Just a quick note to advise how I done this…in response to a call of course. Kerberos authentication is based on time stamps so time accuracy is vital in Microsoft Windows infrastructures.
Looked up this website technet ntp article
This looked the easiest as other sites wanted to edit the registry…I also backed up the regkey to the desktop on the domain controller I RDP'd to before editing the registry so I could put it back to the original settings.
To check how FSMO roles are configured on the domain
netdom query /domain:domain_name.co.uk fsmo
Schema owner dc-1. domain_name.co.uk
Domain role owner dc-1 . domain_name.co.uk
PDC role dc-2. domain_name.co.uk
RID pool manager dc-2 . domain_name.co.uk
Infrastructure owner dc-2. domain_name.co.uk
The command completed successfully.
So now I know what is the PDC emulator, I know that dc-2. domain_name.co.uk is the server that will sync time to the domain.
From a CLI shell on
dc-2. domain_name.co.uk
w32tm /stripchart /computer:ip_addr_timesource /samples:5 /dataonly
Tracking ip_addr_timesource [ip_addr_timesource].
Collecting 5 samples.
The current time is 5/31/2010 1:52:31 PM (local time).
13:52:31, -00.1630267s
13:52:33, -00.1731537s
13:52:35, -00.1735452s
13:52:37, -00.1736697s
13:52:39, -00.1735333s
The current time is 5/31/2010 1:52:31 PM (local time).
13:52:31, -00.1630267s
13:52:33, -00.1731537s
13:52:35, -00.1735452s
13:52:37, -00.1736697s
13:52:39, -00.1735333s
Note: there are time sources available on the internet, some organisations have one internal time source that syncs with an external time source then every internal network device syncs to that, you just have to choose what is best, that will depend on how network firewalls are configured on your network.
You can see time is out by 1/4 of a second, now type….
w32tm /config /manualpeerlist:ip_addr_timesource /syncfromflags:manual /reliable:yes /update
This syncs the PDC Emulator to your chosen time source
ip_addr_timesource
now we can test by typing
w32tm /stripchart /computer: ip_addr_timesource /samples:5 /dataonly
Tracking ip_addr_timesource [ip_addr_timesource].
Collecting 5 samples.
The current time is 5/31/2010 1:58:57 PM (local time).
13:58:57, +00.0060605s
13:58:59, -00.0001721s
13:59:01, -00.0005527s
13:59:03, -00.0002389s
13:59:05, -00.0002778s
Which is probobaly as close as you can get to being dead-on….depending on clock’s quartz crystals of the servers and lan devices!!!!!
Some links...
No comments:
Post a Comment