I have a slightly off topic question related to how people manage NTP in their data centers. The key question that has come up for us recently is whether UNIX/Linux machines that joined to an AD domain should get NTP from a domain controller or from a dedicated NTP server. In theory this really shouldn't matter since any time source should be accurate and have the same net result but it turns out to be important in practice.
I'll summarize what we do now:- We have a large global network with hosting in a lot of different locations- We host some dedicated NTP appliances that provide NTP services out of 3 specific locations on that network- We use the standard MS approach for Windows time sync where domain members sync from a DC, DC's sync to their domain PDC and up through the domain hierarchy until the forest root PDC eventually syncs to our dedicated NTP systems- Everything non-Windows is supposed to sync directly the NTP devices
We've recently run into an argument between our operations guys and our standards guys where operations has some UNIX/Linux boxes joined to AD and uses AD as the NTP source. However, the standards guys say that they are not allowed to do that because only Windows machines are supposed to use AD. The operations guy says that in his network, he has poor connectivity to the regional NTP servers so he can manage that for his forest root PDC but not the rest of the clients and he should be allowed to use AD as a time source for non-Windows devices too if they are domain joined.
The standard never considered the possibility of a non-Windows domain joined device.
This all probably sounds a bit silly but I'm curious what others are doing to approach this and am mostly just trying to ensure that we have an appropriate standard that makes sense.
Thanks much in advance!
Approach for NTP and non-Windows "domain-joined" devices?
- 50 Views
- Last Post 26 April 2017