R
Rice Matters
SYNCHING PART OF A NON-PARENT W2K AD DOMAIN
==================================
I'm currently doing a study on Network Clock Synching for
a European Manufacturing Company. The network is quite
heterogenous with mostly W2K-Active Directory and HP-UX.
I'm not yet decided on the primary reference clock yet but
I think we'll end up using a GPS receiver.
I'd like to confirm some issues though on Windows 2000 AD.
In brief, the company's forest (F), has its parent domain
(P) based in England. My study focusses on the domain (D)
based in France and which belongs to the same forest (F).
I would like to synchronise part of the machines in domaine
(D) to the GPS receiver.
Bearing in mind the fact that W2K authentication (Kerberos
v5) requires that the host be synchronized to the domain
(P)'s Primary Domaine Controller, is it risky to apply an
external clock reference (GPS) only to the domain(D) ?
I've also read that the Windows time distribution service,
Win32Time, implements SNTP which isn't really suited for a
Manufacturing environment, given the high precision
demands. I'm therefore thinking about installing third-
party NTP software. This means that we'll have to disable
the W32Time service for the machines in the domain(D) that
we wish to synchronize. Does this have any impact on
Kerberos' requirements?
Anyone got any ideas on the kind of software that i should
use?
Thank you
==================================
I'm currently doing a study on Network Clock Synching for
a European Manufacturing Company. The network is quite
heterogenous with mostly W2K-Active Directory and HP-UX.
I'm not yet decided on the primary reference clock yet but
I think we'll end up using a GPS receiver.
I'd like to confirm some issues though on Windows 2000 AD.
In brief, the company's forest (F), has its parent domain
(P) based in England. My study focusses on the domain (D)
based in France and which belongs to the same forest (F).
I would like to synchronise part of the machines in domaine
(D) to the GPS receiver.
Bearing in mind the fact that W2K authentication (Kerberos
v5) requires that the host be synchronized to the domain
(P)'s Primary Domaine Controller, is it risky to apply an
external clock reference (GPS) only to the domain(D) ?
I've also read that the Windows time distribution service,
Win32Time, implements SNTP which isn't really suited for a
Manufacturing environment, given the high precision
demands. I'm therefore thinking about installing third-
party NTP software. This means that we'll have to disable
the W32Time service for the machines in the domain(D) that
we wish to synchronize. Does this have any impact on
Kerberos' requirements?
Anyone got any ideas on the kind of software that i should
use?
Thank you