Active Directory NTP

Due to the fact that most Windows authentication operations rely heavily on Kerberos and the significant part that time plays, you should always configure time sources for your active directory forests and domains.

In active directory all computers update their time settings from the domains controllers and they in turn update using the domain controller holding the PDC Emulation FSMO role.

So you should always verify that your PDC is able to access the extrnal time source. The command I use to check this is w32tm /stripchart /computer:time.nist.gov. If you do not get any errors from this command then you're probably set.

Another way to check this is to check your firewall's logs after configuring the time settings on PDC. Since a different department may be responsible for the networking, the first way may be the best way to go.

One last thing I use do is to run the command on some clients that may have firewalls between them and the domain controllers or to verify NTP connectivity between sites.

Popular posts from this blog

Domain Controller Machine Password Reset

Configuring a Certificate on Exchange Receive Connector

Managing Active Directory User Certificates using PowerShell