Mohammed Wasay

Tag: time

  • Speed up Active Directory & DNS replication between Sites

    Speed up Active Directory & DNS replication between Sites

    Using the standard GUI Microsoft Management Consoles to make the change to speed up Active Directory replication is not possible. The best result of using administrator consoles will be to increase domain replication between domain controllers to 15 minutes. These large time values were instituted into Active Directory at version 1 because inter-site connections during that era of computing and networking were much lower in bandwidth with the most common being frame-relay or 56k circuits. Since then, inter-site connections and the Internet speeds have increased tremendously so faster domain controller replication is possible even over wan links.

    Fast Intersite Replication Interval - Speed up DC Replication, Updates are in Seconds

    To enabled faster Intersite Replication, to nearly the speed of intra-site or LAN replication, use ADSI Edit.
    Start ADSI edit and go to
    Configuration > then Sites > Inter Site Transports > IP.
    [su_note note_color=”#ee899a”] Note this setting cannot be enabled for SMTP InterSite links.[/su_note]
    Unless it has been renamed, right click on  the default Intersite link and choose properties. Then scroll down to the options line. Double-click and change the value to 1 if it has a value .
     <not set> is the default unless this option has been previously modified.  Once changed to 1, click OK twice to save and close the properties window.
    Force a replication using Sites and Services so this setting get pushed/pulled to the other domain controllers.
    Test by creating a couple of test accounts in AD.
    Check your other domain controller or controllers for the new account. You will see it appear in seconds.
  • Lists all users last logon time

    Lists all users last logon time

    As administrators we often want to check which users have not logged in for quite a while, or what accounts recently accessed a system, etc.

    The following script list all users and their last logon time. With the lastloggeduser.csv we can get fancy with excel to find differences based on age and more.

    $([ADSI]"WinNT://$env:COMPUTERNAME").Children | where {$_.SchemaClassName -eq 'user'} | select @{l='name';e={$_.name}},@{l='LastLogin';e={$_.lastlogin}} | export-csv C:\scripts\lastloggedusers.csv

     

  • How to Configure Time Server (NTP Server) on Centos 7?

    How to Configure Time Server (NTP Server) on Centos 7?

    Prerequisites:

    VM/ Physical – It is recommended to have the time server as a physical server, but VMs should be okay depending on your setup and requirement. My virtual lab environment is VMware based so here’s the guide for a VM. Once the CentOS Minimal is installed on the VM make sure to install open-vm-tools.

    yum install open-vm-tools

    If you are not conformable with Vi Editor please use install nano for editing.

    yum install nano

    Installing the time server:

    1. First we need to install NTPd . to do this open command line : 
      [root@mytimesrv01 ~]# yum -y install ntp
    2. Then open NTP main configuration file for editing:[su_note note_color=”#fafae8″]If you are planning on hosting your time servers externally like time01.yourdomain.com, time02.yourdomain.com with ports 123 open on the firewall. Each of the time server will be talking to 0.us.pool.ntp.org, 0.us.pool.ntp.org, 0.us.pool.ntp.org, 0.us.pool.ntp.org. Later on you can probably add your time servers to the NTP.org by joining the pool. For my example, I am not using the centos default pool, but i am using the U.S. zone. For internal servers/workstations you can point it to the local ip/dns name for the local time servers.[/su_note] 
      [root@mytimesrv01 ~]# vi /etc/ntp.conf
# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).

#Your time servers go here:
server 0.us.pool.ntp.org iburst
server 1.us.pool.ntp.org iburst
server 2.us.pool.ntp.org iburst
server 3.us.pool.ntp.org iburst

#Default OOB time servers
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst

#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 autokey # manycast client

# Enable public key cryptography.
#crypto

includefile /etc/ntp/crypto/pw

# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys

# Specify the key identifiers which are trusted.
#trustedkey 4 8 42

# Specify the key identifier to use with the ntpdc utility.
#requestkey 8

# Specify the key identifier to use with the ntpq utility.
#controlkey 8

# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

# Disable the monitoring facility to prevent amplification attacks using ntpdc
# monlist command when default restrict does not include the noquery flag. See
# CVE-2013-5211 for more details.
# Note: Monitoring will not be disabled with the limited restriction flag.
disable monitor

logfile /var/log/ntp.log
    3. Then start and enable ntp server: 
      [root@mytimesrv01 ~]# systemctl start ntpd
[root@mytimesrv01 ~]# systemctl enable ntpd
    4. You need to allow ntp service on firewall(NTP service uses UDP port 123). So run next command: 
      [root@mytimesrv01 ~]# firewall-cmd –add-service=ntp –permanent
success
[root@mytimesrv01 ~]# firewall-cmd –reload
success
    5. Verify you ntp service with next command: 
      [root@mytimesrv01 ~]# ntpq -p

    Your output should be similar to:

  • Updating the system time on Server 2008R2 & 2012R2 using NTP Servers

      1. To update, use the command below (2008 and 2012 server compatible) 
        w32tm /config /manualpeerlist:"ntp_server" /syncfromflags:manual /reliable:yes /update

        change the ntp_server with your source. Check http://tf.nist.gov/tf-cgi/servers.cgi for servers

      2. Restart the time service 
        net stop w32time
net start w32time
      3. Resync the time 
        w32tm /resync
      4. Verify your sync status 
        w32tm /query /status

    Commands above should be fine if your sources are working correctly and/or your connection is OK (firewall or Microsoft Forefront can be an issue also).

    The commands below can help with troubleshooting

    To list out peers

    w32tm /query /peers

    To list out NTP Sources:

    w32tm /query /source