Time in windows domain is crucial. 5 minutes different between server and client will not allowed client to login to the computer, subsequently all authentication and encryption might just failed. by default, all domain joined client will get their time from Domain controller. If your domain controller is virtualized, strongly suggest you don’t use any hypervisor tool(VMWare tool or HyperV integration tool) to sync time between domain controller and the hypervisor hosts. Time syncing option must unchecked.
To configure the domain controller to sync with external time source.
- Login to primary domain controller
- Start cmd or powershell with administrator privilege
- Execute to command as below,
# w32tm.exe /config /manualpeerlist:”0.us.pool.ntp.org 1.us.pool.ntp.org 2.us.pool.ntp.org.us.pool.ntp.org” /syncfromflags:manual /reliable:YES /update
- run the command to update,
# w32tm.exe /config /update - Restart windows time service
(For Powershell)
# Restart-Service w32time
(For CMD)
# net stop w32time
# net start w32time
Notes: You can find the closest time server near you by browsing the following page and clicking on the nearest zone:!http://www.pool.ntp.org/zone/@
That’s all !
if you have any domain member, you can either wait until the next synchronization or restart w32time service to sync time with domain controller.
No comments:
Post a Comment