I just configured AD in my network. I have two domain controllers and have been able to get the DNS servers to work (resolve names). But going through my Event Viewer, I find a lot of troubling errors like: "Windows time was unable to find a domain controller. A time and date update was not possible." I also get errors indicating that the machine is the primary domain controller (PDC) of the domain at the root of the forest. It says to configure to sync from an external time source using the net command "net time/setsntp:'server name.'" I have never used any of these commands and really do not understand the implications of using or not using them.
Also, do I stand at an advantage if I make my DNS AD-integrated? Thank you.
It sounds like, while you DNS does have the names in it, you are missing the other AD entries. They usually look something like _msdcs or _ldap in the beginning. These are the records used by other systems to locate the PDC and other AD resources. The errors that you are seeing are related to systems unable to locate the PDC emulator via DNS. Further, the DCs and other systems look to the PDC to automatically synchronize their clocks, which is very important to DCs. The PDC Emulator server, usually the first AD system built in the network, should be configured to query a time server to get its time. Use the NET TIME /SETSNTP:[time server] to set the time server for the PDC. Time servers can be found
AD-integrated DNS offers more secure methods for dynamically updated entries and simplifies the zone transfers by making them part of the AD replication process.