RE: [ActiveDir] NTP server
The time on workstations, servers, and DCs within your forest should converge to the time of the PDC role holder of the root domain. http://support.microsoft.com/default.aspx?scid=kb;EN-US;224799 -Original Message- From: Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Monday, July 26, 2004 6:16 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] NTP server OK so our empty forest root controllers are now syncing with tick.navy and tock.navy.usno.mil. I also enabled the NTP registry key so it will allow Win9x clients to sync up with the root controllers. Now the question - when I do a browstat to determine who is the time server according to the browse list, it is some domain controller far away. I don't want that server to be the time server according to the browse list because that means clients will sync with it when they ask for a time sync unless they use /setsntp, right? So how do I fix the browse list to make my root controllers the TS? -Original Message- From: Free, Bob Sent: Friday, February 13, 2004 11:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] NTP Rimmerman, Russ mailto:[EMAIL PROTECTED] wrote: What's everyone syncing all their clocks up with? We have our own enterprise NTP servers, the forest root DCs synch to them. Everything else in AD is in NT5DS mode and time flows down the domain hierarchy. The [gag] remaining NT boxes, have W32time pointed to the AD DC's and get time via SNTP. Do Win2k AD domain controllers automatically respond to SNTP requests? Not sure exactly what you mean- A] Yes they will serve time to a SNTP client, but, you don't want any SNTP clients in your forest, they should all be in NT5DS mode. You want the time to flow down the tree. B] You can use ntpdate on a *NIX box or the W32 port of ntpdate to get a quick picture of how everything is peering up in the forest, what stratum the machines are in and how accurately they are keeping time. W32Time won't answer all NTP requests but the ones in the SNTP spec work. We are currently running a firewall that acts as a NTP server for all our internal PCs (Symantec Enterprise FW) and we're looking at switching to a NetScreen firewall which does not. We're trying to figure out where we should redirect all our time requests to. How are you doing it? Where do your routers get their time? Cisco routers have very accurate clocks according to our NTP guru, (he's very fussy and wants the Stratum 1 machines within a few ms of each other) A lot of people just synch their DC to a core router that's synched to something like USNO or if running DNS on *NIX, they run NTP on the DNS boxes.. Some people in simpler networks just punch a hole for UDP 123 to their forest root PDCe and synch it directly to the internet sources like USNO. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Thursday, July 22, 2004 5:24 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] NTP server Where does everyone have their NTP services come from? We are getting rid of our current firewall which has NTP on it and everything is pointed to it for NTP services. Our new firewall won't have NTP built in, so we are going to have to set up an internal NTP server for all our internal hosts to sync to. Do we put it in the DMZ or the internal network? Or does it matter? Do we just install NTP on an existing Win2k server in our DMZ? What is everyone else doing for NTP? Thanks ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org
RE: [ActiveDir] NTP server
A client computer (or server) in AD will synchronize with the DC that it authenticates and establishes a secure channel with, the browse list has nothing to do with AD time synchronization. Time will automatically flow down AD from the forest root. The 9x clients can't do NTP in the absense of 3rd party SW, they use the old LanMan NetTOD API, That's where the browse list will come into play (only for downlevel clients) Most people just add a NET TIME line in their login scripts for 9x. IE- NET TIME %LOGONSERVER% /SET /Y -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Monday, July 26, 2004 5:16 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] NTP server OK so our empty forest root controllers are now syncing with tick.navy and tock.navy.usno.mil. I also enabled the NTP registry key so it will allow Win9x clients to sync up with the root controllers. Now the question - when I do a browstat to determine who is the time server according to the browse list, it is some domain controller far away. I don't want that server to be the time server according to the browse list because that means clients will sync with it when they ask for a time sync unless they use /setsntp, right? So how do I fix the browse list to make my root controllers the TS? -Original Message- From: Free, Bob Sent: Friday, February 13, 2004 11:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] NTP Rimmerman, Russ mailto:[EMAIL PROTECTED] wrote: What's everyone syncing all their clocks up with? We have our own enterprise NTP servers, the forest root DCs synch to them. Everything else in AD is in NT5DS mode and time flows down the domain hierarchy. The [gag] remaining NT boxes, have W32time pointed to the AD DC's and get time via SNTP. Do Win2k AD domain controllers automatically respond to SNTP requests? Not sure exactly what you mean- A] Yes they will serve time to a SNTP client, but, you don't want any SNTP clients in your