Q

How do we run time sync on our new root DC without disabling our firewall?

We are deploying new servers and PCs and are migrating from NT 4.0 to Windows 2000. We want to run time synchronization on our new root domain controller but we can't even ping the NTP server sites from any machine but our NT4 firewall. How do we get around this without disabling our firewall?
You will want to open the NTP port on the firewall to go to a specific IP address. So you would allow traffic originating from your DC, which holds the PDC (primary domain controller) Emulator role to some time server on the Internet via NTP (TPC port 123/udp). Click here for a listing of US Naval Observatory Time Servers.
This was first published in February 2003

Dig deeper on Microsoft Active Directory Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close