Time service architecture

While the PDC Emulator domain controller at the root of the forest maintains the Time Server role, it is not the most accurate time source for a large network with multiple domains, a complex routed network, numerous remote sites, and critical dependency on Kerberos v5. The root PDC Emulator must always obtain its time from a so-called stratum 1 source.

Time Source accuracy levels are measured in terms of strata. A stratum 1 device is either a specialized internal clock that is always 100 percent accurate or a dedicated, highly reliable time server on the Internet (preferred). Such time servers are maintained by companies such as Cisco and Microsoft, and thousands of organizations depend on them.

The root PDC Emulator operations master in the parent domain is thus a stratum 2 time source. This, in essence, means it is not sufficiently accurate to be the authoritative time source for the forest (a source of last resort, so to speak). However, because it gets its time directly from a stratum 1 device, it keeps the most accurate time in the forest. By sourcing time from an external stratum 1 device, the organization is assured that its private network time is "in sync" with the rest of the world.

All other DCs in the parent domain are deemed to be stratum 3 time sources, which means that wherever these servers are located on the network, across routers, and other factors affecting convergence, they are deemed to have a lesser degree of accuracy than the PDC Emulator DC. In other words, as the strata level increases from stratum 1, the achievable accuracy of the clock degrades, the rate of which depends on network latencies and server clock stability.

DCs in child domains, as well as member servers and workstations in the root domain, are located at stratum 4. The stratum hierarchy of computers in the forest is listed in Table 10-6.

Table 10-6: Strata Levels for Computers in a Forest




External Network Time Protocol Time Source


PDC Emulator DC in the forest root


DCs in root domain and PDC Emulator DCs in child domains


Workstations and member servers in the forest root domain; DCs in

Was this article helpful?

0 0

Post a comment