ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Proper NTP server usage?

    Scheduled Pinned Locked Moved IT Discussion
    30 Posts 9 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dbeatoD
      dbeato @dave247
      last edited by

      @dave247 said in Proper NTP server usage?:

      As a pretty green sysadmin, there have been times where I've needed to point things to an NTP server and I've been kind of fuzzy about the best way to go about this, despite reading various resources online... If my memory is correct, I think I've heard that best-practice is to point all your internal devices to the same internal NTP sever and then have that single internal NTP server sync with an external server. So like I would have all my equipment point to the DC and then have the DC sync with a trustworthy external time server. That being said, I'm a little unclear on the best way to do this.

      I just ran w32tm /query /peers on my DC and it looks like it's pointed to pool.ntp.org. I have been checking various other servers and some things point to the DC where other things point to a list of time servers, usually, 0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org and 3.pool.ntp.org. Sometimes it's a mixture of both.

      I guess my question is this: Should I set up my domain controller to use a better time sever that what it's configured for, or is there a better NTP server I should be using. And then should I just point all servers and appliances in my environment to my domain controller for time synchronization?

      By default Windows Servers point to time.windows.com so you have had something changed already. If you have a Domain you can configure a GPO or registry that points all the computers to a DC for the source of time and then setup a GPO or registry to setup the NTP servers that apply to all the DCs.

      https://blogs.technet.microsoft.com/nepapfe/2013/03/01/its-simple-time-configuration-in-active-directory/

      1 Reply Last reply Reply Quote 0
      • ObsolesceO
        Obsolesce
        last edited by Obsolesce

        In an AD environment, all AD joined computers automatically get their time from the closest DC. Each DC gets its time from the PDCe if you have more than one DC in your environment.

        You don't need to do a thing there.

        That said, I have seen issues using the default time.windows.com or whatever it is by default. So on the PDCE, I am using ntp.org I think. Been a while since I set it up, but think that's the one.

        It's actually very simple, don't let anyone complicate it. You don't need to install the NTP role or whatever, or change or add anything else.

        travisdh1T 1 Reply Last reply Reply Quote 1
        • travisdh1T
          travisdh1 @Obsolesce
          last edited by

          @obsolesce said in Proper NTP server usage?:

          In an AD environment, all AD joined computers automatically get their time from the closest DC. Each DC gets its time from the PDCe if you have more than one DC in your environment.

          You don't need to do a thing there.

          That said, I have seen issues using the default time.windows.com or whatever it is by default. So on the PDCE, I am using ntp.org I think. Been a while since I set it up, but think that's the one.

          It's actually very simple, don't let anyone complicate it. You don't need to install the NTP role or whatever, or change or add anything else.

          2016 changes that. No NTP servers setup by default on the primary FSMO role holder that all computers get their time from. Microsoft's recommendation is to use a USB GPS for the primary time provider. You have to use w32tm if you want to sync with an NTP source now. I've had good results using pool.ntp.org servers.

          ObsolesceO 1 Reply Last reply Reply Quote 0
          • ObsolesceO
            Obsolesce @travisdh1
            last edited by

            @travisdh1 said in Proper NTP server usage?:

            2016 changes that.

            Changes what?

            Did you misread?

            travisdh1T 1 Reply Last reply Reply Quote 0
            • travisdh1T
              travisdh1 @Obsolesce
              last edited by

              @obsolesce said in Proper NTP server usage?:

              @travisdh1 said in Proper NTP server usage?:

              2016 changes that.

              Changes what?

              Did you misread?

              I did not. I got to deal with a client's domain that was implementing only after 2016 became standard. The primary role holder had no time server configured by default. Their entire network was having the clocks sync to a server without ANY time provider.

              ObsolesceO 1 Reply Last reply Reply Quote 0
              • ObsolesceO
                Obsolesce @travisdh1
                last edited by

                @travisdh1 said in Proper NTP server usage?:

                @obsolesce said in Proper NTP server usage?:

                @travisdh1 said in Proper NTP server usage?:

                2016 changes that.

                Changes what?

                Did you misread?

                I did not. I got to deal with a client's domain that was implementing only after 2016 became standard. The primary role holder had no time server configured by default. Their entire network was having the clocks sync to a server without ANY time provider.

                So where was the PDCE getting the time from?

                JaredBuschJ 1 Reply Last reply Reply Quote 0
                • JaredBuschJ
                  JaredBusch @Obsolesce
                  last edited by

                  @obsolesce said in Proper NTP server usage?:

                  @travisdh1 said in Proper NTP server usage?:

                  @obsolesce said in Proper NTP server usage?:

                  @travisdh1 said in Proper NTP server usage?:

                  2016 changes that.

                  Changes what?

                  Did you misread?

                  I did not. I got to deal with a client's domain that was implementing only after 2016 became standard. The primary role holder had no time server configured by default. Their entire network was having the clocks sync to a server without ANY time provider.

                  So where was the PDCE getting the time from?

                  Hardware by default.

                  1 Reply Last reply Reply Quote 2
                  • ObsolesceO
                    Obsolesce
                    last edited by

                    I just stood up a 2016 DC. I did nothing at all to it, and by default it uses the PDCE as the w32tm /query /source.

                    I haven't had a need to stand up a 2016 PDCE, just regular DCs.

                    I'm going to stand one up in a lab to see what the source is by default.

