• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

NTP and Group Policy

B

brad310

Senior member
We just brought a new backup DC online and want to use it to give time to the rest of the domain.

What I would like for it to do is use its own time to push out to the rest of the domain . When I read about how to do this on the MS website they have all kinds of regedit stuff to do. However, if what I'm reading on the GP explanations is correct, just enabling and configuring these GP's should do the job...just thought I would run it by you guys.

This is what I'm thinking (and I have been hesitant to do this because of any authentication issues that might arise)

First - Configure this policy:
Time Service GP1

Second - Configure these policies:
Time Service GP2

We're a single domain, a PDC and 1 BDC.

Would my assumption be correct that these policies could replace using the win32tm and updating the registry values?

I wish I had a couple of test machines, which I don't...but is it enough to just set the group policy and be done with it?

I wasnt really sure which forum to throw this in, but usually people involved in networking are also involved in server management 😛
 
If you want to test the new GP without affecting existing users just create a new OU, apply your new GP to it. Then create a new user domain account and place it into your new OU. Then log onto a machine or machines. If everything is ok the GP should get pulled down. Verify, run command prompt, type "gpupdate /force" let that execute, then type "gpresult" that will tell you all the GP information applied for the user account.
 
Just setup which ever DC that is the PDC emulator to sync with an inside/outside reliable time source. RebateMonger posted the docs above on how to do that. That is all you need to do. All the members in the domain will automatically source their time from the PDC emulator.

FYI....There is no such thing as a PDC/BDC anymore, unless god forbid you still have a NT DC on your domain. They are all DC's since Win 2000 server came about.

John
 
Originally posted by: netsysadmin
Just setup which ever DC that is the PDC emulator to sync with an inside/outside reliable time source. RebateMonger posted the docs above on how to do that. That is all you need to do. All the members in the domain will automatically source their time from the PDC emulator.

FYI....There is no such thing as a PDC/BDC anymore, unless god forbid you still have a NT DC on your domain. They are all DC's since Win 2000 server came about.

John
Click to expand...

I am assuming when he is saying PDC and BDC he is talking about what roles each holds?
 
Originally posted by: Genx87
Originally posted by: netsysadmin
Just setup which ever DC that is the PDC emulator to sync with an inside/outside reliable time source. RebateMonger posted the docs above on how to do that. That is all you need to do. All the members in the domain will automatically source their time from the PDC emulator.

FYI....There is no such thing as a PDC/BDC anymore, unless god forbid you still have a NT DC on your domain. They are all DC's since Win 2000 server came about.

John
Click to expand...

I am assuming when he is saying PDC and BDC he is talking about what roles each holds?
Click to expand...

PDC and BDC roles went out when Server 2000 and AD came about. Now all DC's are writable. The only way you would have a BDC is if you were migrating from NT to 2000/2003 and you did not finish upgrading the rest of the DC's to server 2000/2003. That is why there still is a FSMO role of PDC Emulator, but it is strictly for backwards compatibility with NT DC's...it is not really a PDC. These days when someone says PDC/BDC and they are talking about an AD domain it makes them look like they dont know what they are talking about.

John
 
Originally posted by: netsysadmin
Originally posted by: Genx87
Originally posted by: netsysadmin
Just setup which ever DC that is the PDC emulator to sync with an inside/outside reliable time source. RebateMonger posted the docs above on how to do that. That is all you need to do. All the members in the domain will automatically source their time from the PDC emulator.

FYI....There is no such thing as a PDC/BDC anymore, unless god forbid you still have a NT DC on your domain. They are all DC's since Win 2000 server came about.

John
Click to expand...

I am assuming when he is saying PDC and BDC he is talking about what roles each holds?
Click to expand...

PDC and BDC roles went out when Server 2000 and AD came about. Now all DC's are writable. The only way you would have a BDC is if you were migrating from NT to 2000/2003 and you did not finish upgrading the rest of the DC's to server 2000/2003. That is why there still is a FSMO role of PDC Emulator, but it is strictly for backwards compatibility with NT DC's...it is not really a PDC. These days when someone says PDC/BDC and they are talking about an AD domain it makes them look like they dont know what they are talking about.

John
Click to expand...

I understand that, just assuming\asking why he would label it as such.
 
Now all DC's are writable.
Click to expand...
Except if it's a 2008 RODC 😉 BDCs are back! (sorta)

But yeah, you don't need to do anything except set the PDCe to sync with a reliable time source. Everything flows down from there.
 
but it is strictly for backwards compatibility with NT DC's...it is not really a PDC.
Click to expand...
The PDCe does a lot more than provide backcompat with NT DCs. NTP is one example, it's also where all GPOs are created and edited by default, and where all incorrect password attempts go to since password changes are replicated to the PDCe first. The PDCe also handles all account lockouts in the domain.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top