MCITP 70-640: Setting an External Time Source

preview_player
Показать описание
In any environment you need to ensure that the time and date on your computers is set correctly. If the time drifts too far from the correct time, this can cause problems logging in to the network and cause time sensitive authentication systems to fail. This video looks at keeping computers in your domain up to date and configuring your computers to use a reliable external time source.

All computers have a battery on the motherboard that is responsible for ensuring the internal clock inside the computer does not lose power even when the computer is not plugged in. The internal clock can lose or gain time as time passes. If the clocks get out of sync with the correct time, this can affect authentication systems. Authentication systems that use tickets generate the tickets using the time and date. Big differences in these times will mean that new tickets that were just created will be invalid and can't be used.

Time Hierarchy
When you have computers in a domain, Windows will use a hierarchy approach to ensure that all the times for the computers in the domain are up to date. The root of the hierarchy is the domain controller that is holding the PDC operational master role. This domain controller should have a reliable clock installed in it and/or synced off an external time source. This will ensure that all computers that sync their time from the PDC emulator will have the correct time. If the time is set incorrectly on the PDC emulator, all of the internal clocks of the computers in the domain eventually will be synced to this incorrect time. For this reason it is important to ensure that the domain controller with the PDC emulator role always has the correct time.

Below the PDC emulator in the time hierarchy are all the domain controllers. The domain controllers are responsible for making sure all other computers on the network have the correct time. This includes clients and other servers in the domain known as member servers.

Multiple domains
If you have a network with multiple domains, the child domains should sync their time from the parent domain. The domain controller holding the PDC emulator operational master role in each child domain should be configured to sync their time from the closest domain controller in the parent domain. The PDC emulator in the child domain does not need to sync its time from the PDC emulator in the parent domain; however, it can do so if required.

Syncing the time from an external time source

Command line
To configure an external time source run the following command.
w32tm /config /ManualPeerList:(TimeServer) /SyncFromFlags:manual /Reliable:yes /Update
  1. ITFreeTraining
  2. External time source
  3. Synchronization Time
  4. w32tm
  5. Active Directory
  6. 70-640
Рекомендации по теме
MCITP 70-640: Setting 0:09:26

MCITP 70-640: Setting an External Time Source

MCITP 70-640: Windows 0:15:30

MCITP 70-640: Windows Security Settings and Security Templates

MCITP 70-640: Installing 0:17:57

MCITP 70-640: Installing Active Directory

MCITP 70-640: Upgrading 0:11:57

MCITP 70-640: Upgrading Active Directory

MCITP 70-640: Operation 0:13:03

MCITP 70-640: Operation Master Roles

MCITP 70-640: Installing 0:15:07

MCITP 70-640: Installing Active Directory on Server Core

MCITP 70-640: Active 0:05:55

MCITP 70-640: Active Directory System Requirments

MCITP 70-640: Group 0:11:13

MCITP 70-640: Group Strategy AGDLP

MCITP 70-640: Security 0:15:46

MCITP 70-640: Security Configuration Wizard

MCITP 70-640: Sites 0:09:53

MCITP 70-640: Sites and Subnets

MCITP 70-640: Windows 0:06:20

MCITP 70-640: Windows Contacts

MCITP 70-640: Moving 0:08:29

MCITP 70-640: Moving Operation Master Roles

MCITP 70-640: New 0:14:30

MCITP 70-640: New Features in Windows Server 2008 R2 and Service Pack 1

MCITP 70-640: Seizing 0:16:35

MCITP 70-640: Seizing roles

MCITP 70-640: Active 0:18:56

MCITP 70-640: Active Directory Domain Functional Levels

MCITP 70-640: Group 0:14:23

MCITP 70-640: Group Policy Processing Order

MCITP 70-640: Active 0:20:45

MCITP 70-640: Active Directory Trusts

MCITP 70-640: Special 0:12:12

MCITP 70-640: Special Identities

MCITP 70-640: Universal 0:08:36

MCITP 70-640: Universal Group Membership Caching

MCITP 70-640: Active 0:17:24

MCITP 70-640: Active Directory Forest Functional Levels

MCITP 70-640: Operators 0:12:08

MCITP 70-640: Operators Master Role Placement Global catalog

MCITP 70-640: Creating 0:31:38

MCITP 70-640: Creating a user

MCITP 70-640: Active 0:18:41

MCITP 70-640: Active Directory different group types available

MCITP 70-640: Active 0:26:14

MCITP 70-640: Active Directory Replication

Комментарии
Автор

Thanks, glad to hear that you like our work.

