24.4 Zeitserver
Der erste Domänencontroller, der in einer neuen Gesamtstruktur von Domänen erstellt wird, fungiert standardmäßig als Zeitserver für die anderen Server, während sich Clients mit Windows XP Professional automatisch bei der Anmeldung an einem Domänencontroller die aktuelle Zeit von diesem Domänencontroller abholen. Der Knowledge-Base-Artikel 216734 »How to Configure an Authoritative Time Server in Windows 2000« erklärt, wie die Clients und die Server in einem Active-Directory-Forest die interne Zeit synchronisieren:
»Windows-based computers use the following hierarchy by default:
All client desktop computers nominate the authenticating domain controller as their in-bound time partner.
All member servers follow the same process as client desktop computers.
Domain controllers may nominate the primary domain controller (PDC) operations master as their in-bound time partner but may use a parent domain controller based on stratum numbering.
All PDC operations masters follow the hierarchy of domains in the selection of their in-bound time partner.
Following this hierarchy, the PDC operations master at the root of the forest becomes authoritative for the organization, and you should configure the PDC operations master to gather the time from an external source. This is logged in the System event log on the computer as event ID 62. Administrators can configure the Time service on the PDC operations master at the root of the forest to recognize an external Simple Network Time Protocol (SNTP) time server as authoritative by using the following »net time« command, where »server_list« is the server list: net time /setsntp:server_list
After you set the SNTP time server as authoritative, run the following command on a computer other than the domain controller to reset the local computer's time against the authoritative time server: net time /set
SNTP defaults to using User Datagram Protocol (UDP) port 123. If this port is not open to the Internet, you cannot synchronize your server to Internet SNTP servers.
NOTE: Administrators can also configure an internal time server as authoritative by using the »net time« command. If the administrator directs the command to the operations master, it may be necessary to reboot the server for the changes to take effect.
For additional information, see the following Microsoft white paper: The Windows Time Service
http://www.microsoft.com/windows2000/docs/wintimeserv.doc«
Im Whitepaper »The Windows Time Service« finden Sie folgende Aussagen:
»The Net Time tool allows you to designate an external time source. It is important to note that even though the net time /? command returns a syntax that specifies that an »NTP List« can be designated, it is highly recommended that you only list one DNS name or IP address at a time. W32Time only recognizes the first DNS name or IP address listed and listing more than one might return an error.
To designate an external time source
At the command prompt, type:
net time /setsntp:DNSName – or – net time /setsntp:IPAddress
Many sites exist throughout the world that can be used for time synchronization. To find them, run a search for ›time synchronization‹ on the Internet.
Currently, no time protocols in Windows 2000 work across forests and require that forests be in sync. However, PDC emulators in separate, independent forests need to be synchronized with the same globally correct time in order to provide for accurate time stamping on e-mail, log files, etc. …
Is it necessary to synchronize time across forests?
Currently, no time protocols in Windows 2000 work across forests and require that forests be in sync. However, PDC emulators in separate, independent forests need to be synchronized with the same globally correct time in order to provide for accurate time stamping on e-mail, log files, etc.
Can a time server be run on any computer?
You can designate any computer as a time server by changing the value of the LocalNTP entry in the registry from 0 to 1. All registry entries for the Windows Time Service are in the HKEY LOCAL MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters subkey. See Table 6 earlier in this article for a complete list of all registry entries associated with W32Time.
It is important to note that the automatic discovery mechanism in the time service client never chooses a computer that is not a domain controller. Clients must be manually configured to use any server that is not a domain controller.«
|
Sie müssen also am Domänencontroller der Stammdomäne den Befehl net time /setsntp:DNSName bzw. den Befehl net time /setsntp:IPAddress absetzen.
|
Das Freeware-Tool NetTime hilft Ihnen, Zeitserver im Internet zu finden. Deren DNS-Namen bzw. IP-Adresse können Sie dann im obigen Befehl einsetzen. Folgende Zeitserver können Sie z.B. im deutschsprachigen Raum nutzen:
| ntp0.fau.de
|
ntp1.fau.de
|
| ntp2.fau.de
|
ntps1 – 0.cs.tu-berlin.de
|
| ntps1 – 1.cs.tu.berlin.de
|
ptbtime1.ptb.de
|
| ptbtime2.ptb.de
|
rustime01.rus.uni-stuttgart.de
|
| swisstime.ethz.ch
|
ntp0.nl.net
|
Auf der Buch-DVD finden Sie im Verzeichnis Active Directory\Time Service weitere Artikel zum Thema Zeitdienst.
|
