shouldbeq931 at gmail.com
Mon Aug 3 19:43:55 UTC 2020
On Mon, Aug 3, 2020 at 5:13 PM Maurizio Cimaschi <maurizio at cimaschi.it> wrote:
> On Mon, Aug 03, 2020 at 03:28:53PM +0100, shouldbe q931 wrote:
> > Windows will sync directly from most NTP servers
> > Enable the time service.
> > w32tm /register
> > Configure the time service
> > w32tm /config /manualpeerlist:"ntp1.local.domain ntp2.local.dommain"
> > /syncfromflags:manual /update
> Hello Arne,
> thank you for your answer.
> That was my "last resort". The problem with doing so is that you get
> away with both the security (which may be not such an issue) and the
> convenince of the "autodiscovery" of time server for domain members (long
> story short: every domain controller is a valid time source, and all the
> DCs are synchronized to the primary domain controller, so in the end
> every member is synchronized to the PDC).
Different horses for different courses, I set every VM host and every
DC to point at internal local NTP servers ("clusters" of three), and
then just use the AD Domain for everything else. Just relying on the
PDC emulator FSMO role on domains that span continents I have found
to be "sub optimal".
In some environments I have set all Windows OS instances to use
internal NTP servers and ignored the AD Domain time "hierarchy", and
that also works (-:
More information about the users