Domain controller deployment in a virtualized environment, there are a number of issues that you should be aware of, but a small problem is often overlooked, but it is very important. The domain controller is deployed in the ESX/ESXI environment, it is best to configure the NTP clock server, and this clock server is preferably not a virtual host in ESXi. There are two ways to configure a time server, the first is to configure an NTP time server for the entire virtual machine environment above the ESX/ESXI, even if the clock server is configured, we should pay much attention to the time change of the PDC, in fact, the second approach is better. Configure the time server for the host of the domain controller PDC role, using the command line to execute, assuming that the timesheet server is 10.10.21.100, configure the command as follows: w32tm/config/manualpeerlist:10.10.21.100/ Syncfromflags:manual/reliable:yes/update, by default, domain members synchronize time with domain controllers, and we no longer have to force clients to perform time synchronization policies.