I haven't had to do anything that detailed, and the native tools have managed the time effectively at locations ranging from 50 users and 100 server, to multi-offices with a total of 400 servers and 4000 users.
-ASB: http://XeeSM.com/AndrewBaker On Fri, Sep 18, 2009 at 12:20 PM, Kennedy, Jim <kennedy...@elyriaschools.org > wrote: > Jumping in late here but let me agree the time service is crap. Here is > how I overcame it. > > > > I use our core Cisco router for the authoritative time source. It does a > good job of keeping it’s clock current. I do not sync it outside I do it > manually if I ever notice a time difference. Since starting to use it I have > only had to do this once or twice in the last few years and that was due to > power outages. You do have to config it to be a time server but it is easy. > The PDC emulator points to it for its time source. GPO tells everyone else > to use the standard windows hierarchy. > > > > Here is the key for us; I set a scheduled task for every server, dc’s and > member servers alike to stop and start the time service twice a day. Once at > 6 am and once at 6 pm. That keeps them right on the money. > > > > Since doing that I have not had any issues for several years. > > > > > > *From:* Andrew S. Baker [mailto:asbz...@gmail.com] > *Sent:* Friday, September 18, 2009 11:45 AM > *To:* NT System Admin Issues > *Subject:* Re: Why is Windows Time service crap? > > > > To follow up on what Ben and Bob have mentioned, you only want/need the DC > with the PDCe role to get its time externally, and the other systems will > get the time from that one. > > What I do then, is to run a script that sets the time server for all other > systems to be blank. (Actually, I let 2 DCs sync outside) > > The time for all my systems remains in sync (my logging script checks this > every morning). > > I have not used an external NTP application for the better part of this > decade. > > -ASB: http://XeeSM.com/AndrewBaker > > On Fri, Sep 18, 2009 at 11:37 AM, Free, Bob <r...@pge.com> wrote: > > [1] You configure the PDCe of the forest root to become the authoritative > time source for your forest. There is a (fairly) strict hierarchy that is > automagically maintained with the other DCs peering up to that one, DCs in > child domains peering to their respective PDCe, member servers and > workstations peering up to their respective DCs. “You” don’t need to “point” > anything to anything other than the root PDCe. I’d respectfully submit that > there is something wrong in your configuration if things are that bad. > > > > Configure the Windows Time service on the PDC emulator > (http://go.microsoft.com/fwlink/?LinkId=91969 > ) > > > > [2]Common issues I’ve seen are misconfiguration, firewall/network issues > and users who have the user right to set system time. > > > > Configure a client computer for automatic domain time synchronization > (http://go.microsoft.com/fwlink/?LinkId=91376 > ) > > > > I would have agreed with your sentiment in NT and actually ran the W32port > of NTP on my DCs back than but for the vast majority of the >20K machines in > my main forest w23time is sufficient. It has improved with every version of > windows and the documentation is an order of magnitude better than it used > to be. The biggest offset among my DCs today is +0.0128225s. We do have > special use cases where we employ other methods but they are definitely the > exception rather than the rule where a particular client needs millisecond > accuracy.. > > > > Windows Time Service Technical Reference > http://technet.microsoft.com/en-us/library/cc773061(WS.10).aspx<http://technet.microsoft.com/en-us/library/cc773061%28WS.10%29.aspx> > > > > I would start at the top and get all the DCs properly synched and work > your way down from there. What version of AD are you running? > > > > > > *From:* richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] > *Sent:* Friday, September 18, 2009 7:37 AM > > > *To:* NT System Admin Issues > > *Subject:* Why is Windows Time service crap? > > > > > Greetings! > > I have workstations and servers in my domain whose time is all over the > place! > > Two servers I manually sync'd with a domain controller less than 24 hours > ago are now once again 3 minutes behind. > > Workstations are up to 5 minutes one way or the other. > > I know this keeps coming up here, but again, please... > > 1. With multiple domain controllers, does one pick one of them, sync to an > outside time source, then somehow point the other DCs to this DC? If so, > then one puts in the name of the selected DC in the registry settings for > time services? OR, does one make sure all the DCs point to the same > external NTP server? > > > 2. Why do servers and workstations drift off, time-wise? How to stop this? > > -- > > Richard D. McClary > Systems Administrator, Information Technology Group > > *ASPCA®* > 1717 S. Philo Rd, Ste 36 > Urbana, IL 61802 > > richardmccl...@aspca.org > > P: 217-337-9761 > C: 217-417-1182 > F: 217-337-9761 > www.aspca.org > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
