tailieunhanh - Active Directory Cookbook for windows server 2003- P8
Active Directory Cookbook for windows server 2003- P8:If you are familiar with the O'Reilly Cookbook format that can be seen in other popular books, such as the Perl Cookbook, Java Cookbook, and DNS and BIND Cookbook, then the layout of this book will not be anything new to you. The book is composed of 18 chapters, each containing 10-30 recipes for performing a specific Active Directory task. Within each recipe are four sections: problem, solution, discussion, and see also. | HKLM strTimeServerReg type NTP strCurrentServer HKLM strTimeServerReg ntpserver strCurrentServer New Value strCurrentServer Restart Time Service set objService GetObject winmgmts strPDC root cimv2 Win32 Service W32Time Stopping 2000 Sleep for 2 seconds to give service time to stop Starting Discussion You need to set a reliable time source on the PDC Emulator FSMO for only the forest root domain. All other domain controllers sync their time either from that server or from a PDC or designated time server within their own domain. The list of external time servers is stored in the registry under the W32Time Service registry key in the following location HKLM SYSTEM CurrentControlSet Services W32Time Parameters ntpserver. If you want a domain controller such as the PDC to use an external time source you have to set the ntpserver registry value along with the type value. The default value for type on a domain controller is Nt5DS which means that the domain controller will use the Active Directory domain hierarchy to find a time source. You can override this behavior and have a domain controller contact a non-DC time source by setting type to ntp. In the CLI example the setsntp switch automatically sets the type value to ntp. In the VBScript solution I had to set it in the code. After setting the time server the W32Time service should be restarted for the change to take effect. You can check that the server was set properly by running the following command net time querysntp Since the PDC Emulator is the time source for the other domain controllers you should also make sure that it is advertising the time service which you can do with the following command nltest server DomainControllerName dsgetdc DomainDNSName TIMESERV See Also MS KB 216734 How to Configure an Authoritative Time .
đang nạp các trang xem trước