Windows 7或是Windows 2008R2在加入網域之後，可能會看到以下的錯誤訊息：

Windows is not genuine
Your computer might not be running a counterfeit copy of Windows.
0x80070005

當您嚐試使用slmgr命令來取得啟動資訊的時候，您可能會看到0x800A0046的錯誤訊息

發生這個問題的主要原因是由於GPO中， Plug and Play 服務上面並沒有設定好正確的權限

解決方案：
1.取消這個Policy的設定：
在DC上，開啟GPMC，並且找到要編輯的Policy，找到以下的Policy: [電腦設定]->[Windows 設定]->[安全性設定]->[系統服務]->[Plug and Play]，點選[內容]後直接設定為[尚未設定]

2.如果您希望繼續保留這個原則的控制，請您在Policy中加入正確的權限：

請您新增 SERVICE 這個帳號，並且提供以下的權限：
查詢範本
查詢狀態
列舉依存
質詢
使用者定義控制
讀取權限

重新套用Policy之後即可解決問題。
關於服務啟動需要的權限設定，請參考以下網頁：

Service Security and Access Rights
http://msdn.microsoft.com/en-us/library/ms685981(VS.85).aspx

Windows Svr 2008 伺服器管理員角色及功能無法開啟：
Found errors - Cannot open an anonymous level security token. (Exception from HRESULT: 0x80070543)

此時點選新增角色,會出現以下error

說明與方法：

Followed a lead and checked the DCOM permissions on the server.

Enter the Dcomcnfg to open the Components Service  console from Run
Under Default Properties tab - Checked Enable DCOM on this computer.
Under this seleceted Default Authentication Level to Connect.
Under Default Impersonation Level set it to Identify.
Stopped and restarted the MSDTC service.

說明與方法:

From the information collected, it appears the cause of your issue is that some entries under registry key HKLM\SOFTWARE\Microsoft\ADs\Providers are corrupt. Please allow me to share my findings first:

解決方法:

Import HKLM\SOFTWARE\Microsoft\ADs\Providers from a good Win2003 machine.

This is by design.

Windows 2000 SP4-based virtual machine only support IDE controller.

958667    Error message when you add a SCSI controller to a Windows 2000 SP4-based virtual machine in Hyper-V Manager on server that is running Windows Server 2008: "STOP c0000263"
<http://support.microsoft.com/kb/958667/en-us>

用net time 指令是否可做為確認自已是找誰做時間同步的依據?

Net time has nothing to do with W32time. It uses RPC to set the local time to be the same as a remote DC, which is returned by dsgetdsname. So net time should be not used to sync time domain wide.

釐清與資料提供︰
1. 釐清並建議不要使用NET TIME 指令來做為判定時間同步的依據，因為該指令所返回的DC是隨機產生的，並不固定。

2. Windows 時間同步的基本操作:
http://support.microsoft.com/?id=224799

Time Convergence Hierarchy
===========================
a. All client desktops select an authenticating domain controller (the domain controller returned by DSGetDCName()) as their time source. If this domain controller becomes unavailable, the client re-issues its request for a domain controller.

b. All member servers follow the same process.

c. All domain controllers in a domain make 3 queries for a DC:

- a reliable time service (preferred) in the parent domain,

- a reliable time service (required) in the current domain,

- the PDC of the current domain. It will select one of these returned DCs as a time source.

The PDC FSMO at the root of the forest is authoritative, and can be manually set to synchronize with an outside time source (such as the United States Naval Observatory).
===========================

3. 在AD Doamin中, 時間同步運作原理:
網域上的工作站以及成員伺服器會向提供認證的 DC 同步時間以及日期，而網域中的每一台 DC 會向該網域中持有 PDC Emulator 這個 FSMO 角色的伺服器進行時間同步。而網域中的 PDC Emulator 會向 Forest 中的根網域 PDC Emulator 進行時間同步。最後，根域中的 PDC Emulator 可與外界的時間伺服器(External NTP Time Server)對時。

4. 對於troubleshooting time server 問題, 我們可以啟用W32time debug log:
(1) Enable W32time debug logging on new DC and root DC:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;816043

(2) On new DC, ensure there is no group policy defined already. This will affect the setting of registry.

Open gpedit.msc, expand Computer Configuration --> Administative Templates --> System --> Windows Time Service, remove any settings there or under the subfolders.

(3) Restart W32time service.

net stop w32time && start w32time

參考資訊連結︰
How Windows Time Service Works
http://technet.microsoft.com/en-us/library/cc773013(WS.10).aspx