I’m getting ready to migrate our AD servers to a virtual environment and one of the things that can get messed up is the AD servers’ time. Also, I’m joining some non Windows systems to the Windows domain which might encounter some time sync issues since they aren’t currently configured to use the domain’s NTP server (easy fix I know but I’m saving that for another post!)
Short story long, your AD server typically uses its’ CMOS time versus an external NTP server which is all fine and good so long as A) it’s a real hardware server not a virtualized one and B) No other servers in your infrastructure use other NTP servers (ie. Linux server ‘A’ isn’t using tick.usno.navy.mil which will have a different time then your main AD server which is going off of it’s CMOS clock!)
So, I did some searching on the interwebs and stumbled upon a couple of useful links on how to modify your registry on your AD server so it:
A) Uses an external time source versus the CMOS time & date.
B) Has a number of servers to attempt time updates from (use spaces to delimit servers! and don’t forget to append “,0x1” at the end if you’re using a FQDN versus an IP Address!)
C)…I forget C!
Anyhow, here’s some links I wrangled up.
http://www.sole.dk/how-to-configure-your-virtual-domain-controllers-and-avoid-simple-mistakes-with-resulting-big-problems/ (this one was most helpful!)