What do you use for NTP?

We're moving all of our server roles from on specific DC to another in a decommissioning process.

Right now, we have the NTPserver listed as "servername.domain, 0x1" type NT5DS.

I know we could change that to "newserver.domain, 0x1" type NT5DS...but my question is, why would we not use the default "time.microsoft.com, 0x1" type NTP or AllSync?

Would you guys recommend using an external domain and changing the type or leaving it as is?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

blargoe

(I think) the standard is to point the PDC emulator to an external NTP source, and let everything else use the default, which is the address of the PDC emulator.

royal

blargoe wrote:

(I think) the standard is to point the PDC emulator to an external NTP source, and let everything else use the default, which is the address of the PDC emulator.

Yep, either this or have a dedicated workstation/server in the domain be the NTP Server to an external time source and point the PDCT Emulator to that workstation/server.

And just to clarify, it's the Root PDC Emulator, not all PDC Emulators.

Here is a list of time servers:
http://support.microsoft.com/kb/262680

In the United States, the US Naval Observatory (USNO) maintains two popular external time servers: ntp2.usno.navy.mil (192.5.41.209) and tock.usno.navy.mil (192.5.41.41).

I would recommend configuring Group Policy to ensure that all domain machines cannot be changed from the default settings so that they continue to sync with the domain hierarchy. The Root PDC emulator should be blocked from applying this policy as it should be the only system that does manually sync with an external time source.

For more information on NTP and Group Policy:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03mngd/26_s3wts.mspx