forest, they should all be in NT5DS mode. You want the time to flow down the tree. B] You can use ntpdate on a *NIX box or the W32 port of ntpdate to get a quick picture of how everything is peering up in the forest, what stratum the machines are in and how accurately they are keeping time. W32Time won't answer all NTP requests but the ones in the SNTP spec work. We are currently running a firewall that acts as a NTP server for all our internal PCs (Symantec Enterprise FW) and we're looking at switching to a NetScreen firewall which does not. We're trying to figure out where we should redirect all our time requests to. How are you doing it? Where do your routers get their time? Cisco routers have very accurate clocks according to our NTP guru, (he's very fussy and wants the Stratum 1 machines within a few ms of each other) A lot of people just synch their DC to a core router that's synched to something like USNO or if running DNS on *NIX, they run NTP on the DNS boxes.. Some people in simpler networks just punch a hole for UDP 123 to their forest root PDCe and synch it directly to the internet sources like USNO. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Thursday, July 22, 2004 5:24 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] NTP server Where does everyone have their NTP services come from? We are getting rid of our current firewall which has NTP on it and everything is pointed to it for NTP services. Our new firewall won't have NTP built in, so we are going to have to set up an internal NTP server for all our internal hosts to sync to. Do we put it in the DMZ or the internal network? Or does it matter? Do we just install NTP on an existing Win2k server in our DMZ? What is everyone else doing for NTP? Thanks ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have
RE: [ActiveDir] NTP server
OK so our empty forest root controllers are now syncing with tick.navy and tock.navy.usno.mil. I also enabled the NTP registry key so it will allow Win9x clients to sync up with the root controllers. Now the question - when I do a browstat to determine who is the time server according to the browse list, it is some domain controller far away. I don't want that server to be the time server according to the browse list because that means clients will sync with it when they ask for a time sync unless they use /setsntp, right? So how do I fix the browse list to make my root controllers the TS? -Original Message- From: Free, Bob Sent: Friday, February 13, 2004 11:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] NTP Rimmerman, Russ mailto:[EMAIL PROTECTED] wrote: What's everyone syncing all their clocks up with? We have our own enterprise NTP servers, the forest root DCs synch to them. Everything else in AD is in NT5DS mode and time flows down the domain hierarchy. The [gag] remaining NT boxes, have W32time pointed to the AD DC's and get time via SNTP. Do Win2k AD domain controllers automatically respond to SNTP requests? Not sure exactly what you mean- A] Yes they will serve time to a SNTP client, but, you don't want any SNTP clients in your forest, they should all be in NT5DS mode. You want the time to flow down the tree. B] You can use ntpdate on a *NIX box or the W32 port of ntpdate to get a quick picture of how everything is peering up in the forest, what stratum the machines are in and how accurately they are keeping time. W32Time won't answer all NTP requests but the ones in the SNTP spec work. We are currently running a firewall that acts as a NTP server for all our internal PCs (Symantec Enterprise FW) and we're looking at switching to a NetScreen firewall which does not. We're trying to figure out where we should redirect all our time requests to. How are you doing it? Where do your routers get their time? Cisco routers have very accurate clocks according to our NTP guru, (he's very fussy and wants the Stratum 1 machines within a few ms of each other) A lot of people just synch their DC to a core router that's synched to something like USNO or if running DNS on *NIX, they run NTP on the DNS boxes.. Some people in simpler networks just punch a hole for UDP 123 to their forest root PDCe and synch it directly to the internet sources like USNO. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Thursday, July 22, 2004 5:24 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] NTP server Where does everyone have their NTP services come from? We are getting rid of our current firewall which has NTP on it and everything is pointed to it for NTP services. Our new firewall won't have NTP built in, so we are going to have to set up an internal NTP server for all our internal hosts to sync to. Do we put it in the DMZ or the internal network? Or does it matter? Do we just install NTP on an existing Win2k server in our DMZ? What is everyone else doing for NTP? Thanks ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] NTP server
