MCITP 70-640: Setting an External Time Source
Loading...
Uploaded by itfreetraining on Dec 29, 2011
In any environment you need to ensure that the time and date on your computers is set correctly. If the time drifts too far from the correct time, this can cause problems logging in to the network and cause time sensitive authentication systems to fail. This video looks at keeping computers in your domain up to date and configuring your computers to use a reliable external time source.
All computers have a battery on the motherboard that is responsible for ensuring the internal clock inside the computer does not lose power even when the computer is not plugged in. The internal clock can lose or gain time as time passes. If the clocks get out of sync with the correct time, this can affect authentication systems. Authentication systems that use tickets generate the tickets using the time and date. Big differences in these times will mean that new tickets that were just created will be invalid and can't be used.
Time Hierarchy
When you have computers in a domain, Windows will use a hierarchy approach to ensure that all the times for the computers in the domain are up to date. The root of the hierarchy is the domain controller that is holding the PDC operational master role. This domain controller should have a reliable clock installed in it and/or synced off an external time source. This will ensure that all computers that sync their time from the PDC emulator will have the correct time. If the time is set incorrectly on the PDC emulator, all of the internal clocks of the computers in the domain eventually will be synced to this incorrect time. For this reason it is important to ensure that the domain controller with the PDC emulator role always has the correct time.
Below the PDC emulator in the time hierarchy are all the domain controllers. The domain controllers are responsible for making sure all other computers on the network have the correct time. This includes clients and other servers in the domain known as member servers.
Multiple domains
If you have a network with multiple domains, the child domains should sync their time from the parent domain. The domain controller holding the PDC emulator operational master role in each child domain should be configured to sync their time from the closest domain controller in the parent domain. The PDC emulator in the child domain does not need to sync its time from the PDC emulator in the parent domain; however, it can do so if required.
Syncing the time from an external time source
In order to keep the time current on the PDC emulator or a stand alone server, an external time source can be used. These external time sources are grouped together to form a hierarchy. Each level of the hierarchy is called a stratum. At the top of the hierarchy is stratum 0 which is a very accurate physical time clock. These include atomic, GPS, and radio clocks. In order to access the time from these hardware clocks, these clocks are directly connected to stratum 1 clocks. Stratum 1 clocks may be configured for private access only to decrease the load on them. At the next level is stratum 2. These clocks sync their time directly from stratum 1 and are generally publicly accessible. It is generally considered better to sync from these time clocks rather than stratum 1 as there are more stratum 2 external time clocks, which helps to reduce the load on stratum 1 time clocks. Regardless of which stratum you choose, you should try to choose an external time server that is close to your server. Refer to http://support.microsoft.com/kb/262680 for information on how to find an external time source close to you.
Command line
To configure an external time source run the following command.
w32tm /config /ManualPeerList:(TimeServer) /SyncFromFlags:manual /Reliable:yes /Update
See http://itfreetraining.com or http://youtube.com/ITFreeTraining for our always free training videos. This is only one video of the completely free course for the 70-640 exam available for free on YouTube.
- 6 likes, 0 dislikes
-
- 13 videosActive Directory 70-640 Free Course
- 1:06:43
MCITP 70-647 Lecture 1by Nourelhoda20111,155 views
- 14:10
Adding a Client to a Server Domainby ENProjects3,503 views
- 12:31
An Overview of Networking Monitoring Toolsby TrainSignalInc1,186 views
- 7:09
MCITP 70-640 Installing Active Directory pt 1- 9by Video4utolearn1,448 views
- 5:51
Active Directory Conceptsby computingstudies19,390 views
- 8:50
MCTS 70-680: Windows Updatesby itfreetraining577 views
- 16:35
MCITP 70-640: Seizing rolesby itfreetraining1,150 views
- 17:13
MCTS 70-680: Remote Connectionsby itfreetraining1,012 views
- 12:20
MCITP 70-640: Operators Master Role Placemnet Global catalogby itfreetraining1,980 views
- 18:56
MCITP 70-640: Active Directory Domain Functional Levelsby itfreetraining2,337 views
- 8:48
MCITP 70-640: Introduction To Active Directoryby itfreetraining6,472 views
- 27:00
Capture Performance databy itfreetraining915 views
- 54:17
WSUSby itfreetraining4,393 views
- 7:33
Capturing Data using Microsoft Network Monitorby TrainSignalInc578 views
- 13:01
MCTS 70-680: Bitlocker and Recoveryby itfreetraining1,712 views
- 13:00
IPv4by itfreetraining1,561 views
- 29:00
Windows Server 2008 Firewallby itfreetraining2,839 views
- 1:03
How to run Active Directory time synchronization using the w32tm commandby InterfaceTT301 views
- 15:54
MCTS 70-680: Offline filesby itfreetraining1,424 views
- 3:29
GPanswers: How to make an application run for all users on a group (OU) of desktopsby jeremymoskowitz354 views
@eddieo10 We have almost finished the Windows 7 course, so once that is done we can spend all are time on Active Directory. We will get it done as soon as we can.
itfreetraining 4 weeks ago
Hello, love the videos you are doing a great job! I need to look at taking the 70-640 exam soon and am hoping I will be able to see all your videos for this course first, do you have an time scale of when you might expect to complete this course? Thank you!
eddieo10 1 month ago in playlist Active Directory 70-640 Free Course