What do you use for NTP?
We're moving all of our server roles from on specific DC to another in a decommissioning process.
Right now, we have the NTPserver listed as "servername.domain, 0x1" type NT5DS.
I know we could change that to "newserver.domain, 0x1" type NT5DS...but my question is, why would we not use the default "time.microsoft.com, 0x1" type NTP or AllSync?
Would you guys recommend using an external domain and changing the type or leaving it as is?
Right now, we have the NTPserver listed as "servername.domain, 0x1" type NT5DS.
I know we could change that to "newserver.domain, 0x1" type NT5DS...but my question is, why would we not use the default "time.microsoft.com, 0x1" type NTP or AllSync?
Would you guys recommend using an external domain and changing the type or leaving it as is?
Comments
-
blargoe Member Posts: 4,174 ■■■■■■■■■□(I think) the standard is to point the PDC emulator to an external NTP source, and let everything else use the default, which is the address of the PDC emulator.IT guy since 12/00
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands... -
royal Member Posts: 3,352 ■■■■□□□□□□blargoe wrote:(I think) the standard is to point the PDC emulator to an external NTP source, and let everything else use the default, which is the address of the PDC emulator.
Yep, either this or have a dedicated workstation/server in the domain be the NTP Server to an external time source and point the PDCT Emulator to that workstation/server.
And just to clarify, it's the Root PDC Emulator, not all PDC Emulators.
Here is a list of time servers:
http://support.microsoft.com/kb/262680
In the United States, the US Naval Observatory (USNO) maintains two popular external time servers: ntp2.usno.navy.mil (192.5.41.209) and tock.usno.navy.mil (192.5.41.41).
I would recommend configuring Group Policy to ensure that all domain machines cannot be changed from the default settings so that they continue to sync with the domain hierarchy. The Root PDC emulator should be blocked from applying this policy as it should be the only system that does manually sync with an external time source.
For more information on NTP and Group Policy:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03mngd/26_s3wts.mspx“For success, attitude is equally as important as ability.” - Harry F. Banks