recently, found that the company domain member user time and the domain server time is not synchronized, to achieve: 1, the domain member server and intra-domain client and domain NTP server synchronization, 2, the domain NTP server as the client and the external NTP server synchronization ( configure Windows Time service to use an external time source ).
Workaround
1. On the domain controller side where the PDC role resides, open PowerShell and enter the following command
W32tm/config/manualpeerlist: "cn.pool.ntp.org tw.pool.ntp.org"/syncfromflags:manual/reliable:yes/update One/M Anualpeerlist represents the list of external time source servers, separated by spaces between multiple servers, cn.pool.ntp.org and tw.pool.ntp.org are NTP time servers ;/syncfromflags: Manual indicates synchronization with the server in the specified external time source server list;/reliable:yes set this computer to be a reliable time source;/update notifies the time service to configure changed notifications for the changes to take effect
net stop W32Time shutdown W32Time service
net start W32Time start W32Time service
W32tm/resync manual synchronization with external time source servers
W32tm/query/status Synchronizing time Server Status
W32tm/query/source Query Time synchronization source
W32tm/query/peers query time synchronization server and related information
2, NTP time server (pro-Test available):
cn.pool.ntp.org
1.cn.pool.ntp.org
2.cn.pool.ntp.org
3.cn.pool.ntp.org
3. Adjust the registration form
Select Start Run, type regedit, and then select OK. Open the registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters, which displays the NtpServer value of " Cn.pool.ntp.org tw.pool.ntp.org ", Type value is NTP
Open the registry subkey in turn: Hkey_local_machine\system\currentcontrolset\services\w32time\config. Set AnnounceFlags to 5.
Enable NTPServer. Open the registry subkey in turn: Hkey_local_machine\system\currentcontrolset\services\w32time\timeproviders\ntpserver, with the Enabled value of 1
Set the synchronization interval, and then open the registry hkey_local_machine\system\currentcontrolset\services\w32time\timeproviders\ntpclient\ SpecialPollInterval, the value of SpecialPollInterval is a decimal 604800 (i.e. 604,800 seconds, 1 days)
4. Configure Group Policy to set the time synchronization between domain members and the PDC server
In Group Policy Management, select: Computer Configuration-Policy-windows Settings-security settings-system services, configure domain client automatic automatic Windows Time service
In Group Policy Management, select Right-click on Default Domain Policy and edit. Select: Computer Configuration-Administrative Templates-system-windows Time service
Double-click Global Time Configuration and select Enabled. The value of the modified MaxNegPhaseCorrection is 3600 (that is, 3,600 seconds, 1 hours), the value of the modified maxposphasecorrection is 3600 (i.e. 3,600 seconds, 1 hours), the value of the modified AnnounceFlags is 5; Apply, OK.
Enable the Windows NTP customer order, select enabled, click Apply, OK.
Do not "Configure Windows NTP clients" for GPOs on the OU where the domain control (PDC) resides. Use the system default setting of "Not Configured" status.
Close W32Time and restart W32Time for the policy to take effect
5, configure the client and server-side time synchronization, and verify
Update Domain Policy Gpupdate/force
Synchronize with NTP server time in the domain and verify the NTP synchronization source
Modify the client local time within the domain, and after 17 minutes, the service time is automatically updated and synchronized.
At this point, complete the overall domain environment NTP server deployment work, 1, the client and the domain NTP server synchronization work, 2, to achieve the domain controller time and the external network NTP server time synchronization.
Windows server, NTP configuration, enables member server and client time synchronization with domain controller time