itfreetraining
Автор

The clients will automatically sync of their local domain controller. This includes the servers in your domain. You don't need to perform any extra configuration in your domain. The only domain controller that needs to be configured is the PDC. As long as you PDC has accurate time, this will be passed on to all the other workstation and servers in your domain without any addition configuration.

itfreetraining
Автор

I am bit confused by your comments all thought they are technically correct and quiet well written. The video is about keeping the time in sync in a domain with an eternal time source. This is useful when supporting a domain of computers. It not really on internal clock multiplier or anything like that as we don’t need to go to that level of detail for general time syncing. Since this is a video for the Active Directory course, Microsoft don’t ask for knowledge at that level so we don't cover it

itfreetraining
Автор

Thanks very much and thanks for watching.

itfreetraining
Автор

Thank you. This has been so far the simplest and best time server video.

jai
Автор

It is available all over the world. I can't post the link but if you Google Prometric these are the people who the testing is done through. I had a look, the test is 99 Pounds and there are 5 pages of testing centers so hopefully there is one near you. If you step through their web site on booking a test you can get the information about the testing centers without having to register. That part is at the end.

itfreetraining
Автор

Great videos....!! thanks for posting these videos its very informative and the guys who are preparing for the exam can actually refer your videos without referring any other resources.
So keep up the good work!

hameedmaf
Автор

Hi! Really good explanation video, with good understandable English. thank you!!!

A question: I configured the PDC with external time server. Now a question; if I have some client PC's in my domain...will they configure their time automatically with the time on my DC (=my PDC = DC1.local) or am I supposed to make also a configuration via cmd.exe in the clients PC's with the following: C:\>....manualpeerlist: DC1.local... ??

thank you!

donaldcarier
Автор

I am not aware of any best practice on the topic. If the computer has not internet connection then I would suggest getting an external time clock.

itfreetraining
Автор

@eddieo10 We have almost finished the Windows 7 course, so once that is done we can spend all are time on Active Directory. We will get it done as soon as we can.

itfreetraining
Автор

The videos are in sequence. We are still adding videos to the course to finish off the last few topics.

itfreetraining
Автор

If you guys upload videos related to Exchange it would be very good !!
I am waiting for Exchange videos.

hameedmaf
Автор

Thank you .That was very informative.
But how to sync the domain computers to the PDC?

esamalaslmy
Автор

If you go in the date and time option in Windows and select Internet Time you can configure a time source for your computer. This video is more about configuring a time source in a Domain environment rather than just a single computer.

itfreetraining
Автор

Thanks very much for the help - I was having Stratum issues with my PDC; all sorted :)

squip
Автор

Hi, I am preparing for 70-640 and been following your videos... Just want to ensure does this course covers all the topics in the exam? do you recommend any other resources aswell? Thanks for this free training.. its amazing btw :)

tarteel_
Автор

The video was great and easy to understand as every video in this channel for which I thank you.
But I have a question which you might answer. I have three Windows 2008 R2 Virtual machines (Vmware 12) with internet access.
Two of them are Domain Controllers with separated FSMO Roles DC1 - PDC, Infrastructure and RID and DC2 - as Schema and Domain naming. Third
acts as a Client machine.

I synchronize the time of the PDC as in this video and it works and set the Kerberos GPO in the Default Domain policy. Now when I turn off the Internet and the
PDC, the other Domain controller and Client can not sync time with external source and PDC if I understood the video correctly. Even though If I change the time of the client with
10 + minutes I am still able to login in the domain. My question is why this happens ? Isn't this where Kerberos should kick in and prevent me from login in and Authenticate to the domain ?
Am I missing something ?

gogsi
Автор

and if i play the PLAYLIST.. will it gonna play the videos in sequence? as some of them are not numbered. Thanks

tarteel_
Автор

what is the best practice if the network has no internet access?

kimaste
Автор

Can I still learn from this video, ! Is it. Relivent

nikhilkulkarni