Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Changing the date/time on Windows 2003 member server!

Posted on 2004-09-06
8
Medium Priority
?
309 Views
Last Modified: 2010-04-19
Hello,

I am currently designing a 2003 Active Directory infrastructure and I have the following potential issue.

I will have some member servers in the Domain that will run SQL and other apps that Testers\Developers will want me to change the time and date on, to test triggered date and time events.

As far as I understand the time on a member server is synchronised with a DC and each DC is sync'd with the PDC emulator.

I believe that the Windows Time Service (W32Time) can be stopped on a server to prevent a it synchronising its time.  However I am worried this will cause problems as kerberos works on a time being correct.

My question is:-

If I change the date and time on member (with SQL), without changing the rest of the domain will it still be able to service requests from clients with the correct time?

Thanks
0
Comment
Question by:gnfreeman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 23

Expert Comment

by:rhandels
ID: 11989137
Hi,

My two cents.. If this is a production server, don't change the time. I do know that syncing the AD will go wrong and a lot of other stuff also goes wrong. I do beleive there must be a time differnce of a maximum of 10 minutes, else sync doesn't work. So my guess is that it won't work, servicing request.

0
 

Author Comment

by:gnfreeman
ID: 11989153
If that is the case I would need a seperate forest/domain for a Test/Dev environment?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 11989244
I always isolate test/development environments from the main network - usually as far as firewalling it off from production. I don't trust developers and will not allow them to change anything as key as the time on a production domain.

You are looking at two solutions.

1. Physical seperate test/development domain.
2. Virtual test/development domain - using something like VMWARE.

Remember that these two domains cannot have a trust either - as the time difference will also break that.

Simon.
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 23

Expert Comment

by:rhandels
ID: 11989266
I Agree with SImon about the test domain... Always try to have one, it's very important. specially if something fails..
0
 

Author Comment

by:gnfreeman
ID: 11989270
Your comments are much appreciated.
Is the date/time issue definately a problem with the trusts as well?
0
 
LVL 23

Expert Comment

by:rhandels
ID: 11989288
I'm not quite sure, maybe Simon is aware of this problem. Only thing i know is not to do this within a working environment...
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 600 total points
ID: 11989428
I believe trusts use Keberos authentication, which means if the time is out by more than five minutes the trusts break.
I have been there and seen it with my own eyes. Get the clocks in sync and everything is fine.

Simon.
0
 
LVL 23

Accepted Solution

by:
rhandels earned 900 total points
ID: 11989478
>>I believe trusts use Keberos authentication<<

If you use 2003 with forest trust or two way trusts, i'm 100% sure it uses Kerberos authentication.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question