Time sync is critical in today’s networks. Experiencing time drift across devices can cause authentication breakdowns, reporting miscalculations, and wreak havoc on interconnected systems.
This article shows a demo management pack to monitor for time sync across your Windows devices.
The basic idea was – to monitor all systems and compare their local time, against a target reference time server, using W32Time.
Here is the command from the PowerShell:
$cmd = w32tm /stripchart /computer:$RefServer /dataonly /samples:$Samples
The script will take two parameters, the reference server and the threshold for how much time drift is allowed. Next, we will put the script into a Probe action, which will be called by a Datasource with a scheduler. The reason we want to break this out, is because we want to “share” this datasource between a monitor and rule. The monitor will monitor for the time skew, while the rule will collect the skew as a perf counter, so we can monitor for trends in the environment.
So the key components of the MP are the DS, the PA (containing the script), the MonitorType and the Monitor, the Perf collection rule, and some views to show this off:
One VERY IMPORTANT concept – if you change anything – you must make identical overrides on BOTH the monitor and the rule, otherwise you will break cookdown, and result in the script running twice for each interval. So be sure to set the IntervalSeconds, RefServer, and Threshold the same on both the monitor and the rule. If you want the monitor to run much more frequently than the default once an hour, that’s fine, but you might not want the perf data collected more than once per hour, so while that will break cookdown, it only breaks once per hour, which is probably less of an impact than overcollecting performance data.
From here, you could add in a recovery to force a resync of w32time if you wanted, or add in additional alert rules for w32time events.