某个客户新搭建了域控后不久发现客户端时间异常,于是帮他们配置了PDC的NTP Server。
操作很简单,但有些小细节可以注意。
https://learn.microsoft.com/en-us/services-hub/health/remediation-steps-ad/configure-the-root-pdc-with-an-authoritative-time-source-and-avoid-widespread-time-skew
通常情况下,在域环境下,PDC主机就是权威时间服务器,它就是一台NTP Server。
域内的所有服务器和电脑默认都是从PDC处获取时间来源。而PDC默认是从服务器主板处获取时间,没有一个更好的同步源,这样时间长了,可能PDC的时间就会不正确,而PDC的时间不正确会引起局域网内所有电脑的时间的异常。
所以我们需要手动设置PDC去同步外网的权威时间服务器,而这样的服务器在每个地区都有很多。
#NTP服务器地址:
https://dns.iui.im/ntp/#hktw
#需要用到的命令:
w32tm 这个命令需要开启"Windows Time"的服务。
w32tm /query /source 查询时间同步源
w32tm /query /peers 查询时间同步服务器及相关情报
w32tm /resync 手动与时间服务器同步时间
net stop w32time & net start w32time 重置windows time 服务
NTP Server列表见上面链接,本文用ntp1.aliyun.com为例。
步骤如下:
在域客户端测试(需要管理员权限):
在PDC上运行同样的命令:
可以看到,域客户端获取时间就是从PDC主机。而默认PDC主机没有NTPServer。
W32TM:
在PS中输入如下命令:
w32tm /config /update /manualpeerlist:"ntp1.aliyun.com,0x8 ntp2.aliyun.com,0x8" /syncfromflags:manual /reliable:Yes
net stop w32time
net start w32time
write-host "`n"
write-host "`n"
write-host "------------RESYNC------------"
w32tm /resync
write-host "`n"
write-host "`n"
write-host "`n"
write-host "`n"
write-host "------------Source------------"
w32tm /query /source
#if the server is unavaiable or out of touch(may be dns forwarders not configured),you may see "Local CMOS Clock" instead of the defined NTP Servers.
write-host "`n"
write-host "`n"
write-host "`n"
write-host "`n"
write-host "------------Peers------------"
w32tm /query /peers
write-host "`n"
write-host "`n"
write-host "`n"
write-host "`n"
Write-host "------------Configuration------------"
w32tm /query /configuration
注意PDC,DNS转发器要配置好。
然后w32tm /query /source那一步如果网络不可达或无法解析,还会显示Local 之类的。
“ntp1.aliyun.com,0x8”,这里的0x8是推荐配置。两个地址中间用空格,不能像一般的用”,”,这群人根本没试过。
结果:
------------Source------------
ntp1.aliyun.com,0x8
------------Peers------------
#Peers: 2
Peer: ntp1.aliyun.com,0x8
State: Active
Time Remaining: 63.8871968s
Mode: 3 (Client)
Stratum: 2 (secondary reference - syncd by (S)NTP)
PeerPoll Interval: 6 (64s)
HostPoll Interval: 6 (64s)
Peer: ntp2.aliyun.com
State: Active
Time Remaining: 63.9030281s
Mode: 1 (Symmetric Active)
Stratum: 2 (secondary reference - syncd by (S)NTP)
PeerPoll Interval: 6 (64s)
HostPoll Interval: 6 (64s)
------------Configuration------------
[Configuration]
EventLogFlags: 2 (Local)
AnnounceFlags: 5 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 6 (Local)
MaxPollInterval: 10 (Local)
MaxNegPhaseCorrection: 172800 (Local)
MaxPosPhaseCorrection: 172800 (Local)
MaxAllowedPhaseOffset: 300 (Local)
FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 7 (Local)
UpdateInterval: 100 (Local)
[TimeProviders]
NtpClient (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
AllowNonstandardModeCombinations: 1 (Local)
ResolvePeerBackoffMinutes: 15 (Local)
ResolvePeerBackoffMaxTimes: 7 (Local)
CompatibilityFlags: 2147483648 (Local)
EventLogFlags: 1 (Local)
LargeSampleSkew: 3 (Local)
SpecialPollInterval: 1024 (Local)
Type: NTP (Local)
NtpServer: ntp1.aliyun.com,0x8 ntp2.aliyun.com (Local)
NtpServer (Local)
DllName: C:\Windows\system32\w32time.dll (Local)
Enabled: 1 (Local)
InputProvider: 0 (Local)
AllowNonstandardModeCombinations: 1 (Local)
VMICTimeProvider (Local)
DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
Enabled: 1 (Local)
InputProvider: 1 (Local)
如果配置了两个地址,Peers应该是两个而不是一个。
如果想重新设置,可以用这个命令恢复默认状态。
#恢复初始
在PS内运行:
net stop w32time
w32tm /unregister
w32tm /register
net start w32time
w32tm /query /source
#if the server is unavaiable or out of touch(may be dns forwarders not configured),you may see "Local CMOS Clock" instead of the defined NTP Servers.
write-host "`n"
write-host "`n"
write-host "`n"
write-host "`n"
write-host "------------Peers------------"
w32tm /query /peers
write-host "`n"
write-host "`n"
write-host "`n"
write-host "`n"
Write-host "------------Configuration------------"
w32tm /query /configuration
