Hello,
Sorry if this topic gets covered a lot but in searching through the forums I found some conflicting info and thought it easiest to just ask if I had it correct.
I am ready to virtualize our Active Directory environment and bring all our domain controllers into VMs. We have a 4.1 environment with vCenter and 8 ESX hosts. Most VMs are Windows member servers but also several RHEL servers and a few non-domain joined Windows servers. We also have two domain controllers that are already VMs. I'm down to the last physical domain controller which is our PDC FSMO role server thus the master timekeeper.
This is how I was going to tweak our setup for time services with all the dcs being virtual.
1. The virtual PDC FSMO of our domain syncs it’s time via w32tm to an external time source such as us.pool.ntp.org. It is the only DC using an external time source.
2. All domain joined Windows machines, whether virtual or physical (servers and client OS) get their time via the domain controllers. PDC-->all other DCs-->clients and member servers. On the VMs, we do not use VMTools to do any syncing of time. All through normal Windows AD process.
3. All ESX hosts use external time source as PDC, outlined above.
4. All non-domain joined machines (Windows or Linux) that are VMs get their time sync via VMTools sync feature.
Do I have my thinking correct and does this sound ok to ensure time sync accross the domain in a virtualized AD environment?
Thanks in advance,
RH