Skip Links

Network World

Tyson Kopczynski

Configuring an Authoritative Time Server (the cool way)

By tyson.kopczynski on Wed, 05/27/09 - 12:04pm.
Newsletter Signup

The other day, I saw this really cool blog posting by the Directory Servers team titled:
Configuring an Authoritative Time Server with Group Policy Using WMI Filtering. Basically, in our every ending quest to ensure time is sync'ed the posting show how to use WMI Filtering to force certain GPO settings upon the PDC emulator. :>)

So... to sum how one might do employ what is talked about in this posting from end-to-end. Here are the steps:

  1.  Go to www.pool.ntp.org and identify a pool address to use.
  2. Using GPMC, create a GPO in the Forest Root Domain (because everyone deploys AD using an empty root) named Forest NTP Configuration and link it to the Domain Controllers OU.
  3. Next, create a new WMI Filter:
    •  Name: PDCe Role Filter
    • Description: Queries for the Domain controller that holds the PDC FSMO Role.
    • Query: Select * from Win32_ComputerSystem where DomainRole = 5
  4. Set the Forest NTP Configuration WMI Filter to
    PDCe Role Filter.
  5. Finally, for the Forest NTP Configuration GPO define the following settings under Configuration\Administrative Templates\System\Windows Time Service\Time Providers hive:
    •  Enable Windows NTP Server - Enabled
    • Configure Windows NTP Client - Enabled
      • NTP Server: ###.pool.ntp.org,0x1
      • Type: NTP

Bam... you now have to never worry about moving your PDC emulator role around without having to re-configure NTP. Hopefully this is helpful.

If you like this, check out some other posts from Tyson:

Or if you want, you can also check out some of Tyson's latest publications:

Lastly, visit the Microsoft Subnet for more news, blogs, and opinions from around the Internet. Or, sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert)

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You can use BBCode tags in the text.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <p> <strong> <i> <br /> <br> <ul> <ol> <li> <dl> <dt> <dd> <blockquote>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Welcome, visitor. Register Log in
About Hidden Microsoft

With more than ten years of experience in IT, Tyson Kopczynski has become a specialist in Active Directory, Information Assurance, Windows automation, PKI, and IT security practices. Tyson is also the founding author of the Windows PowerShell Unleashed series and has been a contributing author for such books as Microsoft Internet Security and Acceleration (ISA) Server 2006 Unleashed and Microsoft Windows Server 2008 Unleashed. He has also written many detailed technical papers and guides covering various technologies. As a consultant at Convergent Computing, Tyson works with and provides feedback for next generation Microsoft technologies since their inception and has also played a key role in expanding the automation and security practices at CCO. Tyson also holds such certifications as the Certified Information Systems Security Professional (CISSP), the SANS Security Essentials Certification (GSEC) and SANS Certified Incident Handler (GCIH), and the MCTS (Application Platform, Active Directory, and Network Infrastructure).


Certifications:

  • Certified Information Systems Security Professional (CISSP)
  • SANS Security Essentials Certification (GSEC)
  • SANS Certified Incident Handler (GCIH)
  • MCTS (Application Platform, Active Directory, and Network Infrastructure)
  • Microsoft Certified Systems Engineer (MCSE) Security
  • CompTIA Security+

Publications:


Other Stuff:

  • Blogger NetworkWorld.com from June 2007
  • GIAC Advisory Board from 2009
  • SANS GSEC Local Mentor (a long time ago)
  • CompTIA Security+ SME (a long time ago)
  • Judge, Imagine Cup 2005 Int'l IT Competition
  • Judge, Imagine Cup 2007 Int'l IT Competition