1 / 5

Active Directory

Active Directory. Time Synchronization. Time Synchronization. Vital to correct operation of kerberos authentication Generally maintains itself within pure 2000 domain Can synchronize time to external time source Uses sntp (subset of ntp). Time Synchronization Hierarchy.

aolani
Download Presentation

Active Directory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Active Directory Time Synchronization

  2. Time Synchronization • Vital to correct operation of kerberos authentication • Generally maintains itself within pure 2000 domain • Can synchronize time to external time source • Uses sntp (subset of ntp)

  3. Time Synchronization Hierarchy • 2000 client PCs and member servers synchronize with authenticating DC • If unavailable then with another DC in the same domain • Other DCs in a domain synchronize with domain PDC emulator • PDC emulator synchronizes with PDC emulator in another domain using domain hierarchy to determine which to synchronize with • Ultimately PDC emulators synchronize with forest root PDC emulator • Forest root PDC emulator can be configured to synchronize with external time source (ntp)

  4. Synchronizing with an External Time Source • Only on PDC emulator of forest root domain • Use following command • Net time /setsntp:"ntp0.oucs.ox.ac.uk ntp1.oucs.ox.ac.uk“ • Changes registry entry • NB If you move the PDC emulator role, you may need to repeat this command on new PDC emulator • Old PDC emulator should ignore setting and synchronize instead with new PDC emulator

  5. References • Windows 2000 Utilities: Taming the Time Service • http://www.swynk.com/friends/shinder/timeservice.asp • Windows 2000 vs. Windows NT Time Synchronization • http://www.winntmag.com/Articles/Print.cfm?ArticleID=8456 • Basic Operation of the Windows Time Service • http://support.microsoft.com/support/kb/articles/Q224/7/99.ASP • How to Configure an Authoritative Time Server in Windows 2000 • http://support.microsoft.com/support/kb/articles/Q216/7/34.ASP • Registry Entries for the W32Time Service • http://support.microsoft.com/support/kb/articles/Q223/1/84.ASP

More Related