The purpose of the time service is to ensure that the Windows Time service uses a hierarchical relationship that controls authority and does not permit loops to ensure appropriate common time usage. All Windows 2000/2003-based computers within an enterprise use a common time. Windows 2000/2003 includes the W32Time (Windows Time) time service that is required by the Kerberos authentication protocol. My answer works for me in my environment and I hope my answer helps you or makes sense as to why I do it my way.The PDC emulator is necessary to synchronize time in an enterprise. This Microsoft Blog gives three different answers. I have not had this issue in a couple years since I have installed the time sync agent on all my Hyper-V boxes. Over the course of the year it can get out by 5 minutes. The time the virtual DC got from the domain PDC was lost because of the time sync from the host just squashed it and time begins to drift. The host forces the DC to a particular time and the DC tells the host to be the time is was just forced to be by the host. What happens when the physical Hyper-V host has a virtual DC on it and that host asks the DC on it what time it is? It gets into a loop that allows for time drift. In my experience we have had time drift issues at least once a year when we have left the domains to just sync time on their own because of virtual DCs.
I have read all of the internet wisdom of 'this is worked out and it will all be fine you don't need to worry about a virtual DC having time drift issues.' That has NOT been my experience! Time sync issues are the main reason that I fight with the bean counters about having at least one physical DC in my domains.
All of my Hyper-V physical hosts have a time sync agent on them that connect to the physical forest root PDC role holder and update time every minute. All my PDC role holders in my domains are physical boxes as well. My forest root PDC role holder is a physical box. I don't manage it, but I believe it syncs up to an internet time source. I use an "external" NTP server for my forest - it is the external DNS server where I am. I will give you my experience and my setup.
0 kommentar(er)
