Q. I virtualized my domain controllers (DCs) into Hyper-V. Is it OK to run all the Integration Services?

A. There is a service you don’t want to run. Hyper-V’s Integration Services offers time synchronization, which synchronizes the time on the guest OS with the Hyper-V server. In a non-virtual environment, you use Active Directory to configure the PDC Flexible Single-Master Operation (FSMO) roles to synchronize time with an external time source. DCs then synchronize their time with the PDC FSMO and clients synchronize their clocks with the authenticating DC.

If you virtualize the PDC FSMO and it synchronizes its clock with an external time source, you don't want the time synchronization service enabled because the time the PDC FSMO receives from the external time source should be definitive. You should disable Hyper-V’s time synchronization, as shown here:

Also, if your virtual machines (VMs) are domain members, you should disable time synchronization for those VMs and disable time synchronization for all other domain controllers. The standard domain time synchronization processes will keep time synchronized on the VMs

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.