Configure Time Service In Active Directory Environment
Tuesday, 29 September 2009
Windows Time is necessary for domain controllers and client computers. This is a requirement for the Kerberos protocol for authentication purpose. You should keep the following points in mind when configuring the Windows Time Service in an Active Directory environment:
  • Configure your client computers to sync time from it's authentication or local domain controller in the site
  • Configure your DC to sync time from it's PDC Emulator for that domain
  • Configure your Child PDC to sync time from any DC in the Forest Root domain
  • Configure your Forest PDC to sync time from an external source (time.windows.com)
  • For the above things to work, you need to modify two registry entries:
For all Domain Controllers and PDC in the Forest except PDC in the Forest:
Key: HKLM\System\CurrentControlSet\Services\W32Time\Parameters
Entry: Type
Value: NT5DS

For Forest PDC:

Key: HKLM\System\CurrentControlSet\Services\W32Time\Parameters
Entry: Type
Value: NTP
Entry: NTPServer
Value: time.windows.com

 
 
< Prev   Next >
[ Back ]
Advertisement
© d-PIT, 2007-2010.

Site Disclaimer