Reevaluation of expected time settings on domain controllers

[SolidKnight]

The expected value for the PDC is currently AllSync; however, I cannot find anyone making this recommendation. All advice I have come across has been to set the PDC to NTP.

Microsoft's documentation seems to indicate that time drift on 2016+ guests running on 2016+ hosts should no longer be an issue so it may not be necessary to disable it under those conditions.

Link https://docs.microsoft.com/en-us/windows-server/networking/windows-time-service/windows-server-2016-improvements#mixed-os-environments-win2012r2-and-win2008r2

Relevant Blurb

In some scenarios involving guest domain controllers, Hyper-V TimeSync samples can disrupt domain time synchronization. This should no longer be an issue for Server 2016 guests running on Server 2016 Hyper-V hosts.

[SUBnet192]

I will second this. The PDC Emulator should be set to NTP as it's the trusted source for time. Everything else should be NT5DS. AllSync could be used instead of NT5DS for clients that are often outside of reach of the domain controller. This would allow sync with AD or NTP if AD is not available from my understanding. I have never seend a recommendation to use Allsync on a PDC Emulator. The links you provided in the code have no reference to using Allsync. Do you see an issue with correcting this?

[PrzemyslawKlys]

No, it can be corrected.

[PrzemyslawKlys]

@SUBnet192 Hello Marc, you didn't submit this as a PR, just a commit to your repo :-)