Title: [ActiveDir] NTP server Hi Russ, Yes youll have to configure the PDC-Emulator of the Rootdomain only and reconfigure machines that were configured otherwise to use the default domain behaviour to receive the time again. Heres the domain behaviour in a short NG answer I wrote recently: http://groups.google.com/groups?selm=uHjA0eWaEHA.2516%40TK2MSFTNGP10.phx.gbl Youll be able to find Stratum 1 Timeserver to use on this website: http://www.eecis.udel.edu/~mills/ntp/clock1a.html And what I forgot to mention in the NG: Sometimes Ive seen that a DC which was configured to use another behaviour than NT5DS did not accept the changes of the registry or w32tm command correctly to adjust to the domain behaviour. If this is happening you are able to deregister and register the timeservice again using w32tm /deregister and w32tm /register. Gruesse - Sincerely, Ulf B. Simon-Weidner From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Friday, July 23, 2004 1:26 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] NTP server So your firewall lets only the PDC emulator go out the NTP port, and all devices including things like Switches and Routers all sync with the PDC emulator as well? If we have an empty root domain, could we use the PDC emulator in that domain and have all our child domain servers and all other objects go there just as well? -Original Message- From: Brian Desmond [mailto:[EMAIL PROTECTED]On Behalf Of Brian Desmond Sent: Thursday, July 22, 2004 8:09 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] NTP server I use my PDC. It syncs with the government. All you rclients automatically talk to the PDC unless you told em not to. --Brian -Original Message- From: Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Thu 7/22/2004 7:24 PM To: '[EMAIL PROTECTED]' Cc: Subject: [ActiveDir] NTP server Where does everyone have their NTP services come from? We are getting rid of our current firewall which has NTP on it and everything is pointed to it for NTP services. Our new firewall won't have NTP built in, so we are going to have to set up an internal NTP server for all our internal hosts to sync to. Do we put it in the DMZ or the internal network? Or does it matter? Do we just install NTP on an existing Win2k server in our DMZ? What is everyone else doing for NTP? Thanks ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ~~This e-mail is confidential, may contain proprietary informationof the Cooper Cameron Corporation and its operating Divisionsand may be confidential or privileged.This e-mail should be read, copied, disseminated and/or used onlyby the addressee. If you have received this message in error pleasedelete it, together with any attachments, from your system.~~
RE: [ActiveDir] NTP server
Title: [ActiveDir] NTP server So your firewall lets only the PDC emulator go out the NTP port, and all devices including things like Switches and Routers all sync with the PDC emulator as well? If we have an empty root domain, could we use the PDC emulator in that domain and have all our child domain servers and all other objects go there just as well? -Original Message-From: Brian Desmond [mailto:[EMAIL PROTECTED]On Behalf Of Brian DesmondSent: Thursday, July 22, 2004 8:09 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] NTP server I use my PDC. It syncs with the government. All you rclients automatically talk to the PDC unless you told em not to. --Brian -Original Message- From: Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Thu 7/22/2004 7:24 PM To: '[EMAIL PROTECTED]' Cc: Subject: [ActiveDir] NTP server Where does everyone have their NTP services come from? We are getting ridof our current firewall which has NTP on it and everything is pointed to itfor NTP services. Our new firewall won't have NTP built in, so we are goingto have to set up an internal NTP server for all our internal hosts to syncto. Do we put it in the DMZ or the internal network? Or does it matter?Do we just install NTP on an existing Win2k server in our DMZ? What iseveryone else doing for NTP?Thanks~~This e-mail is confidential, may contain proprietary informationof the Cooper Cameron Corporation and its operating Divisionsand may be confidential or privileged.This e-mail should be read, copied, disseminated and/or used onlyby the addressee. If you have received this message in error pleasedelete it, together with any attachments, from your system.~~List info : http://www.activedir.org/mail_list.htmList FAQ : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ~~This e-mail is confidential, may contain proprietary informationof the Cooper Cameron Corporation and its operating Divisionsand may be confidential or privileged.This e-mail should be read, copied, disseminated and/or used onlyby the addressee. If you have received this message in error pleasedelete it, together with any attachments, from your system.~~
RE: [ActiveDir] NTP server
déjà vu` -Original Message- From: Free, Bob Sent: Friday, February 13, 2004 11:25 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] NTP Rimmerman, Russ mailto:[EMAIL PROTECTED] wrote: What's everyone syncing all their clocks up with? We have our own enterprise NTP servers, the forest root DCs synch to them. Everything else in AD is in NT5DS mode and time flows down the domain hierarchy. The [gag] remaining NT boxes, have W32time pointed to the AD DC's and get time via SNTP. Do Win2k AD domain controllers automatically respond to SNTP requests? Not sure exactly what you mean- A] Yes they will serve time to a SNTP client, but, you don't want any SNTP clients in your forest, they should all be in NT5DS mode. You want the time to flow down the tree. B] You can use ntpdate on a *NIX box or the W32 port of ntpdate to get a quick picture of how everything is peering up in the forest, what stratum the machines are in and how accurately they are keeping time. W32Time won't answer all NTP requests but the ones in the SNTP spec work. We are currently running a firewall that acts as a NTP server for all our internal PCs (Symantec Enterprise FW) and we're looking at switching to a NetScreen firewall which does not. We're trying to figure out where we should redirect all our time requests to. How are you doing it? Where do your routers get their time? Cisco routers have very accurate clocks according to our NTP guru, (he's very fussy and wants the Stratum 1 machines within a few ms of each other) A lot of people just synch their DC to a core router that's synched to something like USNO or if running DNS on *NIX, they run NTP on the DNS boxes.. Some people in simpler networks just punch a hole for UDP 123 to their forest root PDCe and synch it directly to the internet sources like USNO. