Computers not syncing with Domain Controller. Is my GPO blocking it?
-
Computers in a domain are not syncing time with the Domain Controller (Hyper-V). They are all set to the local CMOS clock.
I had to restrict the ability for local users to change time by themselves. Is the GP that I created preventing the computers from syncing to the domain?
-
Dont you need to be an administrator to change the time? Here i get a uac prompt if i try to change.
Did the computers sync correctly before this change?
-
@ccwtech said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
Computers in a domain are not syncing time with the Domain Controller (Hyper-V). They are all set to the local CMOS clock.
I had to restrict the ability for local users to change time by themselves. Is the GP that I created preventing the computers from syncing to the domain?
The time can be in different zones and not affect connectivity to the domain as long as it is 5 minutes from the DC time via UTC. Now I would really make the computers to just point to the DC as their NTP Server instead of anything else.
-
@momurda said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
Dont you need to be an administrator to change the time? Here i get a uac prompt if i try to change.
Did the computers sync correctly before this change?
No, even a local admin can't change the time. I don't know when it started, the GPO has been in place for a long time and I am just now hearing about the issue, so when it started is unclear.
-
@dbeato said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
@ccwtech said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
Computers in a domain are not syncing time with the Domain Controller (Hyper-V). They are all set to the local CMOS clock.
I had to restrict the ability for local users to change time by themselves. Is the GP that I created preventing the computers from syncing to the domain?
The time can be in different zones and not affect connectivity to the domain as long as it is 5 minutes from the DC time via UTC. Now I would really make the computers to just point to the DC as their NTP Server instead of anything else.
I thought they did by default in a domain.
-
@ccwtech said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
Computers in a domain are not syncing time with the Domain Controller (Hyper-V). They are all set to the local CMOS clock.
I had to restrict the ability for local users to change time by themselves. Is the GP that I created preventing the computers from syncing to the domain?
How have you confirmed that the ntp server is not the DC?
-
@ccwtech said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
@dbeato said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
@ccwtech said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
Computers in a domain are not syncing time with the Domain Controller (Hyper-V). They are all set to the local CMOS clock.
I had to restrict the ability for local users to change time by themselves. Is the GP that I created preventing the computers from syncing to the domain?
The time can be in different zones and not affect connectivity to the domain as long as it is 5 minutes from the DC time via UTC. Now I would really make the computers to just point to the DC as their NTP Server instead of anything else.
I thought they did by default in a domain.
They should but it is not enforced.
-
@dbeato said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
@ccwtech said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
@dbeato said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
@ccwtech said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
Computers in a domain are not syncing time with the Domain Controller (Hyper-V). They are all set to the local CMOS clock.
I had to restrict the ability for local users to change time by themselves. Is the GP that I created preventing the computers from syncing to the domain?
The time can be in different zones and not affect connectivity to the domain as long as it is 5 minutes from the DC time via UTC. Now I would really make the computers to just point to the DC as their NTP Server instead of anything else.
I thought they did by default in a domain.
They should but it is not enforced.
What do I need to do to enforce it? Or point them to the DC to use?
-
@kelly said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
@ccwtech said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
Computers in a domain are not syncing time with the Domain Controller (Hyper-V). They are all set to the local CMOS clock.
I had to restrict the ability for local users to change time by themselves. Is the GP that I created preventing the computers from syncing to the domain?
How have you confirmed that the ntp server is not the DC?
Looks like they are just using the local CMOS Clock.
-
@ccwtech said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
@dbeato said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
@ccwtech said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
@dbeato said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
@ccwtech said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
Computers in a domain are not syncing time with the Domain Controller (Hyper-V). They are all set to the local CMOS clock.
I had to restrict the ability for local users to change time by themselves. Is the GP that I created preventing the computers from syncing to the domain?
The time can be in different zones and not affect connectivity to the domain as long as it is 5 minutes from the DC time via UTC. Now I would really make the computers to just point to the DC as their NTP Server instead of anything else.
I thought they did by default in a domain.
They should but it is not enforced.
What do I need to do to enforce it? Or point them to the DC to use?
@ccwtech said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
@dbeato said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
@ccwtech said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
@dbeato said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
@ccwtech said in Computers not syncing with Domain Controller. Is my GPO blocking it?:
Computers in a domain are not syncing time with the Domain Controller (Hyper-V). They are all set to the local CMOS clock.
I had to restrict the ability for local users to change time by themselves. Is the GP that I created preventing the computers from syncing to the domain?
The time can be in different zones and not affect connectivity to the domain as long as it is 5 minutes from the DC time via UTC. Now I would really make the computers to just point to the DC as their NTP Server instead of anything else.
I thought they did by default in a domain.
They should but it is not enforced.
What do I need to do to enforce it? Or point them to the DC to use?
Enforce the time source on the DC
https://blogs.technet.microsoft.com/nepapfe/2013/03/01/its-simple-time-configuration-in-active-directory/For clients look at this one
https://www.altaro.com/hyper-v/configuring-time-synchronization-for-all-computers-in-windows-domain/
