When you set a VM property to "Synchronize guest time with host" and it's a VM that is joined to an AD Domain, which setting takes precedence? The VM setting or the built in policy when joined to a domain that forces time synch?
My thought is the Domain policy does but that's just my SWAG.
Thanks
Best practice is to uncheck the tick box for "Synchronize guest time with host". Having that box checked and using time sync from the domain hierarchy could lead to undesirable results. Choose one or the other. Also keep in mind that even when the box is unchecked, the VM will still set the GOS time to that of the underlying ESXi host under certain conditions (suspend, snapshot, vMotion, etc.). As such, ensure that the ESXi hosts have healthy NTP configurations.
Hello,
I would like to recommend you to check carefully this vmware's kb:
VMware KB: Timekeeping best practices for Windows, including NTP
Best regards,
Pablo
>> Best practice is to uncheck the tick box for "Synchronize guest time with host". Having that box checked and using time sync from the domain hierarchy could lead to undesirable results. Choose one or the other. Also keep in mind that even when the box is unchecked, the VM will still set the GOS time to that of the underlying ESXi host under certain conditions (suspend, snapshot, vMotion, etc.). As such, ensure that the ESXi hosts have healthy NTP configurations.
I slightly differ from this opinion.
Note : Particularly if you have virtualized your Active Directory(or any application that is time sensitive), the above steps are an absolute must, failing to do so may cause all of your authentication to fail when the AD VM has incorrect time.