Windows Server admins should establish one authoritative time source for their organization. Rick Vanover explains how to configure the authoritative time source.
Time management is one of the more critical aspects of system administration. Administrators frequently rely on Active Directory to sync time from client servers and workstations to the domain. But where does Active Directory get its time configuration? Well, that depends on various factors. Default installations may go directly to Microsoft, and virtual machines may set themselves to update to the host servers.
The best way to ensure the time is accurate on a consistent basis is to establish one authoritative time source for your organization. An authoritative time source is the time server(s) that all systems on your network trust as having the accurate time. The source can be an Internet time server or the pool, or it can be something you fully administer internally. Regardless, a designated authoritative time source for a given organization should be determined ahead of time.
From there, you can configure Active Directory domain controllers with the PDC emulator role in a domain to use this list of servers explicitly for their time. Read this TechNet article to learn how the time service operates within a forest. The main takeaway is the w32tm command is used to set a list of peers for specifying where time is sourced for a domain. The command snippet below sets the time peer to an Internet NTP server:
w32tm /config /manualpeerlist:”nist.expertsmi.com” /syncfromflags:manual /reliable:yes /update
If you want to put in a pool of servers, they can be separated by a space. When executed on a domain controller, it executes once and is reflected in the registry. Figure A shows this on a sample domain controller.
Figure A
I recommend applying this configuration to all domain controllers and possibly even making it a Group Policy object as a startup script for the \Domain Controllers organization unit within Active Directory.
This tip applies to current Windows Server technologies, though not much has changed over the years with regard to this topic. See what I mean by reading this Mike Mullins tip posted in February 2006: Synchronize time throughout your entire Windows network.
What do you use for an authoritative time source: an Internet NTP server or something hosted in-house? Let us know in the discussion.
Rick Vanover is an IT Infrastructure Manager for Alliance Data in Columbus, Ohio. Rick's IT certifications include VMware VCP, Microsoft Windows Server 2008 MCITP, Windows Server 2003 MCSA and others. \ \ Previous experiences included working for Dematic Corp (formerly Siemens L&A, Siemens Dematic, Rapistan)in Grand Rapids, MI in various capacities deploying custom software solutions to the material handling industry using a mix of current hardware and software products. You can reach Rick at b4real@usa.net. Follow rick on Twitter at @RickVanover