                    I could have sworn it was time.windows.com and not CMOS. That was 2012 R2 though, I'm curious now.

                    dbeatoD 1 Reply Last reply Reply Quote 0
                    • dbeatoD
                      dbeato @Obsolesce
                      last edited by

                      @obsolesce said in Proper NTP server usage?:

                      I just stood up a 2016 DC. I did nothing at all to it, and by default it uses the PDCE as the w32tm /query /source.

                      I haven't had a need to stand up a 2016 PDCE, just regular DCs.

                      I'm going to stand one up in a lab to see what the source is by default.

                      I could have sworn it was time.windows.com and not CMOS. That was 2012 R2 though, I'm curious now.

                      It has always been CMOS first, that's why all the systems that lose their time over time are due to that. Also any VM prior to booting to the OS regardless or not they have Guest Services enabled, get the time from the Host BIOS.

                      ObsolesceO 1 Reply Last reply Reply Quote 1
                      • ObsolesceO
                        Obsolesce @dbeato
                        last edited by

                        @dbeato said in Proper NTP server usage?:

                        @obsolesce said in Proper NTP server usage?:

                        I just stood up a 2016 DC. I did nothing at all to it, and by default it uses the PDCE as the w32tm /query /source.

                        I haven't had a need to stand up a 2016 PDCE, just regular DCs.

                        I'm going to stand one up in a lab to see what the source is by default.

                        I could have sworn it was time.windows.com and not CMOS. That was 2012 R2 though, I'm curious now.

                        It has always been CMOS first, that's why all the systems that lose their time over time are due to that. Also any VM prior to booting to the OS regardless or not they have Guest Services enabled, get the time from the Host BIOS.

                        That makes sense. The PDCE I set to use ntp.org very well may have said CMOS before I changed it. But regardless, when you join a pc or server to the domain, it automatically is set to use the PDCE as the time source.

                        dbeatoD 1 Reply Last reply Reply Quote 1
                        • dbeatoD
                          dbeato @Obsolesce
                          last edited by

                          @obsolesce said in Proper NTP server usage?:

                          @dbeato said in Proper NTP server usage?:

                          @obsolesce said in Proper NTP server usage?:

                          I just stood up a 2016 DC. I did nothing at all to it, and by default it uses the PDCE as the w32tm /query /source.

                          I haven't had a need to stand up a 2016 PDCE, just regular DCs.

                          I'm going to stand one up in a lab to see what the source is by default.

                          I could have sworn it was time.windows.com and not CMOS. That was 2012 R2 though, I'm curious now.

                          It has always been CMOS first, that's why all the systems that lose their time over time are due to that. Also any VM prior to booting to the OS regardless or not they have Guest Services enabled, get the time from the Host BIOS.

                          That makes sense. The PDCE I set to use ntp.org very well may have said CMOS before I changed it. But regardless, when you join a pc or server to the domain, it automatically is set to use the PDCE as the time source.

                          Yes, in a domain all computers get the time from a DC.

                          scottalanmillerS 1 Reply Last reply Reply Quote 1
                          • scottalanmillerS
                            scottalanmiller @dbeato
                            last edited by

                            @dbeato said in Proper NTP server usage?:

                            @obsolesce said in Proper NTP server usage?:

                            @dbeato said in Proper NTP server usage?:

                            @obsolesce said in Proper NTP server usage?:

                            I just stood up a 2016 DC. I did nothing at all to it, and by default it uses the PDCE as the w32tm /query /source.

                            I haven't had a need to stand up a 2016 PDCE, just regular DCs.

                            I'm going to stand one up in a lab to see what the source is by default.

                            I could have sworn it was time.windows.com and not CMOS. That was 2012 R2 though, I'm curious now.

                            It has always been CMOS first, that's why all the systems that lose their time over time are due to that. Also any VM prior to booting to the OS regardless or not they have Guest Services enabled, get the time from the Host BIOS.

                            That makes sense. The PDCE I set to use ntp.org very well may have said CMOS before I changed it. But regardless, when you join a pc or server to the domain, it automatically is set to use the PDCE as the time source.

                            Yes, in a domain all computers get the time from a DC.

                            They SHOULD anyway.

                            dbeatoD 1 Reply Last reply Reply Quote 1
                            • dbeatoD
                              dbeato @scottalanmiller
                              last edited by

                              @scottalanmiller said in Proper NTP server usage?:

                              @dbeato said in Proper NTP server usage?:

                              @obsolesce said in Proper NTP server usage?:

                              @dbeato said in Proper NTP server usage?:

                              @obsolesce said in Proper NTP server usage?:

                              I just stood up a 2016 DC. I did nothing at all to it, and by default it uses the PDCE as the w32tm /query /source.

                              I haven't had a need to stand up a 2016 PDCE, just regular DCs.

                              I'm going to stand one up in a lab to see what the source is by default.

                              I could have sworn it was time.windows.com and not CMOS. That was 2012 R2 though, I'm curious now.

                              It has always been CMOS first, that's why all the systems that lose their time over time are due to that. Also any VM prior to booting to the OS regardless or not they have Guest Services enabled, get the time from the Host BIOS.

                              That makes sense. The PDCE I set to use ntp.org very well may have said CMOS before I changed it. But regardless, when you join a pc or server to the domain, it automatically is set to use the PDCE as the time source.

                              Yes, in a domain all computers get the time from a DC.

                              They SHOULD anyway.

                              Yeah, that's important to note, should is the keyword.

                              1 Reply Last reply Reply Quote 0
                              • 1
                              • 2
                              • 1 / 2
                              • First post
                                Last post