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ Sent: Thursday, July 22, 2004 5:24 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] NTP server Where does everyone have their NTP services come from? We are getting rid of our current firewall which has NTP on it and everything is pointed to it for NTP services. Our new firewall won't have NTP built in, so we are going to have to set up an internal NTP server for all our internal hosts to sync to. Do we put it in the DMZ or the internal network? Or does it matter? Do we just install NTP on an existing Win2k server in our DMZ? What is everyone else doing for NTP? Thanks ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] NTP server
You can have your Router be the Time Server. Your Router synchs with one of the public servers, then you configure your Root PDCE to synch with your Router. All your other DCs will synch with the Root PDCE. The key is the ReliableTimeServer reg hack. On the other hand, you could do it the way you described, letting you Root PDCE go out and do the synch. I just think that letting the Router do the external part is more efficient. In any case, here is a good read for you: http://www.microsoft.com/windows2000/docs/wintimeserv.doc Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Rimmerman, Russ Sent: Fri 7/23/2004 4:25 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] NTP server So your firewall lets only the PDC emulator go out the NTP port, and all devices including things like Switches and Routers all sync with the PDC emulator as well? If we have an empty root domain, could we use the PDC emulator in that domain and have all our child domain servers and all other objects go there just as well? -Original Message- From: Brian Desmond [mailto:[EMAIL PROTECTED] Behalf Of Brian Desmond Sent: Thursday, July 22, 2004 8:09 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] NTP server I use my PDC. It syncs with the government. All you rclients automatically talk to the PDC unless you told em not to. --Brian -Original Message- From: Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Thu 7/22/2004 7:24 PM To: '[EMAIL PROTECTED]' Cc: Subject: [ActiveDir] NTP server Where does everyone have their NTP services come from? We are getting rid of our current firewall which has NTP on it and everything is pointed to it for NTP services. Our new firewall won't have NTP built in, so we are going to have to set up an internal NTP server for all our internal hosts to sync to. Do we put it in the DMZ or the internal network? Or does it matter? Do we just install NTP on an existing Win2k server in our DMZ? What is everyone else doing for NTP? Thanks ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] NTP server
Hey Russ, This link describes how W2K and W2K3 handle NTP: http://www.netpro.com/products/techdocs/ad_timesync.pdf This link lists public Stratum 1 and Stratum 2 time servers: http://www.eecis.udel.edu/~mills/ntp/servers.html It would make sense to use the PDC emulator as the time server for devices in the respective domains. -gil Gil Kirkpatrick CTO, NetPro From: [EMAIL PROTECTED] on behalf of Rimmerman, Russ Sent: Thu 7/22/2004 5:24 PM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] NTP server Where does everyone have their NTP services come from? We are getting rid of our current firewall which has NTP on it and everything is pointed to it for NTP services. Our new firewall won't have NTP built in, so we are going to have to set up an internal NTP server for all our internal hosts to sync to. Do we put it in the DMZ or the internal network? Or does it matter? Do we just install NTP on an existing Win2k server in our DMZ? What is everyone else doing for NTP? Thanks ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ winmail.dat
RE: [ActiveDir] NTP server
I use my PDC. It syncs with the government. All you rclients automatically talk to the PDC unless you told em not to. --Brian -Original Message- From: Rimmerman, Russ [mailto:[EMAIL PROTECTED] Sent: Thu 7/22/2004 7:24 PM To: '[EMAIL PROTECTED]' Cc: Subject: [ActiveDir] NTP server Where does everyone have their NTP services come from? We are getting rid of our current firewall which has NTP on it and everything is pointed to it for NTP services. Our new firewall won't have NTP built in, so we are going to have to set up an internal NTP server for all our internal hosts to sync to. Do we put it in the DMZ or the internal network? Or does it matter? Do we just install NTP on an existing Win2k server in our DMZ? What is everyone else doing for NTP? Thanks ~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ winmail.dat