Active Directory uses Kerberos for authentication, which relies strongly on having the date and time of day running synchronously across the entire network and all devices in it. By default, each server and client joined in the AD, including domain controllers, will follow the domain hierarchy to sync its time. Domain controllers are set to automatically determine whether they can be used as a (reliable) time source. If a DC has considered itself as a time source, it will accept requests from clients and provide them with the its own current time.
Domain controllers at the top of the forest (top-level DCs) don't have another server above them to sync against, so they can either opt to sync ...
The NTP Pool project is a pool of publicly available time servers, all volunteers. Time servers in the pool are usually stratum 1 or 2 servers. Although the pool consists of NTP servers worldwide, it is divided into geographical location so users can pick from a pool of time servers closest near their geographical position. The pool is probably the most used pool of NTP servers.
Using servers from the pool uses DNS load balancing to randomly assign one or more servers to synchronize to. Up to four different servers can be used. To avoid DNS caching from taking the same server more than once, additional DNS records have been created in the form of:
read more
