Email this to a friend
 
Active Directory uses Kerberos for authentication, which relies strongly on having the date and time of day running synchronously across the entire network and all devices in it. By default, each server and client joined in the AD, including domain controllers, will follow the domain hierarchy to sync its time. Domain controllers are set to automatically determine whether they can be used as a (reliable) time source. If a DC has considered itself as a time source, it will accept requests from clients and provide them with the its own current time.

Domain controllers at the top of the forest (top-level DCs) don't have another server above them to sync against, so they can either opt to sync   ...

Send a link to this post to yourself or a friend.

Send to e-mail:
Your name:
Your e-mail:
Captcha:
Type the letters and numbers as shown.
/get/captcha/1503113531
Not readable? Get another.
 
Information entered is solely used for sending a one-time e-mail, and is not retained and/or passed on to a third party.