time

Speed up Active Directory & DNS replication between Sites

Using the standard GUI Microsoft Management Consoles to make the change to speed up Active Directory replication is not possible. The best result of using administrator consoles will be to increase domain replication between domain controllers to 15 minutes. These large time values were instituted into Active Directory at version 1 because inter-site connections during that era of computing and networking were much lower in bandwidth with the most common being frame-relay or 56k circuits. Since then, inter-site connections and the Internet speeds have increased tremendously so faster domain controller replication is possible even over wan links.

Fast Intersite Replication Interval – Speed up DC Replication, Updates are in Seconds

To enabled faster Intersite Replication, to nearly the speed of intra-site or LAN replication, use ADSI Edit.
Start ADSI edit and go to
Configuration > then Sites > Inter Site Transports > IP.
Note this setting cannot be enabled for SMTP InterSite links.
Unless it has been renamed, right click on  the default Intersite link and choose properties. Then scroll down to the options line. Double-click and change the value to 1 if it has a value .
 <not set> is the default unless this option has been previously modified.  Once changed to 1, click OK twice to save and close the properties window.
Force a replication using Sites and Services so this setting get pushed/pulled to the other domain controllers.
Test by creating a couple of test accounts in AD.
Check your other domain controller or controllers for the new account. You will see it appear in seconds.

Lists all users last logon time

As administrators we often want to check which users have not logged in for quite a while, or what accounts recently accessed a system, etc.

The following script list all users and their last logon time. With the lastloggeduser.csv we can get fancy with excel to find differences based on age and more.

 

How to Configure Time Server (NTP Server) on Centos 7?

Prerequisites:

VM/ Physical – It is recommended to have the time server as a physical server, but VMs should be okay depending on your setup and requirement. My virtual lab environment is VMware based so here’s the guide for a VM. Once the CentOS Minimal is installed on the VM make sure to install open-vm-tools.

If you are not conformable with Vi Editor please use install nano for editing.

Installing the time server:

  1. First we need to install NTPd . to do this open command line :

  2. Then open NTP main configuration file for editing:
    If you are planning on hosting your time servers externally like time01.yourdomain.com, time02.yourdomain.com with ports 123 open on the firewall. Each of the time server will be talking to 0.us.pool.ntp.org, 0.us.pool.ntp.org, 0.us.pool.ntp.org, 0.us.pool.ntp.org. Later on you can probably add your time servers to the NTP.org by joining the pool. For my example, I am not using the centos default pool, but i am using the U.S. zone. For internal servers/workstations you can point it to the local ip/dns name for the local time servers.

  3. Then start and enable ntp server:

  4. You need to allow ntp service on firewall(NTP service uses UDP port 123). So run next command:

  5. Verify you ntp service with next command:

Your output should be similar to:

Updating the system time on Server 2008R2 & 2012R2 using NTP Servers

    1. To update, use the command below (2008 and 2012 server compatible)
      change the ntp_server with your source. Check http://tf.nist.gov/tf-cgi/servers.cgi for servers
    2. Restart the time service
    3. Resync the time
    4. Verify your sync status

Commands above should be fine if your sources are working correctly and/or your connection is OK (firewall or Microsoft Forefront can be an issue also).

The commands below can help with troubleshooting

To list out peers

To list out NTP Sources: