I'm curious about how different organizations provide Network Time Protocol (NTP) services, especially those with on-premise Active Directory setups. In our case, every domain controller (DC) serves NTP by default and syncs with the Flexible Single Master Operations (FSMO) master. We also have an internal DNS alias pointing to the FSMO master for NTP services. Our hypervisors pull time from external NTP servers. I'm looking to gather insights on how others manage NTP for their on-premises equipment, like switches and firewalls. What setups work well for you?
1 Answer
We run NTP through our WAN routers, which connect to reliable external NTP servers from the government and universities. Our Primary Domain Controller (PDCe) pulls time from those routers, and all other domain controllers sync their time from the PDCe. I really think relying on the PDCe as the sole time source is outdated; we should have all Domain Controllers pulling directly from our WAN routers instead. That way, if the PDCe fails, we wouldn't be in trouble!
Totally agree! I've been pushing for the same change at my workplace, but it's tough to get people on board with the idea.