Shulou(Shulou.com)06/02 Report--

I. steps

1.1 configuration modification

1) as shown in the following figure, use the command netdom query fsmo to view the PDC hosts in the domain, which is currently thdc01.

2) check that the time sources controlled by other domains are all PDC hosts, as shown in the following figure, so the time sources controlled by other domains do not need to be modified; otherwise, you need to execute the command: w32tm / config / syncfromflags:domhier / reliable:no / update, and configure the time sources controlled by other domains.

3) then log in to thdc01 and use the command w32tm / query / configuration to check whether the domain control is NTPServer;. In Ntpserver, the value of "Enabled" is "1", which means that the current domain control is a NTP server. If the value is "0", you need to change the "Enabled" value to "1" in the following location in the registry: HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ W32Time\ TimeProviders\ NtpServer.

4) use the command w32tm / query / status to check the time source of the PDC host as follows. We can see that the time source of the current PDC host is the system clock. We need to change it to a reliable external NTP server, but the NTP protocol uses UDP 123.Therefore, we must ensure the inbound and outbound traffic on this port to ensure the normal operation of the windows time service.

5) We can search many NTP servers commonly used in China. For example, here we choose the following NTP server: ntp.neu.edu.cn; first uses the Ping command on the PDC server to test the normal network with the server, as shown in the following figure

6) then execute the command on the PDC host: w32tm / config / manualpeerlist:ntp.neu.edu.cn / syncfromflags:manual / reliable:yes / update, and set the time source of the PDC host to the NTP server, as shown in the following figure

7) modify the registry of the PDC host to change the type value under HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ services\ W32Time\ Parameters to "NTP" (NTP means that the client synchronizes time from an external time source); change the announcements value under HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ services\ W32Time\ Config to 5 in hexadecimal (or 5 in decimal), as shown in the following figure

8) then restart the time service by executing the following command, as shown in the following figure:

W32tm / config / update

Net stop w32time & & Net start w32time

W32tm / resync

1.2 check confirmation

1) after the configuration is completed, use the command w32tm / query / status to view the time source of the PDC server, as shown in the following figure. The configuration is successful.

2) check the registry values of other domain controls, where "NT5DS" indicates time synchronization through the domain hierarchy (domain hierarchy), as shown in the following figure

[HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ W32Time\ Parameters]-"Type" = "NT5DS"

* [HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ W32Time\ Config]-"AnnounceFlags" = dword:0000000a

[HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ W32Time\ Parameters]-"NtpServer" = "time.windows.com,0x9"

3) for more details on the meaning of registry keys, please refer to the following link: https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-ds/get-started/windows-time-service/windows-time-service-tools-and-settings

4) check again that the time sources controlled by other domains are all thdc01 (that is, PDC hosts), as shown below

5) if the configuration of a server is modified during the check, in order for the change to take effect as soon as possible, you can execute the following command in turn:

W32tm / config / update

Net stop w32time & & Net start w32time

W32tm / resync

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.