]: ICMP: 0ms delay. NTP: +0.0226641s offset from dc1.domain.com RefID: dc1.domain.com [10.100.110.12] When I run it from a client: dc1.domain.com *** PDC *** [10.100.110.12]: ICMP: 0ms delay. NTP: +0.0000000s offset from dc1.domain.com RefID: 'LOCL' [76.79.67.76] dc2.domain.com [10.100.110.13]: ICMP: 8ms delay. NTP: +0.0342476s offset from dc1.domain.com RefID: dc1.domain.com [10.100.110.12] What I am seeing is that everything is working except DC1 is not synching with an external time server. Is that correct, or am I reading that wrong? If it isn't synching with an external time source, what setting am I missing? List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
<<winmail.dat>>
