VMWare and AWS Domain Controller Best Practices

VMware:
http://www.vmware.com/files/pdf/Virtualizing_Windows_Active_Directory.pdf
https://www.vmware.com/files/pdf/solutions/Virtualizing-Active-Directory-Domain-Services-on-VMware-vSphere.pdf

AWS:
https://d0.awsstatic.com/whitepapers/Implementing_Active_Directory_Domain_Services_in_the_AWS_Cloud.pdf
http://aws.amazon.com/windows/resources/whitepapers/ad/
https://media.amazonwebservices.com/AWS_Microsoft_Platform_Security.pdf

1. Controlling clock drift
Kerberos is used for authentication protocol; thus, time synchronization is very critical
Method 1:
Regedit >> browse to HKLM\System\CurrentControlSet\Services\W32Time\Parameters\Type, change Type REG_SZ value from NT5DS to NTP >> browse to HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\NtpServer, change NtpServer value from time.windows.com,0x1 to tock.usno.navy.mil,0x1 >> browse to HKLM\System\CurrentControlSet\Services\W32Time\Config, change AnnounceFlags REG_DWORD from 10 to 5
CMD: net stop w32time, net start w32time, w32tm /resync /rediscover

Method 2:
PDC >> CMD
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
net time /setsntp: //this is to clear the pre-configured servers list
W32tm /config /manualpeerlist:0.us.pool.ntp.org,1.us.pool.ntp.org,2.us.pool.ntp.org,3.us.pool.ntp.org /syncfromflags:manual /reliable:yes /update
W32tm /resync /rediscover
net stop w32time && net start w32time

DC >> CMD
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
net time /setsntp:
w32tm /config /syncfromflags:domhier /update
W32tm /resync /rediscover
net stop w32time & net start w32time


2. Optimizing network performance
3. Making DNS modifications correctly
4. Replicating database information
5. Providing virtual machine access control
6. Ensuring disaster preparedness and high availability
7. Handling disaster recovery


Keywords: DC, PDC, network server time, Event ID 50

Leave a Reply

Your email address will not be published. Required fields are marked *