I ask as I have become part of a network where they have w32 time disabled on machines, and use Domain Time II. Product info here: http://www.greyware.com/software/domaintime/
Just curious if anyone else has experience. My question is really is it justifiable to have on your network, and has anyone used it that can say if it truly has helped or hindered the forest?
What products fail due to w32tm being disabled?
Time synchronization is critical for Kerberos authentication, but the use of the built in Windows Time service isn't required as far as I know. The use of third party products to manage the domain/network time isn't discouraged if time accuracy outside of the capabilities of the Windows Time service is needed.
Accurate time keeping is important on any larger network. Fx Active Directory needs accurate time for logins to work properly. But "Domain Time II" isn't the only way to accomplish this.
In a modern Active Directory environment, there is basic but working time synchronization already built in.
For non-Windows devices (switches, routers, appliances) you can use the NTP protocol. You can leverage your existing investment in "Domain Time II" by using it as an NTP server for your non-Windows devices, or you could set up a Linux/BSD server with NTPd.
Be sure to set the clock of your root time server from a trusted source. The common solution there would be 3 or 5 upstream NTP servers from pool.ntp.org .
The built-in Active Directory time sync isn't that accurate -- generally it syncs better than +/- 1 second, and often a few hundred milliseconds. Domain Time II is probably more accurate than that. So it really comes down to how much precision you need, and which platform you're more comfortable with/know best.
